Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My start menu is empty, not able to download anything

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My start menu is empty, not able to download anything

Unread postby suebart4 » March 15th, 2012, 1:37 am

Hi! I must first apologize since this is my second post on this issue, as I missed the three day deadline... :(
Something is still wreaking havok on my computer, causing me to be unable to launch any downloads or open most of my programs (specifically microsoft word/picture viewer) unless I am in safe mode. All of my programs have disappeared from my start menu as well. This began a few weeks ago with a sudden barrage of security pop ups saying I had was infected by multiple malware programs. The helper I had previously (not sure if I will have the same one again) had me run the following programs: Malwarebytes, combofix, Mbam, rkill, tdsskiller, unhide, FixNCR, and aswMBR. I have the logs from each of these. Thanks for taking the time to help me again. I know your time is valuable, and this is much appreciated.

Thanks, Sue
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Sue at 0:07:24 on 2012-03-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4010.2598 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\System32\snmp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{48A4FDCF-F348-4A13-865C-79A64A0055B3} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{909D17C3-63B3-4790-A95C-F221AD9B7238} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{909D17C3-63B3-4790-A95C-F221AD9B7238}\0796C6C6F677 : DhcpNameServer = 192.168.1.2 208.180.42.100 208.180.42.68
TCP: Interfaces\{909D17C3-63B3-4790-A95C-F221AD9B7238}\245727765627B496E676 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{909D17C3-63B3-4790-A95C-F221AD9B7238}\75169707F62747F5143636563737 : DhcpNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{909D17C3-63B3-4790-A95C-F221AD9B7238}\C4942425142595 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{909D17C3-63B3-4790-A95C-F221AD9B7238}\C4962627162797 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{909D17C3-63B3-4790-A95C-F221AD9B7238}\C696E6B6379737 : DhcpNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 64952]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-6-3 98208]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe [2011-6-3 151552]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2010-12-17 53920]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-9 652360]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-6-3 1692480]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-6-3 2656280]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-19 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AthDfu;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-19 136176]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-15 03:27:17 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4DA28007-B335-4AA6-B214-7BE5C91DFA17}\mpengine.dll
2012-03-11 20:53:30 -------- d-----w- C:\Program Files (x86)\Youtube Converter
2012-03-07 23:27:27 -------- d-----w- C:\Users\Sue\AppData\Roaming\Malwarebytes
2012-03-07 23:27:20 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-07 23:27:20 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-07 23:27:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-04 00:58:54 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-01 20:58:38 98816 ----a-w- C:\Windows\sed.exe
2012-03-01 20:58:38 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-01 20:58:38 256000 ----a-w- C:\Windows\PEV.exe
2012-03-01 20:58:38 208896 ----a-w- C:\Windows\MBR.exe
2012-02-26 21:33:15 -------- d-----w- C:\Users\Sue\AppData\Local\{DB2174B4-B694-4CEF-BB05-BC052BE17FD8}
2012-02-26 21:33:15 -------- d-----w- C:\Users\Sue\AppData\Local\{7E7FC3DA-F45E-4B55-AE1D-15DC51367864}
2012-02-26 14:42:43 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-02-26 14:42:30 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-02-26 14:42:15 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-02-26 14:42:07 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-26 06:19:01 8643640 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2012-02-23 05:02:54 -------- d-----w- C:\Users\Sue\AppData\Local\Amazon
2012-02-23 04:29:37 -------- d-----w- C:\Users\Sue\AppData\Roaming\SpeedyPC Software
2012-02-23 04:29:37 -------- d-----w- C:\Users\Sue\AppData\Roaming\DriverCure
2012-02-23 04:29:28 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software
2012-02-23 04:29:26 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-02-23 04:29:26 -------- d-----w- C:\Program Files (x86)\SpeedyPC Software
2012-02-23 04:17:28 -------- d-----w- C:\Users\Sue\AppData\Roaming\PCPro
2012-02-23 04:17:28 -------- d-----w- C:\Users\Sue\AppData\Roaming\PC Cleaners
2012-02-23 04:17:20 -------- d-----w- C:\ProgramData\PC1Data
2012-02-21 00:49:25 -------- d-----w- C:\Program Files\Common Files\McAfee
2012-02-21 00:49:24 -------- d-----w- C:\Program Files\McAfee.com
2012-02-21 00:49:24 -------- d-----w- C:\Program Files\McAfee
2012-02-21 00:49:21 -------- d-----w- C:\Program Files (x86)\McAfee
2012-02-21 00:35:08 161168 ----a-w- C:\Windows\System32\mfevtps.exe
2012-02-15 03:37:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 03:37:20 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 03:37:19 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 03:37:19 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 03:37:19 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 03:37:18 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 03:37:13 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 03:37:13 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-15 03:32:44 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-02-15 00:30:37 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
.
==================== Find3M ====================
.
2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-29 05:09:37 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2012-01-29 05:09:36 770912 ----a-w- C:\Windows\SysWow64\Msfdbqp.dll
2012-01-29 05:09:36 511328 ----a-w- C:\Windows\SysWow64\Synchronization2.dll
2012-01-29 05:09:36 397152 ----a-w- C:\Windows\SysWow64\Msfdbse.dll
2012-01-29 05:09:36 253280 ----a-w- C:\Windows\SysWow64\MetaStore2.dll
2012-01-29 05:09:36 230240 ----a-w- C:\Windows\SysWow64\Msfdb.dll
2012-01-29 05:09:36 189792 ----a-w- C:\Windows\SysWow64\SimpleProviders2.dll
2012-01-29 05:09:36 171360 ----a-w- C:\Windows\SysWow64\FileSyncProvider2.dll
2012-01-29 05:09:36 156512 ----a-w- C:\Windows\SysWow64\FeedSync2.dll
2012-01-29 01:35:20 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-01-29 01:35:20 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-01-28 00:56:06 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 0:07:59.66 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/14/2011 5:43:23 PM
System Uptime: 3/14/2012 11:42:56 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 05TM8C
Processor: Intel(R) Pentium(R) CPU B940 @ 2.00GHz | CPU | 2000/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 229.722 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&0001000F_PID&0000\8&EB00920&0&8C71F8204341_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&0001000F_PID&0000\8&EB00920&0&8C71F8204341_C00000000
Service:
.
==== System Restore Points ===================
.
RP48: 2/20/2012 6:29:20 PM - Windows Defender Checkpoint
RP49: 2/24/2012 6:41:47 PM - Restore Operation
RP50: 2/26/2012 12:18:21 AM - Windows Update
RP51: 2/26/2012 12:29:19 AM - Restore Operation
RP52: 2/26/2012 8:34:52 AM - Windows Update
RP53: 2/26/2012 8:45:39 AM - Configured Microsoft Office Home and Student 2010
RP54: 2/26/2012 8:50:07 AM - Windows Modules Installer
RP55: 3/3/2012 7:01:11 PM - New Restore Point
RP56: 3/7/2012 5:06:58 PM - Windows Update
RP57: 3/14/2012 10:26:25 PM - Windows Update
RP58: 3/14/2012 11:39:49 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 9
Adobe Photoshop.com Inspiration Browser
Adobe Reader X (10.1.1) MUI
Advanced Audio FX Engine
Amazon MP3 Downloader 1.0.15
Apple Application Support
Apple Software Update
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Cozi
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell Marketplace Webslice IE8
Dell MusicStage
Dell PhotoStage
Dell Product Registration
Dell Stage
Dell Stage Remote
Dell VideoStage
Dell Webcam Central
Dell WLAN and Bluetooth Client Installation
DirectX 9 Runtime
eBay
Elements 9 Organizer
Elements STI Installer
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Internet Explorer
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
Kies mini
Malwarebytes Anti-Malware version 1.60.1.1000
Mesh Runtime
Microsoft Default Manager
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PhotoShowExpress
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Skype Toolbars
Skype™ 4.2
Sonic CinePlayer Decoder Pack
The Weather Channel Desktop 6
TrustedID
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Youtube Converter 0.2.1.91
.
==== Event Viewer Messages From Past Week ========
.
3/9/2012 4:38:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.121.1200.0).
3/14/2012 11:44:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
3/14/2012 11:44:33 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147024891
3/14/2012 11:43:50 PM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
3/14/2012 11:42:38 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
3/14/2012 11:42:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8000ffff: Update for Windows 7 for x64-based Systems (KB2639308).
3/14/2012 11:40:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8000ffff: Update Rollup for ActiveX Killbits for Windows 7 for x64-based Systems (KB2647518).
3/14/2012 11:35:29 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
3/14/2012 11:27:11 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
3/14/2012 11:27:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/14/2012 11:27:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/14/2012 11:27:04 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/14/2012 11:27:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/14/2012 11:26:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/14/2012 11:25:10 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
3/14/2012 11:23:52 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/14/2012 11:23:52 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
3/14/2012 11:23:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
3/14/2012 10:33:24 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
3/11/2012 6:10:23 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
3/11/2012 5:46:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/11/2012 3:46:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
.
==== End Of File ===========================
suebart4
Regular Member
 
