Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 35

Thread: BOO/TDss.O found in master boot sectors

  1. #21
    Join Date
    Feb 2012
    Location
    Midlands.. UK
    Posts
    451

    Re: BOO/TDss.O found in master boot sectors

    Hi Bubbarama,

    I only had one notepad open. I'm not sure what I did wrong.
    It's ok, this happened because OTL has been run before.
    Otl only produces the Extras.txt by default on the first run.
    To get it to be produced on another run, look under the Extra Registry section and tick to select Use SafeList.

    Let's cleanup some orphan entries in the report:

    Step 1
    Double click on OTL to run it.
    Copy the lines in the codebox below. (make sure that :Otl is on the first line )
    You may have to scroll the box down to see all of the fix.
    Code:
    :Otl
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll File not found
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll File not found
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll File not found
    O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll File not found
    O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll File not found
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll File not found
    O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
    O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found
    O4 - HKLM..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" File not found
    O4 - HKLM..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW File not found
    O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found
    O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe File not found
    O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe File not found
    O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe File not found
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe File not found
    O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" File not found
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray File not found
    O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime File not found
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" File not found
    O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 File not found
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 File not found
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4
    
    :Files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [purity]
    • Return to OTL,
    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


    • Click the red Run Fix button.


    • OTL will reboot your system once the fix has completed.
    • After the reboot, you may need to double click OTL to launch the program and retrieve the log.


    Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

    if you lose the report, there will be a copy here:
    C:\_OTL\MovedFiles



    Step 2
    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) 7 Update 5 and save it to your desktop.
    • Scroll down to where it says "Java SE 7 Update 5".
    • Click the "Download JRE" button to the right.
    • Accept the license agreement.
    • select 'Windows x64' from the list.
    • Save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-7u5-windows-i586-p.exe to install the newest version.


    In your next reply, please submit:
    Otl fix report
    and let me know how the system is running.

    Thanks

  2. #22

    Re: BOO/TDss.O found in master boot sectors

    Hi Starbuck,

    Okay I got the results for the Extra.txt below


    OTL Extras logfile created on: 8/7/2012 5:29:40 PM - Run 4
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\users\Kao\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.80 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 59.12% Memory free
    7.60 Gb Paging File | 5.86 Gb Available in Paging File | 77.09% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.21 Gb Total Space | 294.83 Gb Free Space | 65.34% Space Free | Partition Type: NTFS
    Drive D: | 14.25 Gb Total Space | 1.59 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
    Drive F: | 99.02 Mb Total Space | 84.88 Mb Free Space | 85.72% Space Free | Partition Type: FAT32