Posts: 21
Joined: February 26th, 2012, 4:53 pm

Re: My start menu is empty, not able to download anything

Unread postby Gary R » March 16th, 2012, 2:49 am

Please post the aswMBR log, in the meantime I'll look over the logs you posted in your previous topic.
User avatar
Gary R
Administrator
Administrator
 
Posts: 18579
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: My start menu is empty, not able to download anything

Unread postby suebart4 » March 16th, 2012, 8:34 pm

Thank you!

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-14 22:16:44
-----------------------------
22:16:44.264 OS Version: Windows x64 6.1.7601 Service Pack 1
22:16:44.264 Number of processors: 2 586 0x2A07
22:16:44.280 ComputerName: SUE-PC UserName: Sue
22:16:45.481 Initialize success
22:25:59.396 AVAST engine defs: 12031401
22:27:03.918 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:27:03.918 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
22:27:03.949 Disk 0 MBR read successfully
22:27:03.964 Disk 0 MBR scan
22:27:03.964 Disk 0 Windows VISTA default MBR code
22:27:03.980 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
22:27:04.167 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 208896
22:27:04.308 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290142 MB offset 30928896
22:27:04.822 Disk 0 scanning C:\Windows\system32\drivers
22:27:28.940 Service scanning
22:27:58.144 Modules scanning
22:27:58.160 Disk 0 trace - called modules:
22:27:58.207 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:27:58.722 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80064ba3b0]
22:27:58.722 3 CLASSPNP.SYS[fffff88001b8b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800468f050]
22:27:59.970 AVAST engine scan C:\Windows
22:28:04.182 AVAST engine scan C:\Windows\system32
22:31:57.209 AVAST engine scan C:\Windows\system32\drivers
22:32:10.674 AVAST engine scan C:\Users\Sue
22:51:16.675 AVAST engine scan C:\ProgramData
22:54:40.038 Scan finished successfully
23:21:59.815 Disk 0 MBR has been saved successfully to "C:\Users\Sue\Desktop\MBR.dat"
23:21:59.831 The log file has been saved successfully to "C:\Users\Sue\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-16 00:45:39
-----------------------------
00:45:39.842 OS Version: Windows x64 6.1.7601 Service Pack 1
00:45:39.842 Number of processors: 2 586 0x2A07
00:45:39.842 ComputerName: SUE-PC UserName: Sue
00:45:40.888 Initialize success
00:54:35.576 AVAST engine defs: 12031401
00:56:27.568 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:56:27.568 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
00:56:27.584 Disk 0 MBR read successfully
00:56:27.584 Disk 0 MBR scan
00:56:27.599 Disk 0 Windows VISTA default MBR code
00:56:27.599 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
00:56:27.615 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 208896
00:56:27.630 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290142 MB offset 30928896
00:56:27.662 Disk 0 scanning C:\Windows\system32\drivers
00:56:38.800 Service scanning
00:57:04.743 Modules scanning
00:57:04.759 Disk 0 trace - called modules:
00:57:04.790 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
00:57:04.805 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80064d6790]
00:57:04.821 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004694050]
00:57:05.773 AVAST engine scan C:\Windows
00:57:08.315 AVAST engine scan C:\Windows\system32
01:00:06.610 AVAST engine scan C:\Windows\system32\drivers
01:00:20.229 AVAST engine scan C:\Users\Sue
01:15:43.023 AVAST engine scan C:\ProgramData
01:21:29.009 Scan finished successfully
01:23:31.239 Disk 0 MBR has been saved successfully to "C:\Users\Sue\Desktop\MBR.dat"
01:23:31.270 The log file has been saved successfully to "C:\Users\Sue\Desktop\aswMBR.txt"
suebart4
Regular Member
 
Posts: 21
Joined: February 26th, 2012, 4:53 pm

Re: My start menu is empty, not able to download anything

Unread postby Gary R » March 17th, 2012, 2:30 am

From what I can see in the logs you've supplied so far, there is no longer an active infection on your computer, which means we're probably just dealing with the after effects of your infection, though rectifying them can sometimes be as challenging as removing the infection itself.

First let's see if we can find out why your programs won't run ....

Please download Junction.zip and save it to your desktop.
  • Right click Junction.zip and choose extract all...
  • When the Compressed Folders Extraction wizard opens, click Next
  • Click Browse
  • When the "select a destination" box opens, click My Computer > Local Disk (C:) > Windows > OK
  • Back at the Extraction Wizard, click Next.
  • Untick "Show Extracted Files" and click Finish
    • Click Start and type Run into the Search programs and files box, hit Enter.
    • Copy and paste the contents of the codebox below into the run box (Do Not include Code:).
    • Click OK:

Code: Select all
cmd /c junction -s c:\ >log.txt&log.txt&del log.txt


  • A command window will open and the system will be scanned. (Click Agree to the prompt)
  • Please be patient & wait untill a log file opens in notepad.
  • Copy and paste the contents of that file in your next reply please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 18579
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: My start menu is empty, not able to download anything

Unread postby suebart4 » March 18th, 2012, 1:29 am

Ok, this is what I got. Looks like alot of denials..


Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

\\?\c:\\Documents and Settings: JUNCTION
Print Name : C:\Users
Substitute Name: C:\Users


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\System Recovery: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...\\?\c:\\ProgramData\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\ProgramData\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\ProgramData\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\ProgramData\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\c:\\ProgramData\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\ProgramData\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates



...

...

...

...

.
Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\24814a7f9c48c0f770926253bf33df4f_68062e53-d84b-4070-805e-2fa0c584862b: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2a7d2887fb6630bfdfc66f5bbaab5990_68062e53-d84b-4070-805e-2fa0c584862b: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\41fd1b43b478bedf578a330c4cd03f2b_68062e53-d84b-4070-805e-2fa0c584862b: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4d57fe60e4f4a96ace2dae046188d91e_68062e53-d84b-4070-805e-2fa0c584862b: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\732730bb65f4c923ff17995342302fd9_68062e53-d84b-4070-805e-2fa0c584862b: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cbbf12380586f079b835fc58eab1bad7_68062e53-d84b-4070-805e-2fa0c584862b: Access is denied.


..

...

..
Failed to open \\?\c:\\System Volume Information\WindowsImageBackup: Access is denied.



Failed to open \\?\c:\\System Volume Information\{194e4c8b-6ff2-11e1-b067-c0f8daaf67d0}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{30f602df-6a37-11e1-b411-c0f8daaf67d0}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{62b402fe-6e57-11e1-b202-c0f8daaf67d0}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{69555ce5-6324-11e1-b36c-c0f8daaf67d0}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{7355155b-5f4a-11e1-b7e6-c0f8daaf67d0}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{73551585-5f4a-11e1-b7e6-c0f8daaf67d0}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{73551609-5f4a-11e1-b7e6-c0f8daaf67d0}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{73551631-5f4a-11e1-b7e6-c0f8daaf67d0}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{8b5c9000-6043-11e1-b337-c0f8daaf67d0}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{8b5c9031-6043-11e1-b337-c0f8daaf67d0}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{8b5c9035-6043-11e1-b337-c0f8daaf67d0}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{8c7050c2-6bf5-11e1-b2d2-c0f8daaf67d0}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{926db771-60b0-11e1-b698-c0f8daaf67d0}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{a137b4c9-6967-11e1-b5c2-c0f8daaf67d0}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{d3e634d2-5e1c-11e1-a3c3-c0f8daaf67d0}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{d707bfe2-6594-11e1-8517-c0f8daaf67d0}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{d707bfec-6594-11e1-8517-c0f8daaf67d0}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{d7fb02f6-6f3f-11e1-b73c-c0f8daaf67d0}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{d7fb02ff-6f3f-11e1-b73c-c0f8daaf67d0}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{d927f4da-68a0-11e1-b259-c0f8daaf67d0}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{e7b18455-6f10-11e1-b3e9-c0f8daaf67d0}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{fc29e7c9-6e4c-11e1-b7f9-c0f8daaf67d0}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.


\\?\c:\\Users\All Users: SYMBOLIC LINK
Print Name : C:\ProgramData
Substitute Name: \??\C:\ProgramData

\\?\c:\\Users\Default User: JUNCTION
Print Name : C:\Users\Default
Substitute Name: C:\Users\Default

\\?\c:\\Users\All Users\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\Users\All Users\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Users\All Users\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\Users\All Users\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Users\All Users\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Users\All Users\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

.

...

...

...

...

.
Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\24814a7f9c48c0f770926253bf33df4f_68062e53-d84b-4070-805e-2fa0c584862b: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2a7d2887fb6630bfdfc66f5bbaab5990_68062e53-d84b-4070-805e-2fa0c584862b: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\41fd1b43b478bedf578a330c4cd03f2b_68062e53-d84b-4070-805e-2fa0c584862b: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4d57fe60e4f4a96ace2dae046188d91e_68062e53-d84b-4070-805e-2fa0c584862b: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\732730bb65f4c923ff17995342302fd9_68062e53-d84b-4070-805e-2fa0c584862b: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cbbf12380586f079b835fc58eab1bad7_68062e53-d84b-4070-805e-2fa0c584862b: Access is denied.


..

...

.\\?\c:\\Users\Default\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming
Substitute Name: C:\Users\Default\AppData\Roaming

\\?\c:\\Users\Default\Local Settings: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\My Documents: JUNCTION
Print Name : C:\Users\Default\Documents
Substitute Name: C:\Users\Default\Documents

\\?\c:\\Users\Default\NetHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Default\PrintHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Default\Recent: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Default\SendTo: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Default\Start Menu: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Default\Templates: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Default\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\AppData\Local\History: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files

\\?\c:\\Users\Default\Documents\My Music: JUNCTION
Print Name : C:\Users\Default\Music
Substitute Name: C:\Users\Default\Music

\\?\c:\\Users\Default\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Default\Pictures
Substitute Name: C:\Users\Default\Pictures

\\?\c:\\Users\Default\Documents\My Videos: JUNCTION
Print Name : C:\Users\Default\Videos
Substitute Name: C:\Users\Default\Videos

\\?\c:\\Users\Kennedy\Application Data: JUNCTION
Print Name : C:\Users\Kennedy\AppData\Roaming
Substitute Name: C:\Users\Kennedy\AppData\Roaming

\\?\c:\\Users\Kennedy\Cookies: JUNCTION
Print Name : C:\Users\Kennedy\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Kennedy\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Kennedy\Local Settings: JUNCTION
Print Name : C:\Users\Kennedy\AppData\Local
Substitute Name: C:\Users\Kennedy\AppData\Local

\\?\c:\\Users\Kennedy\My Documents: JUNCTION
Print Name : C:\Users\Kennedy\Documents
Substitute Name: C:\Users\Kennedy\Documents

\\?\c:\\Users\Kennedy\NetHood: JUNCTION
Print Name : C:\Users\Kennedy\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Kennedy\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Kennedy\PrintHood: JUNCTION
Print Name : C:\Users\Kennedy\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Kennedy\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Kennedy\Recent: JUNCTION
Print Name : C:\Users\Kennedy\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Kennedy\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Kennedy\SendTo: JUNCTION
Print Name : C:\Users\Kennedy\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Kennedy\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Kennedy\Start Menu: JUNCTION
Print Name : C:\Users\Kennedy\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Kennedy\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Kennedy\Templates: JUNCTION
Print Name : C:\Users\Kennedy\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Kennedy\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Kennedy\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Kennedy\AppData\Local
Substitute Name: C:\Users\Kennedy\AppData\Local

.\\?\c:\\Users\Kennedy\AppData\Local\History: JUNCTION
Print Name : C:\Users\Kennedy\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Kennedy\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Kennedy\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Kennedy\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Kennedy\AppData\Local\Microsoft\Windows\Temporary Internet Files

.

.\\?\c:\\Users\Kennedy\Documents\My Music: JUNCTION
Print Name : C:\Users\Kennedy\Music
Substitute Name: C:\Users\Kennedy\Music

\\?\c:\\Users\Kennedy\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Kennedy\Pictures
Substitute Name: C:\Users\Kennedy\Pictures

\\?\c:\\Users\Kennedy\Documents\My Videos: JUNCTION
Print Name : C:\Users\Kennedy\Videos
Substitute Name: C:\Users\Kennedy\Videos

\\?\c:\\Users\Public\Documents\My Music: JUNCTION
Print Name : C:\Users\Public\Music
Substitute Name: C:\Users\Public\Music

\\?\c:\\Users\Public\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Public\Pictures
Substitute Name: C:\Users\Public\Pictures

\\?\c:\\Users\Public\Documents\My Videos: JUNCTION
Print Name : C:\Users\Public\Videos
Substitute Name: C:\Users\Public\Videos

\\?\c:\\Users\Sue\Application Data: JUNCTION
Print Name : C:\Users\Sue\AppData\Roaming
Substitute Name: C:\Users\Sue\AppData\Roaming

\\?\c:\\Users\Sue\Cookies: JUNCTION
Print Name : C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Sue\Local Settings: JUNCTION
Print Name : C:\Users\Sue\AppData\Local
Substitute Name: C:\Users\Sue\AppData\Local

\\?\c:\\Users\Sue\My Documents: JUNCTION
Print Name : C:\Users\Sue\Documents
Substitute Name: C:\Users\Sue\Documents

\\?\c:\\Users\Sue\NetHood: JUNCTION
Print Name : C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Sue\PrintHood: JUNCTION
Print Name : C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Sue\Recent: JUNCTION
Print Name : C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Sue\SendTo: JUNCTION
Print Name : C:\Users\Sue\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Sue\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Sue\Start Menu: JUNCTION
Print Name : C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Sue\Templates: JUNCTION
Print Name : C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Templates

.\\?\c:\\Users\Sue\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Sue\AppData\Local
Substitute Name: C:\Users\Sue\AppData\Local

\\?\c:\\Users\Sue\AppData\Local\History: JUNCTION
Print Name : C:\Users\Sue\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Sue\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Sue\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Sue\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Sue\AppData\Local\Microsoft\Windows\Temporary Internet Files

.

...

...

...

...

...

...

...

...

...

..\\?\c:\\Users\Sue\AppData\LocalLow\PlayReady: JUNCTION
Print Name : C:\ProgramData\Microsoft\PlayReady
Substitute Name: C:\ProgramData\Microsoft\PlayReady

.

...

...

\\?\c:\\Users\Sue\Documents\My Music: JUNCTION
Print Name : C:\Users\Sue\Music
Substitute Name: C:\Users\Sue\Music

\\?\c:\\Users\Sue\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Sue\Pictures
Substitute Name: C:\Users\Sue\Pictures

\\?\c:\\Users\Sue\Documents\My Videos: JUNCTION
Print Name : C:\Users\Sue\Videos
Substitute Name: C:\Users\Sue\Videos

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Windows\System32\LogFiles\WMI\RtBackup: Access is denied.



Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat: Access is denied.



Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1: Access is denied.



Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2: Access is denied.



Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{7889d26a-38c0-11e1-b18f-c0f8daaf67d0}.TM.blf: Access is denied.



Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{7889d26a-38c0-11e1-b18f-c0f8daaf67d0}.TMContainer00000000000000000001.regtrans-ms: Access is denied.



Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{7889d26a-38c0-11e1-b18f-c0f8daaf67d0}.TMContainer00000000000000000002.regtrans-ms: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.
suebart4
Regular Member
 
Posts: 21
Joined: February 26th, 2012, 4:53 pm

Re: My start menu is empty, not able to download anything

Unread postby Gary R » March 18th, 2012, 5:03 am

OK, your Junction log looks pretty normal, so please do the following for me .....

First

  • Click Start, then in the Search programs and files box type Notepad hit Enter.
  • This will open an empty Notepad file.
  • Copy/Paste the contents of the box below into Notepad.
Code: Select all
@ echo off

dir "%userprofile%\AppData\Local\Temp" > "%userprofile%\desktop\log.txt"

Notepad.exe %userprofile%\Desktop\log.txt
Del log.txt
Del %0

  • Click Format and ensure Wordwrap is unchecked.
  • Save as Export.bat
  • Save as file type All Files or it won't work.
  • Now double click on Export.bat to run it.
  • A file log.txt will open on your Desktop, please post the contents in your next reply.
  • Please note ... when you close log.txt both it and Export.bat will be deleted.

Then please do the following ....

Please download Farbar Service Scanner ... by Farbar and save it to your Desktop.
  • Double click FSS.exe to run it. (Vista - W7 users: Please right click on FSS.exe and select Run As Administrator).
  • Select the following options ....
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press the Scan button.
  • When finished, a text file named FSS.txt will be created on your desktop.
  • Copy/Paste the contents in your reply please.

Next

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Summary of the logs I need from you in your next post:
  • Log.txt
  • FSS.txt
  • OTL.txt
  • Extras.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 18579
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: My start menu is empty, not able to download anything

Unread postby suebart4 » March 18th, 2012, 9:59 pm

Farbar Service Scanner Version: 01-03-2012
Ran by Sue (administrator) on 18-03-2012 at 20:41:30
Running from "C:\Users\Sue\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
Volume in drive C is OS
Volume Serial Number is B845-7168