    Computer Name: KAO-HP | User Name: Kao | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- Reg Error: Key error. File not found
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
    "{326CDF79-24B0-497B-BF9A-FCBB37B53570}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{327AE822-E060-4E8F-B249-869C3DE15F60}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{361C0139-7A2E-4D6B-A5D6-2049C9FC390B}" = rport=138 | protocol=17 | dir=out | app=system |
    "{4FA86B51-A577-4446-9010-839920D41FBB}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{545625FE-AC1D-4727-B85F-155874E8B308}" = lport=139 | protocol=6 | dir=in | app=system |
    "{61AE50D4-2C68-4157-AAD5-941417CDD203}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{699A4D8E-1EC3-4ACC-A20F-B79881C0578D}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{6C5BEA08-3478-48B9-812D-7547B59D1BEF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6CB82E1F-FAD0-47CA-9292-D9D448383EAF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
    "{6D4590E9-55ED-465B-99B7-27DE04D43ED3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6F3CC1D0-F492-4B6E-8945-55DFDBA6AB2D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{78E0D2C6-1FB7-4CCA-9D73-16B051B8261D}" = lport=138 | protocol=17 | dir=in | app=system |
    "{81E20EDE-42EC-4F99-AD57-A2E56341A621}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{8CCE65A7-8F61-45C0-84E8-3425DA0806C2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8DD6B935-2EDB-4E37-98C2-D117EC08B72D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{9D153FD2-71BD-42CA-A499-A1E94E870CC4}" = rport=139 | protocol=6 | dir=out | app=system |
    "{9FF697FF-7F8A-417C-93A7-D23E8467C671}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A6814156-463D-4D4C-8A01-6255CE0FAC3D}" = rport=445 | protocol=6 | dir=out | app=system |
    "{AFD83517-4370-41B1-8C2C-FA62F30F13DE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B2D06B92-C960-4A1E-8E21-77C8910A9AD5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BD2FC9F7-4B96-4DAF-8DF5-D91D858B1E00}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{BF5B16CA-585C-4F1E-89D4-D4E4D7DC60F3}" = lport=445 | protocol=6 | dir=in | app=system |
    "{C2946722-E20A-4FC5-A462-6748B735F1A4}" = rport=137 | protocol=17 | dir=out | app=system |
    "{DACD8F69-1ED3-4740-814D-58A4A10697E5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{F7A39A63-46E5-407D-A78C-B59C11973F16}" = lport=137 | protocol=17 | dir=in | app=system |
    "{FC80EEE8-23DD-4421-9550-E80DB800DF0D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
    "{01D60516-9EFA-44FB-9673-721BE18447C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{06CC0962-6917-4B93-836A-8876BBB2C162}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{0997CB61-9E90-48CF-B710-18FCD8BEC437}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{1254D040-E5EA-4F8A-AE54-FE281921D8CA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{1B207559-37A9-4F07-86BD-5C2E37F44040}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{1B9B878B-5577-4D31-B636-6424F60DF6A4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{1E3AD11B-B2B4-4C4F-8488-14FE474B1725}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
    "{1FC7F9FA-9792-43E6-BB93-1E8BF64FEA83}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{22850866-D8B3-4B57-926B-3BE94B9DEBE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{2E9B4ADC-8FB7-4F31-BC54-2132D6747D33}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{3B3168DF-CEDB-4DC3-B9C7-90EF213A7E3A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{4319AB08-8409-4298-B909-B671451F32B9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{4423DF39-57C7-459B-97BD-E1530C664260}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{55B7C89A-8AF6-4069-A32A-C3222C817D85}" = protocol=6 | dir=out | app=system |