Directory of C:\Users\Sue\AppData\Local\Temp

03/18/2012 08:29 PM <DIR> .
03/18/2012 08:29 PM <DIR> ..
03/16/2012 02:17 AM <DIR> 03160217-000006f4-f114lglan1
03/17/2012 09:45 AM <DIR> Adobe
03/11/2012 03:47 PM 2 afterInstallCall.dat
03/11/2012 05:31 PM 2 afterUninstallCall.dat
03/11/2012 02:17 PM 27,082 amt3.log
03/15/2012 12:32 AM 11,390 Attach.txt
03/17/2012 12:37 AM 7,802 au-descriptor-1.6.0_31-b74.xml
03/16/2012 12:26 AM 86 avginfo.id
03/11/2012 03:47 PM 8 currenttime.dat
03/15/2012 12:32 AM 25,381 DDS.txt
03/11/2012 03:47 PM <DIR> dlm2396.tmp
03/11/2012 02:17 PM <DIR> Editor
09/14/2011 05:47 PM 0 FXSAPIDebugLogFile.txt
03/15/2012 11:15 PM 36,442 GimmeSetup(201203152315125FC).log
03/15/2012 11:16 PM 36,289 GimmeSetup(201203152316307E0).log
03/16/2012 12:33 AM <DIR> Google Toolbar
03/17/2012 12:37 AM 680 jusched.log
03/01/2012 04:19 PM <DIR> Low
03/16/2012 02:46 AM <DIR> msdtadmin
03/11/2012 05:26 PM 0 nsd3F82.tmp
03/11/2012 03:47 PM 0 nsu9945.tmp
03/15/2012 11:15 PM <DIR> OIS
03/11/2012 02:18 PM 3,147 oobelib.log
03/11/2012 02:18 PM 26,056 PDApp.log
03/11/2012 02:19 PM 50,135,040 Photoshop Temp211952032
03/07/2012 06:22 PM <DIR> RarSFX0
03/09/2012 05:54 PM <DIR> RarSFX1
03/15/2012 11:15 PM 4,261 SetupExe(201203152315105FC).log
03/15/2012 11:15 PM 1,361 SetupExe(201203152315266DC).log
03/15/2012 11:16 PM 4,264 SetupExe(201203152316307E0).log
03/15/2012 11:16 PM 1,361 SetupExe(201203152316337A0).log
03/11/2012 05:37 PM 31,832 Sue.bmp
03/11/2012 02:17 PM 2,136 swtag.log
03/18/2012 08:27 PM <DIR> WPDNSE
03/16/2012 01:23 AM <DIR> _av4_
03/16/2012 01:13 AM <DIR> _avast4_
03/11/2012 03:47 PM <DIR> {26c9e18c-3717-4be1-a225-04e4471f5b6e}
03/09/2012 07:42 PM 0 ~DF09A0C53328FFFC0F.TMP
03/09/2012 09:09 PM 0 ~DF09CBB4A3D521B1AE.TMP
03/09/2012 10:17 PM 16,384 ~DF0FF5F5615D2561A5.TMP
03/09/2012 08:10 PM 16,384 ~DF1A4C2075EC26FD67.TMP
03/16/2012 07:31 PM 0 ~DF304C96535C7FE0CC.TMP
03/16/2012 10:34 PM 16,384 ~DF348A86F9DF53A124.TMP
03/09/2012 08:43 PM 16,384 ~DF46FF372CCF979636.TMP
03/09/2012 08:36 PM 0 ~DF604440D0891DF7F0.TMP
03/14/2012 02:16 PM 16,384 ~DF90E934DCFB3A9E60.TMP
03/09/2012 08:43 PM 16,384 ~DF9446CFEACC5B31F8.TMP
03/06/2012 05:41 PM 16,384 ~DFBD0DEC7640A171B9.TMP
03/10/2012 12:18 AM 16,384 ~DFBDEEA8DD592784A5.TMP
03/06/2012 05:29 PM 0 ~DFD441EDF3B38EC63C.TMP
03/18/2012 08:28 PM 0 ~DFD869C305C99DEA8C.TMP
03/14/2012 02:12 PM 0 ~DFD90D1709292F1944.TMP
03/18/2012 08:28 PM 16,384 ~DFE05467DB14B51BC1.TMP
03/09/2012 08:26 PM 0 ~DFEAC0DD37EEB4F365.TMP
03/06/2012 05:29 PM 16,384 ~DFF566AAE072A2E5A0.TMP
03/08/2012 09:38 AM 7,602,176 ~PI216E.tmp
03/08/2012 09:38 AM 7,602,176 ~PI26DC.tmp
03/11/2012 02:16 PM 7,602,176 ~PI3849.tmp
03/08/2012 09:38 AM 7,602,176 ~PI3BF2.tmp
03/11/2012 02:16 PM 7,602,176 ~PI3FBA.tmp
03/11/2012 02:16 PM 7,602,176 ~PI448B.tmp
03/07/2012 03:20 PM 7,602,176 ~PI5012.tmp
03/07/2012 03:20 PM 7,602,176 ~PI5189.tmp
49 File(s) 111,335,870 bytes
16 Dir(s) 245,962,457,088 bytes free
suebart4
Regular Member
 
Posts: 21
Joined: February 26th, 2012, 4:53 pm

Re: My start menu is empty, not able to download anything

Unread postby suebart4 » March 18th, 2012, 10:00 pm

OTL logfile created on: 3/18/2012 8:44:41 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Sue\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.92 Gb Total Physical Memory | 3.33 Gb Available Physical Memory | 85.06% Memory free
7.83 Gb Paging File | 7.27 Gb Available in Paging File | 92.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.34 Gb Total Space | 229.07 Gb Free Space | 80.85% Space Free | Partition Type: NTFS
Drive F: | 241.13 Mb Total Space | 10.44 Mb Free Space | 4.33% Space Free | Partition Type: FAT

Computer Name: SUE-PC | User Name: Sue | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/18 20:42:48 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Sue\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/20 08:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/09/05 11:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/12/17 14:46:48 | 000,053,920 | ---- | M] (Atheros Commnucations) [Auto | Stopped] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/11/25 05:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/11/20 07:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/10/01 11:49:08 | 000,151,552 | ---- | M] (Atheros) [Auto | Stopped] -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/08/25 20:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 16:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/03/26 04:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/17 00:29:56 | 001,416,240 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 17:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 17:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/12 20:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/21 00:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/12/21 00:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010/12/21 00:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/12/17 14:47:10 | 000,275,616 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/12/17 14:47:08 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010/12/17 14:47:08 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010/12/17 14:47:06 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010/12/16 17:47:06 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010/12/16 17:47:06 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010/12/16 17:47:06 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/12/16 17:47:04 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (AthDfu)
DRV:64bit: - [2010/12/01 11:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/30 17:02:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/24 06:33:24 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/15 11:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/08/12 10:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 02:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{A87A0E97-4E4D-41E0-BD6E-2BBF88790C04}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A87A0E97-4E4D-41E0-BD6E-2BBF88790C04}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1030952846-1166388082-1472741413-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1030952846-1166388082-1472741413-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1030952846-1166388082-1472741413-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?source=c3348dd4&tbp= ... 2FC6F58&q={searchTerms}
IE - HKU\S-1-5-21-1030952846-1166388082-1472741413-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GZAG_enUS471
IE - HKU\S-1-5-21-1030952846-1166388082-1472741413-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1030952846-1166388082-1472741413-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sue\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sue\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/06/03 03:44:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/06/03 03:44:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/06/03 03:44:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/24 19:47:15 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sue\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sue\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sue\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sue\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2012/03/01 16:07:28 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1030952846-1166388082-1472741413-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1030952846-1166388082-1472741413-1000..\Run: [DW6] C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKU\S-1-5-21-1030952846-1166388082-1472741413-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1030952846-1166388082-1472741413-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1030952846-1166388082-1472741413-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1030952846-1166388082-1472741413-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1030952846-1166388082-1472741413-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1030952846-1166388082-1472741413-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48A4FDCF-F348-4A13-865C-79A64A0055B3}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{909D17C3-63B3-4790-A95C-F221AD9B7238}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/18 20:42:48 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Sue\Desktop\OTL.exe
[2012/03/16 02:16:18 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\Windows Live
[2012/03/16 02:15:52 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{4D90C99B-BACB-4AAE-A8BA-AF35CFCD18D8}
[2012/03/16 00:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2012/03/15 23:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/03/15 23:54:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/03/14 23:28:18 | 000,389,024 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Sue\Desktop\unhide.exe
[2012/03/14 22:13:08 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Sue\Desktop\aswMBR.exe
[2012/03/11 15:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Converter
[2012/03/11 15:53:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Youtube Converter
[2012/03/11 15:50:22 | 010,239,833 | ---- | C] (Youtube Converter ) -- C:\Users\Sue\Desktop\freeyoutubeconverter.exe
[2012/03/11 15:46:39 | 000,000,000 | ---D | C] -- C:\Users\Sue\Documents\Downloads
[2012/03/09 17:55:35 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sue\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/07 18:41:11 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sue\Desktop\tdsskiller.exe
[2012/03/07 18:27:27 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Roaming\Malwarebytes
[2012/03/07 18:27:20 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/07 18:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/07 18:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/07 18:27:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/07 18:26:38 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sue\Desktop\mbam-setup-1.60.1.1000.exe
[2012/03/03 19:58:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/01 16:14:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/01 15:58:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/01 15:58:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/26 16:33:15 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{DB2174B4-B694-4CEF-BB05-BC052BE17FD8}
[2012/02/26 16:33:15 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{7E7FC3DA-F45E-4B55-AE1D-15DC51367864}
[2012/02/26 15:42:10 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Sue\Desktop\dds.scr
[2012/02/23 07:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/02/23 00:03:13 | 000,000,000 | ---D | C] -- C:\Users\Sue\Documents\My Kindle Content
[2012/02/23 00:02:54 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\Amazon
[2012/02/22 23:38:45 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/02/22 23:29:37 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Roaming\SpeedyPC Software
[2012/02/22 23:29:37 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Roaming\DriverCure
[2012/02/22 23:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/02/22 23:17:28 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Roaming\PCPro
[2012/02/22 23:17:28 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Roaming\PC Cleaners
[2012/02/22 23:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2012/02/20 19:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2012/02/20 19:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2012/02/20 19:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2012/02/20 19:49:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2012/02/20 19:35:08 | 000,161,168 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2012/02/20 15:02:51 | 000,000,000 | R--D | C] -- C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012/02/19 22:01:35 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Roaming\Google
[2012/02/19 22:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/02/19 19:41:50 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/19 19:41:50 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/19 19:41:46 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/19 19:41:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/19 19:41:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/19 19:41:45 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/19 19:41:45 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/19 19:41:45 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/19 19:41:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/19 19:41:44 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/19 19:41:44 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

========== Files - Modified Within 30 Days ==========

[2012/03/18 20:42:48 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Sue\Desktop\OTL.exe
[2012/03/18 20:38:07 | 000,337,137 | ---- | M] () -- C:\Users\Sue\Desktop\FSS.exe
[2012/03/18 20:35:31 | 000,000,156 | ---- | M] () -- C:\Users\Sue\Desktop\export.bat
[2012/03/18 20:31:41 | 000,852,544 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/18 20:31:41 | 000,714,582 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/18 20:31:41 | 000,138,666 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/18 20:27:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/18 20:27:19 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/18 00:15:18 | 000,150,392 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\junction.exe
[2012/03/18 00:10:43 | 000,079,623 | ---- | M] () -- C:\Users\Sue\Desktop\Junction.zip
[2012/03/17 00:36:37 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/17 00:36:37 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/17 00:34:01 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/03/17 00:29:45 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/16 03:19:51 | 000,001,443 | ---- | M] () -- C:\Users\Sue\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/16 01:26:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1030952846-1166388082-1472741413-1000UA.job
[2012/03/16 01:23:31 | 000,000,512 | ---- | M] () -- C:\Users\Sue\Desktop\MBR.dat
[2012/03/16 01:10:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/14 23:28:18 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Sue\Desktop\unhide.exe
[2012/03/14 22:13:41 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Sue\Desktop\aswMBR.exe
[2012/03/11 15:53:31 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Youtube Converter.lnk
[2012/03/11 15:51:56 | 010,239,833 | ---- | M] (Youtube Converter ) -- C:\Users\Sue\Desktop\freeyoutubeconverter.exe
[2012/03/11 14:17:32 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-Sue-PC-Sue.job
[2012/03/09 18:02:31 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/09 15:57:30 | 000,001,205 | ---- | M] () -- C:\Users\Sue\Desktop\FixNCR.reg.reg
[2012/03/09 15:53:44 | 001,008,141 | ---- | M] () -- C:\Users\Sue\Desktop\rkill.com
[2012/03/08 10:53:20 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sue\Desktop\tdsskiller.exe
[2012/03/08 10:48:52 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sue\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/07 17:00:33 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1030952846-1166388082-1472741413-1000Core.job
[2012/03/07 16:58:20 | 001,008,141 | ---- | M] () -- C:\Users\Sue\Desktop\rkill.exe
[2012/03/07 16:58:06 | 001,008,141 | ---- | M] () -- C:\Users\Sue\Desktop\rkill.scr
[2012/03/07 12:19:42 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sue\Desktop\mbam-setup-1.60.1.1000.exe
[2012/03/01 16:07:28 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/29 18:43:39 | 000,570,292 | ---- | M] () -- C:\Users\Sue\Desktop\STAT!Ref PERIOPERATIVE STANDARDS AND RECOMMENDED PRACTICES - 2012 EDITION_aspx.mht
[2012/02/26 22:32:15 | 000,865,610 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/26 16:47:22 | 000,073,180 | ---- | M] () -- C:\Users\Sue\Desktop\Sarcasm CPR.jpg
[2012/02/26 15:42:32 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Sue\Desktop\dds.scr
[2012/02/26 01:32:30 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/22 23:34:08 | 001,648,316 | ---- | M] () -- C:\Users\Sue\Documents\Rotten-School-1-The-Big-Blueberry-Barf-Off-.azw
[2012/02/20 17:16:50 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012/02/20 00:38:01 | 000,467,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/03/18 20:38:07 | 000,337,137 | ---- | C] () -- C:\Users\Sue\Desktop\FSS.exe
[2012/03/18 20:35:30 | 000,000,156 | ---- | C] () -- C:\Users\Sue\Desktop\export.bat
[2012/03/18 00:10:43 | 000,079,623 | ---- | C] () -- C:\Users\Sue\Desktop\Junction.zip
[2012/03/14 23:21:59 | 000,000,512 | ---- | C] () -- C:\Users\Sue\Desktop\MBR.dat
[2012/03/11 15:53:31 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\Youtube Converter.lnk
[2012/03/11 14:17:32 | 000,000,364 | ---- | C] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-Sue-PC-Sue.job
[2012/03/09 19:35:04 | 000,001,205 | ---- | C] () -- C:\Users\Sue\Desktop\FixNCR.reg.reg
[2012/03/09 17:52:48 | 001,008,141 | ---- | C] () -- C:\Users\Sue\Desktop\rkill.com
[2012/03/07 18:27:20 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/07 18:20:43 | 001,008,141 | ---- | C] () -- C:\Users\Sue\Desktop\rkill.scr
[2012/03/07 18:16:51 | 001,008,141 | ---- | C] () -- C:\Users\Sue\Desktop\rkill.exe
[2012/02/29 18:43:38 | 000,570,292 | ---- | C] () -- C:\Users\Sue\Desktop\STAT!Ref PERIOPERATIVE STANDARDS AND RECOMMENDED PRACTICES - 2012 EDITION_aspx.mht
[2012/02/26 16:49:22 | 000,073,180 | ---- | C] () -- C:\Users\Sue\Desktop\Sarcasm CPR.jpg
[2012/02/26 09:51:10 | 000,865,610 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/22 23:34:00 | 001,648,316 | ---- | C] () -- C:\Users\Sue\Documents\Rotten-School-1-The-Big-Blueberry-Barf-Off-.azw
[2012/02/19 22:00:56 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/19 22:00:55 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/03 05:16:23 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/06/03 05:16:01 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/06/03 05:15:59 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/06/03 05:15:57 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== LOP Check ==========