    "{55CA8857-8DB7-4A17-A1D1-951255A6BF4F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{55DB39EC-1D4E-4B87-AB31-4118C7EAB9EC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{5E33603A-49C9-4250-B678-813A1CB7A6BD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{5F92645F-42FF-407F-8657-B200C87D79F1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{639A4381-449B-490A-913C-D026B2BD3777}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{6D51B338-A4E7-4C1A-90C3-37840A9CA156}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{72DE4676-FE82-4790-A05C-FA68D0547599}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{794FE3F3-D97C-4A29-9466-8D52BA223D39}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{79994AE9-F502-4088-944D-F2578FD2A20E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8583DC91-121D-49F1-A737-7A7AC9E7E347}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{865DC5EB-719E-4F1A-B9EF-6C667783FE7D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{8C3B9837-9970-4CAC-AC41-8EBCA865A6DD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{8E939405-FFD9-4C2B-8B73-9DA05C983842}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{9ADA0941-A2B6-4080-BEA2-06AD087A09D7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{A46F6A4C-766C-47B9-873A-7363FEE5D697}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{A9B165E8-0CEB-49BC-B42B-335BB1E698B1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{AED2B5A3-05A6-4B36-90EB-7E0D2D624EC7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{B45C386A-EAF4-4A13-B848-E75BAD2BEA4F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{B9A7E98C-D4B1-4DB2-857C-24DE4C2362A9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{BB43C1F1-BADA-4031-A829-EE69A0665905}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{C3D072E0-5B2C-4696-8C19-6FCC7B89ED0A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{CC627BC9-8858-4627-869D-1069E765953D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{CDE97FF6-CFB9-4A23-84CB-82E86E277FAD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{CFFA4C5C-50EB-41CE-8803-A5C4D0374A5E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{D39829BE-FE3B-41AC-9045-4E72CA871495}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{D3A0506A-6090-471C-B4E1-D7C4E4E83143}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{D611FC87-7643-4573-8068-30862381CB99}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{EA099643-F6C1-47D5-9D22-1A02FBC14F8C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{EBE55EB4-12AB-495F-A11B-CF1DF406D63D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{EC6AFF38-D350-4005-B2B1-962D7EC78D4C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F1477E8F-55F2-410C-8690-678305E48A32}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F717DC70-BCF9-4FBE-8FB2-8C981AFF9A0C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "AVG" = AVG 2012
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "SynTPDeinstKey" = Synaptics TouchPad Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
    "{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}" = HP Documentation
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
    "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7A6B4340-7090-418F-8976-EE9650B35550}" = HP Connection Manager
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390 802.11b/g/n WiFi Adapter
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
    "{962CB079-85E6-405F-8704-1C62365AE46F}" = HP Software Framework
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
    "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D7670221-BF9B-4DFF-B26B-5BE55A87329F}" = HP On Screen Display
    "{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
    "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "DivX Setup" = DivX Setup
    "EasyBits Magic Desktop" = Magic Desktop
    "Google Chrome" = Google Chrome
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "VLC media player" = VLC media player 2.0.3
    "Wedding Dash" = Wedding Dash
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.01 (32-bit)
    "WT087328" = Blackhawk Striker 2
    "WT087330" = Bounce Symphony
    "WT087335" = Build-a-lot 2
    "WT087343" = Dora's World Adventure
    "WT087393" = Mah Jong Medley
    "WT087394" = Penguins!
    "WT087395" = Poker Superstars III
    "WT087396" = Polar Bowler
    "WT087397" = Polar Golfer
    "WT087415" = Wheel of Fortune 2
    "WT087536" = Diner Dash 2 Restaurant Rescue
    "WT089307" = Virtual Villagers 4 - The Tree of Life
    "WT089308" = Blasterball 3
    "WT089328" = Farm Frenzy
    "WT089359" = Cake Mania
    "WT089362" = Agatha Christie - Peril at End House
    "WT089453" = Bejeweled 2 Deluxe
    "WT089454" = Chuzzle Deluxe
    "WT089455" = Zuma Deluxe
    "WT089457" = Slingo Supreme
    "WT089458" = Plants vs. Zombies - Game of the Year
    "WT089470" = FATE - The Traitor Soul
    "WT089484" = Namco All-Stars PAC-MAN
    "WT089496" = Mystery P.I. - Stolen in San Francisco
    "WT089498" = Bejeweled 3

    ========== Last 20 Event Log Errors ==========

  3. #23

    Re: BOO/TDss.O found in master boot sectors

    Hi Starbuck,

    Okay I got the results for the Extra.txt below


    OTL Extras logfile created on: 8/7/2012 5:29:40 PM - Run 4
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\users\Kao\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.80 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 59.12% Memory free
    7.60 Gb Paging File | 5.86 Gb Available in Paging File | 77.09% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.21 Gb Total Space | 294.83 Gb Free Space | 65.34% Space Free | Partition Type: NTFS
    Drive D: | 14.25 Gb Total Space | 1.59 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
    Drive F: | 99.02 Mb Total Space | 84.88 Mb Free Space | 85.72% Space Free | Partition Type: FAT32

    Computer Name: KAO-HP | User Name: Kao | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- Reg Error: Key error. File not found
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
    "{326CDF79-24B0-497B-BF9A-FCBB37B53570}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{327AE822-E060-4E8F-B249-869C3DE15F60}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{361C0139-7A2E-4D6B-A5D6-2049C9FC390B}" = rport=138 | protocol=17 | dir=out | app=system |
    "{4FA86B51-A577-4446-9010-839920D41FBB}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{545625FE-AC1D-4727-B85F-155874E8B308}" = lport=139 | protocol=6 | dir=in | app=system |
    "{61AE50D4-2C68-4157-AAD5-941417CDD203}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{699A4D8E-1EC3-4ACC-A20F-B79881C0578D}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{6C5BEA08-3478-48B9-812D-7547B59D1BEF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6CB82E1F-FAD0-47CA-9292-D9D448383EAF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
    "{6D4590E9-55ED-465B-99B7-27DE04D43ED3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6F3CC1D0-F492-4B6E-8945-55DFDBA6AB2D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{78E0D2C6-1FB7-4CCA-9D73-16B051B8261D}" = lport=138 | protocol=17 | dir=in | app=system |
    "{81E20EDE-42EC-4F99-AD57-A2E56341A621}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{8CCE65A7-8F61-45C0-84E8-3425DA0806C2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8DD6B935-2EDB-4E37-98C2-D117EC08B72D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{9D153FD2-71BD-42CA-A499-A1E94E870CC4}" = rport=139 | protocol=6 | dir=out | app=system |
    "{9FF697FF-7F8A-417C-93A7-D23E8467C671}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A6814156-463D-4D4C-8A01-6255CE0FAC3D}" = rport=445 | protocol=6 | dir=out | app=system |
    "{AFD83517-4370-41B1-8C2C-FA62F30F13DE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B2D06B92-C960-4A1E-8E21-77C8910A9AD5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BD2FC9F7-4B96-4DAF-8DF5-D91D858B1E00}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{BF5B16CA-585C-4F1E-89D4-D4E4D7DC60F3}" = lport=445 | protocol=6 | dir=in | app=system |
    "{C2946722-E20A-4FC5-A462-6748B735F1A4}" = rport=137 | protocol=17 | dir=out | app=system |
    "{DACD8F69-1ED3-4740-814D-58A4A10697E5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{F7A39A63-46E5-407D-A78C-B59C11973F16}" = lport=137 | protocol=17 | dir=in | app=system |
    "{FC80EEE8-23DD-4421-9550-E80DB800DF0D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
    "{01D60516-9EFA-44FB-9673-721BE18447C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{06CC0962-6917-4B93-836A-8876BBB2C162}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{0997CB61-9E90-48CF-B710-18FCD8BEC437}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{1254D040-E5EA-4F8A-AE54-FE281921D8CA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{1B207559-37A9-4F07-86BD-5C2E37F44040}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{1B9B878B-5577-4D31-B636-6424F60DF6A4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{1E3AD11B-B2B4-4C4F-8488-14FE474B1725}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
    "{1FC7F9FA-9792-43E6-BB93-1E8BF64FEA83}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{22850866-D8B3-4B57-926B-3BE94B9DEBE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{2E9B4ADC-8FB7-4F31-BC54-2132D6747D33}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{3B3168DF-CEDB-4DC3-B9C7-90EF213A7E3A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{4319AB08-8409-4298-B909-B671451F32B9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{4423DF39-57C7-459B-97BD-E1530C664260}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{55B7C89A-8AF6-4069-A32A-C3222C817D85}" = protocol=6 | dir=out | app=system |
    "{55CA8857-8DB7-4A17-A1D1-951255A6BF4F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{55DB39EC-1D4E-4B87-AB31-4118C7EAB9EC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{5E33603A-49C9-4250-B678-813A1CB7A6BD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{5F92645F-42FF-407F-8657-B200C87D79F1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{639A4381-449B-490A-913C-D026B2BD3777}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{6D51B338-A4E7-4C1A-90C3-37840A9CA156}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{72DE4676-FE82-4790-A05C-FA68D0547599}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{794FE3F3-D97C-4A29-9466-8D52BA223D39}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{79994AE9-F502-4088-944D-F2578FD2A20E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8583DC91-121D-49F1-A737-7A7AC9E7E347}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{865DC5EB-719E-4F1A-B9EF-6C667783FE7D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{8C3B9837-9970-4CAC-AC41-8EBCA865A6DD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{8E939405-FFD9-4C2B-8B73-9DA05C983842}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{9ADA0941-A2B6-4080-BEA2-06AD087A09D7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{A46F6A4C-766C-47B9-873A-7363FEE5D697}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{A9B165E8-0CEB-49BC-B42B-335BB1E698B1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{AED2B5A3-05A6-4B36-90EB-7E0D2D624EC7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{B45C386A-EAF4-4A13-B848-E75BAD2BEA4F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{B9A7E98C-D4B1-4DB2-857C-24DE4C2362A9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{BB43C1F1-BADA-4031-A829-EE69A0665905}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{C3D072E0-5B2C-4696-8C19-6FCC7B89ED0A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{CC627BC9-8858-4627-869D-1069E765953D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{CDE97FF6-CFB9-4A23-84CB-82E86E277FAD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{CFFA4C5C-50EB-41CE-8803-A5C4D0374A5E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{D39829BE-FE3B-41AC-9045-4E72CA871495}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{D3A0506A-6090-471C-B4E1-D7C4E4E83143}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{D611FC87-7643-4573-8068-30862381CB99}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{EA099643-F6C1-47D5-9D22-1A02FBC14F8C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{EBE55EB4-12AB-495F-A11B-CF1DF406D63D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{EC6AFF38-D350-4005-B2B1-962D7EC78D4C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F1477E8F-55F2-410C-8690-678305E48A32}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F717DC70-BCF9-4FBE-8FB2-8C981AFF9A0C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "AVG" = AVG 2012
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "SynTPDeinstKey" = Synaptics TouchPad Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
    "{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}" = HP Documentation
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
    "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7A6B4340-7090-418F-8976-EE9650B35550}" = HP Connection Manager
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390 802.11b/g/n WiFi Adapter
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
    "{962CB079-85E6-405F-8704-1C62365AE46F}" = HP Software Framework
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
    "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D7670221-BF9B-4DFF-B26B-5BE55A87329F}" = HP On Screen Display
    "{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
    "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "DivX Setup" = DivX Setup
    "EasyBits Magic Desktop" = Magic Desktop
    "Google Chrome" = Google Chrome
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "VLC media player" = VLC media player 2.0.3
    "Wedding Dash" = Wedding Dash
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.01 (32-bit)
    "WT087328" = Blackhawk Striker 2
    "WT087330" = Bounce Symphony
    "WT087335" = Build-a-lot 2
    "WT087343" = Dora's World Adventure
    "WT087393" = Mah Jong Medley
    "WT087394" = Penguins!
    "WT087395" = Poker Superstars III
    "WT087396" = Polar Bowler
    "WT087397" = Polar Golfer
    "WT087415" = Wheel of Fortune 2
    "WT087536" = Diner Dash 2 Restaurant Rescue
    "WT089307" = Virtual Villagers 4 - The Tree of Life
    "WT089308" = Blasterball 3
    "WT089328" = Farm Frenzy
    "WT089359" = Cake Mania
    "WT089362" = Agatha Christie - Peril at End House
    "WT089453" = Bejeweled 2 Deluxe
    "WT089454" = Chuzzle Deluxe
    "WT089455" = Zuma Deluxe
    "WT089457" = Slingo Supreme
    "WT089458" = Plants vs. Zombies - Game of the Year
    "WT089470" = FATE - The Traitor Soul
    "WT089484" = Namco All-Stars PAC-MAN
    "WT089496" = Mystery P.I. - Stolen in San Francisco
    "WT089498" = Bejeweled 3

    ========== Last 20 Event Log Errors ==========

  4. #24

    Re: BOO/TDss.O found in master boot sectors

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/27/2012 1:55:33 AM | Computer Name = Kao-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 6/27/2012 1:55:33 AM | Computer Name = Kao-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 2028

    Error - 6/27/2012 1:55:33 AM | Computer Name = Kao-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2028

    Error - 6/27/2012 1:55:34 AM | Computer Name = Kao-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 6/27/2012 1:55:34 AM | Computer Name = Kao-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 3089

    Error - 6/27/2012 1:55:34 AM | Computer Name = Kao-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 3089

    Error - 6/27/2012 1:55:35 AM | Computer Name = Kao-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 6/27/2012 1:55:35 AM | Computer Name = Kao-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4103

    Error - 6/27/2012 1:55:35 AM | Computer Name = Kao-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4103

    Error - 6/27/2012 3:18:43 AM | Computer Name = Kao-HP | Source = WinMgmt | ID = 10
    Description =

    [ Hewlett-Packard Events ]
    Error - 3/1/2012 12:54:32 AM | Computer Name = Kao-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/2/2012 10:33:10 PM | Computer Name = Kao-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/2/2012 10:35:39 PM | Computer Name = Kao-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/17/2012 12:36:30 AM | Computer Name = Kao-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/17/2012 12:44:16 AM | Computer Name = Kao-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/24/2012 8:07:52 PM | Computer Name = Kao-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/24/2012 8:12:49 PM | Computer Name = Kao-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 6/13/2012 11:38:28 PM | Computer Name = Kao-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 6/13/2012 11:41:04 PM | Computer Name = Kao-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/25/2012 9:01:07 PM | Computer Name = Kao-HP | Source = HPSF.exe | ID = 4000
    Description =

    [ HP Connection Manager Events ]
    Error - 8/3/2012 11:33:21 PM | Computer Name = Kao-HP | Source = hpCMSrv | ID = 5
    Description = 2012/08/03 20:33:21.999|00000F28|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthC hanged
    failed [hr:0x800706BA]

    Error - 8/3/2012 11:33:26 PM | Computer Name = Kao-HP | Source = hpCMSrv | ID = 5
    Description = 2012/08/03 20:33:26.008|00000F28|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthC hanged
    failed [hr:0x800706BA]

    Error - 8/3/2012 11:33:27 PM | Computer Name = Kao-HP | Source = hpCMSrv | ID = 5
    Description = 2012/08/03 20:33:27.999|00000F28|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthC hanged
    failed [hr:0x800706BA]

    Error - 8/3/2012 11:33:30 PM | Computer Name = Kao-HP | Source = hpCMSrv | ID = 5
    Description = 2012/08/03 20:33:30.011|00000F28|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthC hanged
    failed [hr:0x800706BA]

    Error - 8/3/2012 11:51:01 PM | Computer Name = Kao-HP | Source = hpCMSrv | ID = 5
    Description = 2012/08/03 20:51:01.428|00000650|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthC hanged
    failed [hr:0x800706BA]

    Error - 8/3/2012 11:51:14 PM | Computer Name = Kao-HP | Source = hpCMSrv | ID = 5
    Description = 2012/08/03 20:51:14.777|00000650|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthC hanged
    failed [hr:0x800706BA]

    Error - 8/4/2012 12:21:59 AM | Computer Name = Kao-HP | Source = hpCMSrv | ID = 5
    Description = 2012/08/03 21:21:59.821|000013E4|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthC hanged
    failed [hr:0x800706BA]

    Error - 8/4/2012 12:22:01 AM | Computer Name = Kao-HP | Source = hpCMSrv | ID = 5
    Description = 2012/08/03 21:22:01.833|000013E4|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthC hanged
    failed [hr:0x800706BA]

    Error - 8/4/2012 12:22:13 AM | Computer Name = Kao-HP | Source = hpCMSrv | ID = 5
    Description = 2012/08/03 21:22:13.824|000013E4|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthC hanged
    failed [hr:0x800706BA]

    Error - 8/4/2012 12:22:14 AM | Computer Name = Kao-HP | Source = hpCMSrv | ID = 5
    Description = 2012/08/03 21:22:14.261|000013E4|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthC hanged
    failed [hr:0x800706BA]

    [ HP Software Framework Events ]
    Error - 5/11/2012 2:14:19 PM | Computer Name = Kao-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/11 11:14:19.920|00001218|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/12/2012 12:33:49 PM | Computer Name = Kao-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/12 09:33:49.332|00000C10|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/12/2012 2:06:58 PM | Computer Name = Kao-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/12 11:06:58.967|000013B4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/12/2012 4:52:39 PM | Computer Name = Kao-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/12 13:52:39.189|000000BC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/13/2012 12:39:19 PM | Computer Name = Kao-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/13 09:39:19.150|00000BD4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/14/2012 1:08:01 PM | Computer Name = Kao-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/14 10:08:01.655|00000FD0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/14/2012 10:51:41 PM | Computer Name = Kao-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/14 19:51:41.794|00001084|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/15/2012 7:48:07 PM | Computer Name = Kao-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/15 16:48:07.391|00000428|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/16/2012 7:46:47 PM | Computer Name = Kao-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/16 16:46:47.588|00000B20|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/16/2012 8:23:54 PM | Computer Name = Kao-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/16 17:23:54.172|0000167C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    [ System Events ]
    Error - 8/7/2012 8:22:57 PM | Computer Name = Kao-HP | Source = Service Control Manager | ID = 7000
    Description = The IconMan_R service failed to start due to the following error:
    %%2

    Error - 8/7/2012 8:22:57 PM | Computer Name = Kao-HP | Source = Service Control Manager | ID = 7000
    Description = The RoxioNow Service service failed to start due to the following
    error: %%2

    Error - 8/7/2012 8:25:08 PM | Computer Name = Kao-HP | Source = Service Control Manager | ID = 7000
    Description = The Google Update Service (gupdate) service failed to start due to
    the following error: %%2

    Error - 8/7/2012 8:25:08 PM | Computer Name = Kao-HP | Source = Service Control Manager | ID = 7000
    Description = The HP Support Assistant Service service failed to start due to the
    following error: %%2

    Error - 8/7/2012 8:25:08 PM | Computer Name = Kao-HP | Source = Service Control Manager | ID = 7000
    Description = The Intel(R) Rapid Storage Technology service failed to start due
    to the following error: %%2

    Error - 8/7/2012 8:25:08 PM | Computer Name = Kao-HP | Source = Service Control Manager | ID = 7000
    Description = The Intel(R) Management and Security Application Local Management
    Service service failed to start due to the following error: %%2

    Error - 8/7/2012 8:25:08 PM | Computer Name = Kao-HP | Source = Service Control Manager | ID = 7000
    Description = The MBAMProtector service failed to start due to the following error:
    %%2

    Error - 8/7/2012 8:25:08 PM | Computer Name = Kao-HP | Source = Service Control Manager | ID = 7001
    Description = The MBAMService service depends on the MBAMProtector service which
    failed to start because of the following error: %%2

    Error - 8/7/2012 8:25:11 PM | Computer Name = Kao-HP | Source = Service Control Manager | ID = 7000
    Description = The Intel(R) Management and Security Application Local Management
    Service service failed to start due to the following error: %%2

    Error - 8/7/2012 8:25:11 PM | Computer Name = Kao-HP | Source = Service Control Manager | ID = 7001
    Description = The Intel(R) Management & Security Application User Notification Service
    service depends on the Intel(R) Management and Security Application Local Management
    Service service which failed to start because of the following error: %%2


    < End of report >

  5. #25

    Re: BOO/TDss.O found in master boot sectors

    Here's the results for the other scan:


    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa2860 6-de77-4029-af96-b231e3b8f827}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa2860 6-de77-4029-af96-b231e3b8f827}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa2860 6-de77-4029-af96-b231e3b8f827}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED5 8-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DF081 C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768 D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497B B-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D46 4-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED5 8-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7 F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC8004 4-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B 1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B 1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7 F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7 F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\\Adobe ARM deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\\APSDaemon deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\\DivXUpdate deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\\Easybits Recovery deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\\HP Quick Launch deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\\HPConnectionManager deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\\HPOSD deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\\IAStorIcon deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\\iTunesHelper deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\\Malwarebytes' Anti-Malware deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\\QuickTime Task deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\\SunJavaUpdateSched deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{219C341 6-8CB2-491a-A3C7-D9FCDDC9D600}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{219C341 6-8CB2-491a-A3C7-D9FCDDC9D600}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A95fe080-8f5d-11d2-a20b-00aa003c157a}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A95fe08 0-8f5d-11d2-a20b-00aa003c157a}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A95fe080-8f5d-11d2-a20b-00aa003c157a}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A95fe08 0-8f5d-11d2-a20b-00aa003c157a}\ not found.
    ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\users\Kao\Downloads\cmd.bat deleted successfully.
    C:\users\Kao\Downloads\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56475 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Kao
    ->Temp folder emptied: 471574 bytes
    ->Temporary Internet Files folder emptied: 91148822 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 598155924 bytes
    ->Google Chrome cache emptied: 71846925 bytes
    ->Flash cache emptied: 1356 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 38124 bytes
    %systemroot%\sysnative\config\systemprofile\AppDat a\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 769612 bytes

    Total Files Cleaned = 727.00 mb


    OTL by OldTimer - Version 3.2.56.0 log created on 08072012_174859

    Files\Folders moved on Reboot...
    C:\Users\Kao\AppData\Local\Temp\FXSAPIDebugLogFile .txt moved successfully.

    PendingFileRenameOperations files...
    File C:\Users\Kao\AppData\Local\Temp\FXSAPIDebugLogFile .txt not found!

    Registry entries deleted on Reboot...

  6. #26
    Join Date
    Feb 2012
    Location
    Midlands.. UK
    Posts
    451

    Re: BOO/TDss.O found in master boot sectors

    Hi Bubbarama

    Thanks for the Extras.txt (It's easy when you know how )
    How's the system running?
    Any problems?

  7. #27

    Re: BOO/TDss.O found in master boot sectors

    Hi Starbucks,

    Yes thanks for the directions. I haven't had any problems but I've been hesitant to log onto my email and bank accounts. Should I be worried? It seemed like maybe AVG antivirus removed it? Please advise. Thanks.

  8. #28
    Join Date
    Feb 2012
    Location
    Midlands.. UK
    Posts
    451

    Re: BOO/TDss.O found in master boot sectors

    Hi Bubbarama

    Ok, let's do a double check on everything and make sure everything is ok then.

    I'd like you to do an ESET OnlineScan
    64Bit users, please see note at the bottom.

    You may find it beneficial to close your resident AV program before running the scan.

    It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
    To prevent this happening:
    When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

    Enable Anti-Stealth technology



    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on to download the ESET Smart Installer.
        Save it to your desktop.
      • Double click on the icon on your desktop.
    • Check
    • Click the button.
    • Accept any security warnings from your browser.
    • Check
    • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
    • Click the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push
    • Click , and save the file to your desktop using a unique name, such as ESETScan.
      Include the contents of this report in your next reply.
    • Click the button.
    • Click

    A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

    Note:
    As you are running a 64bit system:
    The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu.

  9. #29

    Re: BOO/TDss.O found in master boot sectors

    Here is the log for ESET:


    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=3865dd3c01c7a847b848cc1986310da6
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-08-10 03:07:36
    # local_time=2012-08-09 08:07:36 (-0800, Pacific Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=1024 16777215 100 0 0 0 0 0
    # compatibility_mode=5893 16776574 100 94 0 96102821 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=217477
    # found=1
    # cleaned=1
    # scan_time=8685
    C:\users\Kao\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120804213816549.rsc multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

  10. #30
    Join Date
    Feb 2012
    Location
    Midlands.. UK
    Posts
    451

    Re: BOO/TDss.O found in master boot sectors

    Hi Bubbarama

    Things look good now.
    Try the system for a day or two and if there's no problems we'll finish off the cleaning process.

    I've been hesitant to log onto my email and bank accounts. Should I be worried?
    You shouldn't have any problems now.

Bookmarks

Posting Permissions

  • You may post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts
  •