[2012/02/12 18:45:29 | 000,000,000 | ---D | M] -- C:\Users\Kennedy\AppData\Roaming\Leadertech
[2012/01/27 20:35:57 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Amazon
[2011/11/15 22:08:25 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Azureus
[2012/02/22 23:29:37 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\DriverCure
[2011/09/14 17:47:56 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Leadertech
[2011/10/23 00:58:53 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\MusicNet
[2012/02/22 23:17:28 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\PC Cleaners
[2011/09/17 16:02:22 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\PCDr
[2012/02/23 07:26:10 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\PCPro
[2012/02/22 23:29:37 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\SpeedyPC Software
[2012/02/26 01:32:30 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/07/14 00:08:49 | 000,025,160 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/03/17 00:34:01 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 3/18/2012 8:44:41 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Sue\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.92 Gb Total Physical Memory | 3.33 Gb Available Physical Memory | 85.06% Memory free
7.83 Gb Paging File | 7.27 Gb Available in Paging File | 92.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.34 Gb Total Space | 229.07 Gb Free Space | 80.85% Space Free | Partition Type: NTFS
Drive F: | 241.13 Mb Total Space | 10.44 Mb Free Space | 4.33% Space Free | Partition Type: FAT

Computer Name: SUE-PC | User Name: Sue | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D98F04D-11A1-4B64-A406-43292B9EEE90}" = Dell PhotoStage
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E8A1ADF-B72C-47FE-85F6-F7A73C487F6C}" = Dell MusicStage
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81F1C6DE-C053-4C6C-9DE8-ED23D28FA9AB}" = Cozi
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E705C2D-BDB1-4D09-B801-EBFD6E871F55}_is1" = Youtube Converter 0.2.1.91
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.1) MUI
"{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}" = Dell Marketplace Webslice IE8
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D770F4B4-C422-45D9-8CEE-1B4C66E68CA8}" = Dell Stage
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Dell Webcam Central" = Dell Webcam Central
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"InstallShield_{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"RealPlayer 15.0" = RealPlayer
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1030952846-1166388082-1472741413-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/15/2012 10:41:57 PM | Computer Name = Sue-PC | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 5 (0x5) : Access is denied. .

Error - 3/15/2012 10:41:57 PM | Computer Name = Sue-PC | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 5 (0x5) : Access is denied. .

Error - 3/15/2012 10:41:58 PM | Computer Name = Sue-PC | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 5 (0x5) : Access is denied. .

Error - 3/15/2012 10:41:58 PM | Computer Name = Sue-PC | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 5 (0x5) : Access is denied. .

Error - 3/15/2012 10:41:58 PM | Computer Name = Sue-PC | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 5 (0x5) : Access is denied. .

Error - 3/15/2012 10:41:58 PM | Computer Name = Sue-PC | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 5 (0x5) : Access is denied. .

Error - 3/16/2012 12:14:00 AM | Computer Name = Sue-PC | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 5 (0x5) : Access is denied. .

Error - 3/16/2012 12:14:00 AM | Computer Name = Sue-PC | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 5 (0x5) : Access is denied. .

Error - 3/16/2012 12:14:09 AM | Computer Name = Sue-PC | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 5 (0x5) : Access is denied. .

Error - 3/16/2012 12:14:09 AM | Computer Name = Sue-PC | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 5 (0x5) : Access is denied. .

[ Dell Events ]
Error - 9/14/2011 7:06:23 PM | Computer Name = Sue-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/14/2011 7:06:23 PM | Computer Name = Sue-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/16/2011 6:52:28 PM | Computer Name = Sue-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 3/15/2012 12:39:05 AM | Computer Name = Sue-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%-2147024891

Error - 3/15/2012 12:40:58 AM | Computer Name = Sue-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8000ffff: Update Rollup for ActiveX Killbits for Windows 7 for x64-based
Systems (KB2647518).

Error - 3/15/2012 12:42:29 AM | Computer Name = Sue-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8000ffff: Update for Windows 7 for x64-based Systems (KB2639308).

Error - 3/15/2012 12:42:38 AM | Computer Name = Sue-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 3/15/2012 12:43:50 AM | Computer Name = Sue-PC | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 3/15/2012 12:44:27 AM | Computer Name = Sue-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 3/15/2012 12:44:33 AM | Computer Name = Sue-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%-2147024891

Error - 3/15/2012 12:44:57 AM | Computer Name = Sue-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 3/15/2012 10:37:24 PM | Computer Name = Sue-PC | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 3/15/2012 10:37:45 PM | Computer Name = Sue-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%-2147024891


< End of report >
suebart4
Regular Member
 
Posts: 21
Joined: February 26th, 2012, 4:53 pm

Re: My start menu is empty, not able to download anything

Unread postby Gary R » March 19th, 2012, 5:25 am

OK, let's see if we can get your Start Menu repopulated.

You can restore the defaults for the Start Menu as follows:

Next

There are a number of Services on your computer that should be running, and which are not. Let's see if we can start them ....

  • Click Start and in the Search programs and files box type Notepad then hit Enter.
  • This will open an empty Notepad file.
  • Copy/Paste the contents of the box below into Notepad.
Code: Select all
@ echo off

sc start wscsvc
sc start wuauserv
sc start bits
sc start EventSystem
sc start WinDefend
sc query wscsvc > "%userprofile%\desktop\restart.txt"
sc query wuauserv >> "%userprofile%\desktop\restart.txt"
sc query bits >> "%userprofile%\desktop\restart.txt"
sc query EventSystem >> "%userprofile%\desktop\restart.txt"
sc query WinDefend >> "%userprofile%\desktop\restart.txt"
Notepad.exe %userprofile%\Desktop\restart.txt
Del restart.txt
Del %0

  • Click Format and ensure Wordwrap is unchecked.
  • Save as Restart.bat
  • Save as file type All Files or it won't work.
  • Now right click on Restart.bat and select Run as an Administrator
  • OK any UAC prompts.
  • A report restart.txt should open on your Desktop.
  • Please post its contents in your next reply
  • please note ... the files restart.bat and restart.txt will be deleted when you close the report.
User avatar
Gary R
Administrator
Administrator
 
Posts: 18579
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: My start menu is empty, not able to download anything

Unread postby suebart4 » March 19th, 2012, 5:22 pm

I repopulated the start menu, however, I still cannot find my ms office programs. When I do a search, my douments will come up, but not any programs.


SERVICE_NAME: wscsvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: wuauserv
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_PRESHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: bits
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: EventSystem
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: WinDefend
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 2 START_PENDING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x7d0
suebart4
Regular Member
 
Posts: 21
Joined: February 26th, 2012, 4:53 pm

Re: My start menu is empty, not able to download anything

Unread postby Gary R » March 19th, 2012, 6:22 pm

Looks like the stopped Services started OK, but I'd like to make sure they startup properly next time you boot your computer.

So ....

Reboot your computer

Then run a new scan with Farbar Service Scanner ....

  • Double click FSS.exe to run it. (Vista - W7 users: Please right click on FSS.exe and select Run As Administrator).
  • Select the following options ....
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press the Scan button.
  • When finished, a text file named FSS.txt will be created on your desktop.
  • Copy/Paste the contents in your reply please.

To re-populate your application paths (like for Office), try the method illustrated below ....

  • Download App Paths
  • Double click on AppPaths.exe to run the program.
  • Keep the program open.

In this example I'll recreate an entry for Avast antivirus program.
  • Go Start>All Programs.
  • Right click on Avast entry, click "Properties".

Image
NOTE. Make sure, you right click on Avast program, NOT on Avast folder.

  • You'll see this window:

Image

Due to the damage caused by the infection, you'll find "Target" box empty.

  • Go back to AppPaths window and find Avast entry.
  • Right click on Avast line, click "Edit".
  • A pop-up window will open:

Image

  • Highlight everything in "Path" box, right click on it, click "Copy"
  • Go back to Avast "Properties" window, right click inside "Target" box, click "Paste".
  • IMPORTANT! Add quotation marks at the beginning of the path and at the end
  • Click OK and you're done.

Image

In case, program's link shows as (empty):

Image

  • Open Windows Explorer, navigate to Avast folder in Program Files
  • Right click on Avast ".exe" file, click "Create shortcut":

Image

  • Copy that shortcut, go back to Start menu.
  • Right click on avast!Free Antivirus, click "Paste".
  • You'll see Avast shortcut recreated replacing (empty) entry.

Alternatively....
...you paste that shortcut in:
(XP) - C:\Documents and Settings\All Users\Start Menu\Programs\Avast
(Vista/7) - C:\Program Data\Start Menu\Programs\Avast
User avatar
Gary R
Administrator
Administrator
 
Posts: 18579
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: My start menu is empty, not able to download anything

Unread postby suebart4 » March 19th, 2012, 9:25 pm

I did the FSS after a regular reboot, but App Path will not download unless I am in Safe mode.

Farbar Service Scanner Version: 01-03-2012
Ran by Sue (administrator) on 19-03-2012 at 19:55:02
Running from "C:\Users\Sue\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
suebart4
Regular Member
 
Posts: 21
Joined: February 26th, 2012, 4:53 pm

Re: My start menu is empty, not able to download anything

Unread postby Gary R » March 20th, 2012, 6:35 am

I'm glad to see that most of the Services seem to have started OK this time, with the exception of Windows Defender which for whatever reason is not running ....

  • Click Start and in the Search programs and files box type Notepad then hit Enter.
  • This will open an empty Notepad file.
  • Copy/Paste the contents of the box below into Notepad.
Code: Select all
@ echo off

sc query WinDefend >> "%userprofile%\desktop\look.txt"
sc qc WinDefend >> "%userprofile%\desktop\look.txt"
Notepad.exe %userprofile%\Desktop\look.txt
Del look.txt
Del %0

  • Click Format and ensure Wordwrap is unchecked.
  • Save as Look.bat
  • Save as file type All Files or it won't work.
  • Now right click on Look.bat and select Run as an Administrator
  • OK any UAC prompts.
  • A report Look.txt should open on your Desktop.
  • Please post its contents in your next reply
  • please note ... the files look.bat and look.txt will be deleted when you close the report.

Next

When you say that you can't download AppPath in normal mode, what exactly happens ?

Which browser are you using to download it (Internet Explorer or Firefox) ?

I see you don't appear to have an Anti-Virus program installed, have you had one in the past, and if so which one?
User avatar
Gary R
Administrator
Administrator
 
Posts: 18579
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: My start menu is empty, not able to download anything

Unread postby suebart4 » March 20th, 2012, 10:00 pm

I am using internet explorer. When I click on any hyperlink while I'm in normal mode, nothing at all happens. I tried to right click to open in a different window, and a window will open, but with just a blank white screen. Nothing loads on the page. I had McAfee installed (I was using a trial subscription), and when my computer went haywire, it was among the programs I wasn't able to locate again.

SERVICE_NAME: WinDefend
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : -2147024891 (0x80070005)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: WinDefend
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\System32\svchost.exe -k secsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Defender
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem
suebart4
Regular Member
 
Posts: 21
Joined: February 26th, 2012, 4:53 pm

Re: My start menu is empty, not able to download anything

Unread postby Gary R » March 21st, 2012, 3:15 am

Try running Internet Explorer with no add-ons running and see if that helps with the download problem ....

To do so ....

  • Click Start > All Programs > Accessories > System Tools
  • Click Internet Explorer (No Add-ons)

If that doesn't improve things, try installing Firefox and see if you have the same download problems using that.


What I'm trying to establish is whether the problem is with IE or your computer.

Next

Since you did not remove McAfee yourself, it would seem likely that your infection tampered with it.

I think before we go any further it would be a good idea to remove any possible traces of McAfee, since we don't know how much of it is left on your machine, or what affects it might have.

Please download and run this McAfee removal tool .... http://download.mcafee.com/products/lic ... s/MCPR.exe

Reboot your computer when finished

Next

Please download SystemLook from one of the links below and save it to your Desktop.

For 64 bit Systems
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
Code: Select all
:Folderfind
mcafee

:Regfind
mcafee

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Next

The script I had you run shows there is a general access fault with the Windows Defender service, which is most probably caused because it can't open the file, so let's see if we can find an alternate copy of the file that we can use.

  • Double click FSS.exe to run it. (Vista - W7 users: Please right click on FSS.exe and select Run As Administrator).
  • Copy/Paste the contents of the code box below into the Search: box.
Code: Select all
MpSvc.dll

  • Press the Search Files button.
  • When finished a text file named FSS.txt will be created on your desktop.
  • Copy/Paste the contents in your reply please.

Summary of the logs I need from you in your next post:
  • SystemLook.txt
  • FSS.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 18579
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware