Solved: Missing Photos/Black Desktop/Phantom Users Too??

Missingphotoson7 · 01-Jan-2012, 02:06 AM #1

Ok a couple days ago webroot found a file identified as cmd.exe. Removed by clicking the quarantine/remove. I then downloaded superantispyware ran that. SAS found a couple more issues. Followed instructions deleted those. Ran Malwarebytes Found even still other issues. Removed them. Having run these programs in the past i followed all propmting for such instaces as restarting the pc. As the process was going on i began noticing that icons on the desktop were dissappearing, then all gone, then desktop background vanished. Now at this point i am MOST concerned with simply retrieving my photos and ensuring that my music is still on my external drive. so that i can do the lenovo one key recovery and start from scratch. when i enter the folders where my libraries are located all of them show as empty, i also have a folder that is labeled McX/Thehaupts/library.... In the sharing priveledges section i have a guest, which until now i had no selection for guest when i boot my pc...... Oh my Gosh...... i almost forgot ZERO of my restore points will actually function either..... so after all that heres the logs from HJT & DDS
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:35:25 AM, on 1/1/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files\Webroot\WRSA.exe
C:\Program Files (x86)\Quicken\bagent.exe
C:\Program Files (x86)\jmesoft\hotkey.exe
C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
C:\Program Files\Lenovo\Lenovo Brightness Adjustment Software\LenovoBrightnessAdjustment.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\The Haupts\Downloads\HijackThis (1).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BHO Project - {de4e75d3-60aa-4f02-a0e4-c8a40576574c} - (no file)
O4 - HKLM\..\Run: [jmekey] "C:\Program Files (x86)\jmesoft\hotkey.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [DisplayBrightness] "C:\Program Files\Lenovo\Lenovo Brightness Adjustment Software\LenovoBrightnessAdjustment.exe"
O4 - HKLM\..\Run: [SetDefaultSCR] "C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\The Haupts\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\PROGRA~2\QUICKEN\bagent.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab...i_4.1.72.0.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} (P3DActiveX Control) - http://panda-plugin.disney.go.com/pl...p3dactivex.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: OddSrv - Unknown owner - C:\Program Files (x86)\Wistron\OddSrv\OddSrv.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe
--
End of file - 10466 bytes

AND DDS

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by The Haupts at 0:38:24 on 2012-01-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3067.1302 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Webroot SecureAnywhere *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WRSA.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WRSA.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\Explorer.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Quicken\bagent.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\jmesoft\hotkey.exe
C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
C:\Program Files\Lenovo\Lenovo Brightness Adjustment Software\LenovoBrightnessAdjustment.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\windows\ehome\ehRecvr.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\taskeng.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\Windows\ehome\mcGlidHost.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\The Haupts\Downloads\HijackThis (1).exe
C:\windows\SysWow64\NOTEPAD.EXE
C:\windows\system32\sppsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.lenovo.com
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: {de4e75d3-60aa-4f02-a0e4-c8a40576574c} - No File
uRun: [Google Update] "C:\Users\The Haupts\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [QuickenScheduledUpdates] C:\PROGRA~2\QUICKEN\bagent.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [jmekey] "C:\Program Files (x86)\jmesoft\hotkey.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [DisplayBrightness] "C:\Program Files\Lenovo\Lenovo Brightness Adjustment Software\LenovoBrightnessAdjustment.exe"
mRun: [SetDefaultSCR] "C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{5C67A5A5-779F-4345-9336-E1787993074B} : DhcpNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{79A068B3-6F49-4AD8-97FD-0F983D0ECCAD} : DhcpNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{79A068B3-6F49-4AD8-97FD-0F983D0ECCAD}\C696E6B6379737 : DhcpNameServer = 208.59.247.45 208.59.247.46
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: {de4e75d3-60aa-4f02-a0e4-c8a40576574c} - No File
BHO-X64: BHO Project - No File
mRun-x64: [jmekey] "C:\Program Files (x86)\jmesoft\hotkey.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [DisplayBrightness] "C:\Program Files\Lenovo\Lenovo Brightness Adjustment Software\LenovoBrightnessAdjustment.exe"
mRun-x64: [SetDefaultSCR] "C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\windows\system32\DRIVERS\Lbd.sys --> C:\windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 WRkrn;WRkrn;C:\windows\system32\drivers\WRkrn.sys --> C:\windows\system32\drivers\WRkrn.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-4-13 8704]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-8-18 2152152]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2011-12-5 637208]
R3 AVerBDA6x_x64;AVerMedia SAA716x BDA Service;C:\windows\system32\DRIVERS\AVerBDA716x_x64.sys --> C:\windows\system32\DRIVERS\AVerBDA716x_x64.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\windows\system32\drivers\btusbflt.sys --> C:\windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
R3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-9-28 17152]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:\windows\system32\DRIVERS\NETw5s64.sys [?]
R3 VMC412;Vimicro Camera Service VMC412;C:\windows\system32\Drivers\VMC412.sys --> C:\windows\system32\Drivers\VMC412.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 OddSrv;OddSrv;C:\Program Files (x86)\Wistron\OddSrv\OddSrv.exe --> C:\Program Files (x86)\Wistron\OddSrv\OddSrv.exe [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\netw5v64.sys --> C:\windows\system32\DRIVERS\netw5v64.sys [?]
S3 PQAWRwa;PQAWRwa;C:\Program Files (x86)\Wistron\OddSrv\PQAWDrv.sys [2009-11-15 12384]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\windows\system32\DRIVERS\Rtnic64.sys --> C:\windows\system32\DRIVERS\Rtnic64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSVD;WSVD;\??\C:\windows\system32\drivers\WSVD.sys --> C:\windows\system32\drivers\WSVD.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-01-01 03:32:36 0 ----a-w- C:\windows\System32\OLD5AB.tmp
2011-12-31 07:10:04 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E427BCCD-C895-4B4F-A5F0-3A2AD4B79BC2}\offreg.dll
2011-12-31 01:45:02 -------- d-----w- C:\ProgramData\SecTaskMan
2011-12-31 01:44:58 -------- d-----w- C:\Program Files (x86)\Security Task Manager
2011-12-30 09:00:42 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E427BCCD-C895-4B4F-A5F0-3A2AD4B79BC2}\mpengine.dll
2011-12-30 05:40:13 -------- d--h--w- C:\Lenovo
2011-12-30 04:43:38 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-12-30 04:43:33 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-12-30 04:43:33 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-12-30 04:43:18 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-12-30 04:42:01 0 ----a-w- C:\windows\System32\SETAEDA.tmp
2011-12-30 04:41:22 -------- d-----w- C:\Program Files\ATI Technologies
2011-12-30 04:40:38 -------- d-----w- C:\ATI
2011-12-30 04:39:21 -------- d-----w- C:\AMD
2011-12-29 03:04:32 -------- d-----w- C:\Users\The Haupts\AppData\Roaming\SUPERAntiSpyware.com
2011-12-29 03:04:12 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-29 03:04:12 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-12-27 14:14:43 -------- d--h--w- C:\Users\The Haupts\AppData\Roaming\Braid
2011-12-27 14:13:57 3851784 ----a-w- C:\windows\SysWow64\D3DX9_39.dll
2011-12-25 13:12:04 -------- d-----w- C:\Program Files (x86)\Moon Tycoon
2011-12-18 13:44:11 -------- d--h--w- C:\Users\The Haupts\AppData\Roaming\Catalina Marketing Corp
2011-12-18 13:44:04 485576 ---ha-w- C:\Users\The Haupts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2011-12-13 18:17:08 43520 ----a-w- C:\windows\System32\csrsrv.dll
2011-12-13 18:16:41 3145216 ----a-w- C:\windows\System32\win32k.sys
2011-12-13 18:16:13 723456 ----a-w- C:\windows\System32\EncDec.dll
2011-12-13 18:16:13 534528 ----a-w- C:\windows\SysWow64\EncDec.dll
2011-12-13 18:15:51 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-12-13 18:15:51 2048 ----a-w- C:\windows\System32\tzres.dll
2011-12-06 01:54:23 91832 ----a-w- C:\windows\System32\WRusr.dll
2011-12-06 01:54:23 141272 ----a-w- C:\windows\SysWow64\WRusr.dll
2011-12-06 01:54:22 108896 ----a-w- C:\windows\System32\drivers\WRkrn.sys
2011-12-06 01:54:17 -------- d-----w- C:\Program Files\Webroot
2011-12-06 01:54:06 -------- d--h--w- C:\ProgramData\WRData
2011-12-06 01:50:34 -------- d--h--w- C:\Users\The Haupts\AppData\Roaming\Ticosu
2011-12-06 01:50:34 -------- d--h--w- C:\Users\The Haupts\AppData\Roaming\Bilyi
.
==================== Find3M ====================
.
2011-12-15 16:59:19 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 20:24:08 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-11-10 03:39:50 69632 ----a-w- C:\windows\System32\OpenVideo64.dll
2011-11-10 03:39:44 59904 ----a-w- C:\windows\SysWow64\OpenVideo.dll
2011-11-10 03:39:36 61952 ----a-w- C:\windows\System32\OVDecode64.dll
2011-11-10 03:39:32 54784 ----a-w- C:\windows\SysWow64\OVDecode.dll
2011-11-10 03:39:22 17442304 ----a-w- C:\windows\System32\amdocl64.dll
2011-11-10 03:38:40 14375936 ----a-w- C:\windows\SysWow64\amdocl.dll
2011-11-10 03:37:50 51200 ----a-w- C:\windows\System32\OpenCL.dll
2011-11-10 03:37:46 44032 ----a-w- C:\windows\SysWow64\OpenCL.dll
2011-11-10 03:17:10 159744 ----a-w- C:\windows\System32\atiapfxx.exe
2011-11-10 02:40:52 1113088 ----a-w- C:\windows\System32\atiumd6v.dll
2011-11-10 02:40:04 4061696 ----a-w- C:\windows\System32\SETAE7C.tmp
2011-11-10 02:13:08 17408 ----a-w- C:\windows\System32\atig6pxx.dll
2011-11-10 02:13:00 39936 ----a-w- C:\windows\System32\atig6txx.dll
2011-11-10 02:12:44 325632 ----a-w- C:\windows\System32\drivers\atikmpag.sys
2011-11-10 02:11:54 41984 ----a-w- C:\windows\System32\atiuxp64.dll
2011-11-10 02:11:40 39424 ----a-w- C:\windows\System32\atiu9p64.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-10-22 01:16:12 1843200 ----a-w- C:\windows\SysWow64\SlotMaximizerBe.dll
2011-10-22 01:15:46 104448 ----a-w- C:\windows\SysWow64\SlotMaximizerAg.dll
2011-10-22 01:12:32 2763264 ----a-w- C:\windows\System32\SlotMaximizerBe.dll
2011-10-22 01:07:42 125440 ----a-w- C:\windows\System32\SlotMaximizerAg.dll
.
============= FINISH: 0:39:35.71 ===============
Thank You All for Any Help In Advance.

Missingphotoson7 · 01-Jan-2012, 03:56 PM #2

Bump.

**eddie5659** · 01-Jan-2012, 04:11 PM #3

Hiya and welcome to Tech Support Guy

Whilst I go thru the above logs, can you post the log for MBAM. If you open the program, click on the Logs tab, select the log, and Open it, copy/paste the details here

eddie

**eddie5659** · 01-Jan-2012, 04:51 PM #4

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! As you download it rename it to Missingphotoson7.exe and save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Remember to re-enable the protection again afterwards before connecting to the Internet.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

eddie

Missingphotoson7 · 01-Jan-2012, 11:16 PM #5

heres the log from mbam associated with the day i knew about the problem. i have later ones if you would like those as well. Thank You Sir.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2011.12.29.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
The Haupts :: THEHAUPTS-PC [administrator]
12/28/2011 8:40:34 PM
mbam-log-2011-12-28 (20-40-34).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 441795
Time elapsed: 1 hour(s), 19 minute(s), 15 second(s)
Memory Processes Detected: 1
C:\ProgramData\YwAYWnYwRqKS.exe (Rogue.FakeHDD) -> 1392 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|YwAYWnYwRqKS.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\YwAYWnYwRqKS.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|winupd (Trojan.Agent) -> Data: C:\Users\THEHAU~1\AppData\Local\Temp:winupd.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_Show MyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_Show Search (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\ProgramData\YwAYWnYwRqKS.exe (Rogue.FakeHDD) -> Delete on reboot.
C:\Users\The Haupts\AppData\Local\Temp\PvAnqzBZG8ySuI.exe.tmp (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\Users\The Haupts\AppData\Local\Temp\fsdfdsf0.6031395027337553.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
c:\users\the haupts\appdata\local\temp:winupd.exe (Trojan.Agent) -> Delete on reboot.
(end)

Missingphotoson7 · 02-Jan-2012, 12:06 AM #6

And after combofix i seem to have my desktop icons etc back where they were.... im almost giddy. No actuall i AM giddy. it appears that this is working.
heres the log you asked for.

!!!!!! Thank You So Very Much For All Your Help Eddie!!!!

ComboFix 12-01-01.06 - The Haupts 01/01/2012 22:25:17.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3067.1775 [GMT -5:00]
Running from: c:\users\The Haupts\Desktop\Missingphotoson7.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Webroot SecureAnywhere *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Webroot SecureAnywhere *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\getdislike
c:\program files (x86)\getdislike\ie\getdislike.dll
c:\users\The Haupts\3232.jpg
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))))
.
.
2012-01-02 03:37 . 2012-01-02 03:37 -------- d-----w- c:\users\Mcx2-THEHAUPTS-PC\AppData\Local\temp
2012-01-02 03:37 . 2012-01-02 03:37 -------- d-----w- c:\users\Mcx1-THEHAUPTS-PC\AppData\Local\temp
2012-01-02 03:37 . 2012-01-02 03:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-01 19:25 . 2012-01-01 19:25 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-01-01 03:32 . 2012-01-01 03:32 0 ----a-w- c:\windows\system32\OLD5AB.tmp
2012-01-01 03:32 . 2012-01-01 03:32 -------- d-----w- c:\windows\LastGood
2011-12-31 07:10 . 2011-12-31 08:32 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E427BCCD-C895-4B4F-A5F0-3A2AD4B79BC2}\offreg.dll
2011-12-31 01:45 . 2011-12-31 07:05 -------- d-----w- c:\programdata\SecTaskMan
2011-12-31 01:44 . 2011-12-31 07:05 -------- d-----w- c:\program files (x86)\Security Task Manager
2011-12-30 09:00 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E427BCCD-C895-4B4F-A5F0-3A2AD4B79BC2}\mpengine.dll
2011-12-30 08:01 . 2011-12-30 08:01 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-12-30 05:40 . 2011-12-30 05:40 -------- d-----w- C:\Lenovo
2011-12-30 04:44 . 2011-12-30 04:44 -------- d-----w- c:\programdata\ATI
2011-12-30 04:43 . 2011-12-30 04:43 -------- d-----w- c:\program files (x86)\AMD APP
2011-12-30 04:43 . 2011-12-30 04:43 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-12-30 04:43 . 2011-12-30 04:43 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-12-30 04:43 . 2011-12-30 04:53 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-12-30 04:42 . 2011-12-30 04:42 0 ----a-w- c:\windows\system32\SETAEDA.tmp
2011-12-30 04:41 . 2011-12-30 04:43 -------- d-----w- c:\program files\ATI Technologies
2011-12-30 04:40 . 2011-12-30 04:40 -------- d-----w- C:\ATI
2011-12-30 04:39 . 2011-12-31 07:05 -------- d-----w- C:\AMD
2011-12-29 03:04 . 2011-12-29 03:04 -------- d-----w- c:\users\The Haupts\AppData\Roaming\SUPERAntiSpyware.com
2011-12-29 03:04 . 2011-12-31 07:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-29 03:04 . 2011-12-29 03:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-27 14:14 . 2011-12-27 14:15 -------- d--h--w- c:\users\The Haupts\AppData\Roaming\Braid
2011-12-27 14:13 . 2008-07-12 13:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-12-25 13:12 . 2011-12-25 13:12 -------- d-----w- c:\program files (x86)\Moon Tycoon
2011-12-18 13:44 . 2011-12-31 07:04 -------- d--h--w- c:\users\The Haupts\AppData\Roaming\Catalina Marketing Corp
2011-12-18 13:44 . 2011-12-18 13:43 485576 ---ha-w- c:\users\The Haupts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2011-12-13 18:17 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-13 18:16 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-13 18:16 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-13 18:16 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-13 18:15 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-13 18:15 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-06 01:54 . 2011-12-15 15:37 91832 ----a-w- c:\windows\system32\WRusr.dll
2011-12-06 01:54 . 2011-12-15 15:37 141272 ----a-w- c:\windows\SysWow64\WRusr.dll
2011-12-06 01:54 . 2011-12-15 15:37 108896 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2011-12-06 01:54 . 2011-12-31 07:05 -------- d-----w- c:\program files\Webroot
2011-12-06 01:54 . 2012-01-01 08:46 -------- d--h--w- c:\programdata\WRData
2011-12-06 01:50 . 2011-12-08 04:07 -------- d--h--w- c:\users\The Haupts\AppData\Roaming\Ticosu
2011-12-06 01:50 . 2011-12-08 03:55 -------- d--h--w- c:\users\The Haupts\AppData\Roaming\Bilyi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-01 19:27 . 2011-06-23 04:05 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-14 18:01 . 2010-02-27 18:21 539984 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-10 20:24 . 2010-05-31 14:31 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 18:11 . 2010-01-01 03:40 539984 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2011-11-20 06:54 . 2010-01-29 18:36 737072 ---ha-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-11-20 06:54 . 2010-05-19 18:53 4283672 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-11-20 06:53 . 2010-05-19 18:52 42776 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-11-10 03:39 . 2011-11-10 03:39 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-11-10 03:39 . 2011-11-10 03:39 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-11-10 03:39 . 2011-11-10 03:39 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-11-10 03:39 . 2011-11-10 03:39 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-11-10 03:39 . 2011-11-10 03:39 17442304 ----a-w- c:\windows\system32\amdocl64.dll
2011-11-10 03:38 . 2011-11-10 03:38 14375936 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-11-10 03:37 . 2011-11-10 03:37 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-11-10 03:37 . 2011-11-10 03:37 44032 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-11-10 03:17 . 2011-11-10 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-11-10 02:40 . 2011-11-10 02:40 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-11-10 02:40 . 2011-11-10 02:40 4061696 ----a-w- c:\windows\system32\SETAE7C.tmp
2011-11-10 02:13 . 2011-11-10 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-11-10 02:12 . 2011-11-10 02:12 325632 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-11-10 02:11 . 2011-11-10 02:11 41984 ----a-w- c:\windows\system32\atiuxp64.dll
2011-11-10 02:11 . 2011-11-10 02:11 39424 ----a-w- c:\windows\system32\atiu9p64.dll
2011-10-22 01:16 . 2011-10-22 01:16 1843200 ----a-w- c:\windows\SysWow64\SlotMaximizerBe.dll
2011-10-22 01:15 . 2011-10-22 01:15 104448 ----a-w- c:\windows\SysWow64\SlotMaximizerAg.dll
2011-10-22 01:12 . 2011-10-22 01:12 2763264 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-10-22 01:07 . 2011-10-22 01:07 125440 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-10-18 06:29 . 2010-01-01 03:41 737072 ---ha-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microso ft.MediaCenter.Sports.UI.dll
2011-10-18 06:29 . 2010-01-01 03:41 4283672 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup .dll
2011-10-18 06:28 . 2010-06-02 18:59 42776 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickenScheduledUpdates"="c:\progra~2\QUICKEN\bagent.exe" [2011-03-10 77656]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-29 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"jmekey"="c:\program files (x86)\jmesoft\hotkey.exe" [2009-01-02 225280]
"CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"DisplayBrightness"="c:\program files\Lenovo\Lenovo Brightness Adjustment Software\LenovoBrightnessAdjustment.exe" [2009-06-17 561152]
"SetDefaultSCR"="c:\program files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe" [2009-07-25 102400]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2011-12-15 637208]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explo rer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\expl orer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-27 2152152]
R2 OddSrv;OddSrv;c:\program files (x86)\Wistron\OddSrv\OddSrv.exe [x]
R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2011-12-15 637208]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 PQAWRwa;PQAWRwa;c:\program files (x86)\Wistron\OddSrv\PQAWDrv.sys [2008-02-29 12384]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-12-02 8704]
S3 AVerBDA6x_x64;AVerMedia SAA716x BDA Service;c:\windows\system32\DRIVERS\AVerBDA716x_x64.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-09-29 17152]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 VMC412;Vimicro Camera Service VMC412;c:\windows\system32\Drivers\VMC412.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-403314768-3812790126-486052709-1001Core.job
- c:\users\The Haupts\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-19 00:01]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-403314768-3812790126-486052709-1001UA.job
- c:\users\The Haupts\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-19 00:01]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-02 7834656]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-02 1833504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{de4e75d3-60aa-4f02-a0e4-c8a40576574c} - (no file)
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-Unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5} - c:\windows\test.bat
AddRemove-BFG-Plants vs. Zombies - c:\program files (x86)\Plants vs. Zombies\Uninstall.exe
AddRemove-RealPlayer 12.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:50,c9,ad,28,22,41,cc,01
.
[HKEY_USERS\S-1-5-21-403314768-3812790126-486052709-1001\Software\SecuROM\License information*]
"datasecu"=hex:d0,f5,e0,8b,ae,31,c5,25,cf,56,5a,24,bc,4e,f3,41,04,cb,bc,4a, 2a,
1f,0d,e1,5f,5c,e9,12,a9,54,f9,3a,ca,45,0c,68,40,d0,45,6b,b0,75,b8,cf,8a,d2, \
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_Ac tiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-01 22:57:28
ComboFix-quarantined-files.txt 2012-01-02 03:57
.
Pre-Run: 46,285,176,832 bytes free
Post-Run: 49,749,000,192 bytes free
.
- - End Of File - - 39C286E18E02270685B286122FD570CA

**eddie5659** · 02-Jan-2012, 12:26 PM #7

Glad to hear the desktop is back, but we still have more to do, to make sure its all clean

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

eddie

Missingphotoson7 · 12:31 AM

Hi Eddie, Thanks for all the advice..... I cannot for some reason download the otl program. All i get is the pop prompt on the lower center of the screen, i click save and it says file could not be downloaded. i went to oldtimergeekstogo directly and couldnt open any of the four links they have listed, nor from majorgeeks.It does seem to load after i click view downloads, click retry, then it says publisher couldnt be verified. when i click open it gives me the option to open with internet explorer shortcut shell extension, i click open and get to window 2 that says otl.exe do you want to open? click open and come to the same open with propt as 2 windows before but nothing happens otherwise. Do i need to disable something? Select some other way to open? Im missing something here. As soon as i can get it to run i will post the scan results> Thank You.

Missingphotoson7 · 03-Jan-2012, 12:44 AM #9

Ok i think i found my problem... i opened it in notepad and other than gobeldygoop it said this should be run under win32... i have win 7-64bit. is there a way for me to run this? Thank You Again.

**eddie5659** · 03-Jan-2012, 05:24 PM **#10**

That's strange, as OTL runs on 64bit.

Ah, you say it doesn't say which file to open with. Can you try this:

Please download exeHelper to your desktop.
If your AV program throws up a warning about the program, ignore the warning. Some AV's flag this program because of how it works... that's all.

Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt ( Will be created in the directory where you ran exeHelper.com and should open at the end of the scan)

Note : If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together ( they will both be in the one file ).

In your next reply, please submit:

exehelperlog.txt

eddie

Missingphotoson7 · 03-Jan-2012, 10:22 PM **#11**

That gave me the same endless loop of not knowing which program to open the file with. I havnt re-started my machine yet, should i wait or restart. Both of the files i was given show up on the desktop but neither seems to want to open to run. Am i missing a program which would(normally) allow me to open files such as these? I did try turning off all AV prograims without any additional forward progress.
Thank You Eddie for all the help.

**eddie5659** · 04-Jan-2012, 03:25 AM **#12**

Just dashing to work in 10mins, but can you open other programs, say Office and your antivirus?

If so, we'll look at the fact that the malware may be blocking the filenames themselves. I'll reply tonight

Missingphotoson7 · 04-Jan-2012, 09:01 PM **#13**

Good evening Eddie,
Yes i can open office as well as all three Av programs which are installed on my computer, i have restarted the computer due to a short time outage today. Both of the files that are in question show up as otl_exe and exeHelper_com No periods in th name as they show on the desktop. Is this normal? Am i grasping at straws? I have tried to go onto youtube and cant watch/hear video if that makes any difference.

Missingphotoson7 · 04-Jan-2012, 09:12 PM **#14**

Ok, after the re start i went up and re-downloaded the files you asked me to and VOILA! they both downloaded and ran without issue. THANK YOU<THANK YOU Eddie. Here are the scan results from both.
OTL
OTL logfile created on: 1/4/2012 8:04:30 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\The Haupts\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 53.91% Memory free
5.99 Gb Paging File | 4.23 Gb Available in Paging File | 70.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 440.59 Gb Total Space | 47.88 Gb Free Space | 10.87% Space Free | Partition Type: NTFS
Drive F: | 37.26 Gb Total Space | 18.63 Gb Free Space | 50.00% Space Free | Partition Type: NTFS

Computer Name: THEHAUPTS-PC | User Name: The Haupts | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/04 20:04:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\The Haupts\Desktop\OTL.exe
PRC - [2011/12/15 10:37:49 | 000,637,208 | ---- | M] (Webroot) -- C:\Program Files\Webroot\WRSA.exe
PRC - [2011/10/26 19:33:00 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/26 19:32:58 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/07/25 23:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/10 16:58:18 | 000,077,656 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Quicken\bagent.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/06/16 20:44:04 | 000,561,152 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo Brightness Adjustment Software\LenovoBrightnessAdjustment.exe
PRC - [2009/06/03 23:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
PRC - [2009/01/02 13:03:48 | 000,225,280 | ---- | M] (JME) -- C:\Program Files (x86)\jmesoft\hotkey.exe

========== Modules (No Company Name) ==========

MOD - [2011/12/31 03:38:27 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27 ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/06/12 18:34:10 | 000,032,768 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Brightness Adjustment Software\CoreAudioApi.dll
MOD - [2009/06/03 23:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 23:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
MOD - [2009/01/05 14:38:06 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\jmesoft\KeyHook.dll
MOD - [2009/01/05 11:15:30 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\jmesoft\hidhook.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/12/15 10:37:49 | 000,637,208 | ---- | M] (Webroot) [Auto | Running] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/08/11 19:59:38 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/14 21:12:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/12/25 13:43:57 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/12/01 21:00:18 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2011/10/26 19:32:58 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/07/25 23:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/15 10:37:50 | 000,108,896 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WRkrn.sys -- (WRkrn)
DRV:64bit: - [2011/09/02 04:01:56 | 000,251,648 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmc412.sys -- (VMC412)
DRV:64bit: - [2011/08/18 14:25:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/07/12 13:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/09/15 18:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/07/20 06:39:22 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/30 23:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/06/30 23:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/06/30 23:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/14 21:48:02 | 006,031,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/07 03:36:46 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/06/05 08:58:40 | 001,354,880 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerBDA716x_x64.sys -- (AVerBDA6x_x64)
DRV:64bit: - [2009/06/04 18:04:34 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSVD.sys -- (WSVD)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 19:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/04/07 02:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/08/06 15:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/02/19 00:56:38 | 000,027,136 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV - [2011/09/28 19:33:46 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/02/29 13:45:22 | 000,012,384 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Wistron\OddSrv\PQAWDrv.sys -- (PQAWRwa)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://webstore.isotx.com/igmaraudersL.html"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5 videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\The Haupts\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\The Haupts\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\The Haupts\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\The Haupts\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\The Haupts\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

[2011/10/01 15:10:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Haupts\AppData\Roaming\Mozilla\Extensions
[2011/10/01 15:10:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Haupts\AppData\Roaming\Mozilla\Extensions\prism@developer.mozilla.org

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

rigi nalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:ins tantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\The Haupts\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5 videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\The Haupts\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPlug inChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\The Haupts\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\The Haupts\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\The Haupts\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\The Haupts\AppData\Local\Roblox\Versions\version-9d8ee47fdc21422e\\NPRobloxProxy.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\The Haupts\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\windows\system32\Wat\npWatWeb.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\The Haupts\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: YouTube = C:\Users\The Haupts\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\The Haupts\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Users\The Haupts\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: GetDislike = C:\Users\The Haupts\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecfaonpigeiandhnmepfclkmldegepl\3.2_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\The Haupts\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: Gmail = C:\Users\The Haupts\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Users\The Haupts\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2012/01/01 22:38:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {de4e75d3-60aa-4f02-a0e4-c8a40576574c} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5}] C:\Windows\test.bat File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DisplayBrightness] C:\Program Files\Lenovo\Lenovo Brightness Adjustment Software\LenovoBrightnessAdjustment.exe (Lenovo)
O4 - HKLM..\Run: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe (JME)
O4 - HKLM..\Run: [SetDefaultSCR] C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe (Lenovo)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKCU..\Run: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe (Intuit Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab...i_4.1.72.0.cab (SysInfo Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/pl...p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C67A5A5-779F-4345-9336-E1787993074B}: DhcpNameServer = 208.59.247.45 208.59.247.46
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79A068B3-6F49-4AD8-97FD-0F983D0ECCAD}: DhcpNameServer = 208.59.247.45 208.59.247.46
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (digest.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/04 20:04:13 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\The Haupts\Desktop\OTL.exe
[2012/01/04 19:47:14 | 000,108,896 | ---- | C] (Webroot) -- C:\windows\SysNative\drivers\BGVrbBTH.sys
[2012/01/03 19:44:13 | 000,108,896 | ---- | C] (Webroot) -- C:\windows\SysNative\drivers\eLysWqUF.sys
[2012/01/03 19:38:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\The Haupts\Desktop\OTL_exe
[2012/01/02 23:22:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\The Haupts\Desktop\Missingphotoson7OTL_exe
[2012/01/02 23:21:42 | 000,108,896 | ---- | C] (Webroot) -- C:\windows\SysNative\drivers\HwOOKeJN.sys
[2012/01/02 22:19:30 | 000,000,000 | ---D | C] -- C:\Users\The Haupts\Desktop\Bailey
[2012/01/02 22:10:46 | 000,000,000 | ---D | C] -- C:\Users\The Haupts\Desktop\Noah&Elijah Birthday09
[2012/01/02 21:52:51 | 000,000,000 | ---D | C] -- C:\Users\The Haupts\Desktop\Snow
[2012/01/02 21:49:18 | 000,000,000 | ---D | C] -- C:\Users\The Haupts\Desktop\Wrestling
[2012/01/02 21:34:10 | 000,000,000 | ---D | C] -- C:\Users\The Haupts\Desktop\Disney 10
[2012/01/02 00:09:15 | 000,000,000 | ---D | C] -- C:\Users\The Haupts\Desktop\Disney 11
[2012/01/02 00:00:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/01 23:59:09 | 000,000,000 | ---D | C] -- C:\Users\The Haupts\Desktop\Misc Family Photos
[2012/01/01 23:40:34 | 000,000,000 | ---D | C] -- C:\Users\The Haupts\Desktop\Disney 09
[2012/01/01 23:39:02 | 000,000,000 | ---D | C] -- C:\Users\The Haupts\Desktop\Christmas08
[2012/01/01 23:01:37 | 000,108,896 | ---- | C] (Webroot) -- C:\windows\SysNative\drivers\BCtRluXO.sys
[2012/01/01 22:37:22 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/01/01 22:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThinkVantage
[2012/01/01 22:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RideMax
[2012/01/01 22:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\King Arthur's Gold
[2012/01/01 22:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/01/01 22:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Braid
[2012/01/01 22:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/01/01 22:22:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/01/01 22:22:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/01/01 22:22:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/01/01 22:22:11 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/01/01 22:20:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/01 22:17:33 | 004,360,044 | R--- | C] (Swearware) -- C:\Users\The Haupts\Desktop\Missingphotoson7.exe
[2012/01/01 14:25:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/01/01 00:34:36 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\The Haupts\Desktop\HijackThis (1).exe
[2011/12/30 20:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011/12/30 20:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2011/12/30 20:44:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2011/12/30 03:01:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/12/30 00:40:13 | 000,000,000 | ---D | C] -- C:\Lenovo
[2011/12/29 23:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/12/29 23:43:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/12/29 23:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/12/29 23:43:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/12/29 23:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Pro Control Center
[2011/12/29 23:43:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/12/29 23:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/12/29 23:40:38 | 000,000,000 | ---D | C] -- C:\ATI
[2011/12/29 23:39:21 | 000,000,000 | ---D | C] -- C:\AMD
[2011/12/28 22:04:32 | 000,000,000 | ---D | C] -- C:\Users\The Haupts\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/28 22:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/28 22:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/12/28 22:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/27 09:14:43 | 000,000,000 | ---D | C] -- C:\Users\The Haupts\AppData\Roaming\Braid
[2011/12/25 13:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2011/12/25 08:12:18 | 000,000,000 | ---D | C] -- C:\Users\The Haupts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moon Tycoon
[2011/12/25 08:12:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moon Tycoon
[2011/12/18 08:44:11 | 000,000,000 | ---D | C] -- C:\Users\The Haupts\AppData\Roaming\Catalina Marketing Corp
[2011/12/18 08:44:04 | 000,000,000 | ---D | C] -- C:\Users\The Haupts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp
[2011/12/05 20:55:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
[2011/12/05 20:54:23 | 000,141,272 | ---- | C] (Webroot) -- C:\windows\SysWow64\WRusr.dll
[2011/12/05 20:54:23 | 000,091,832 | ---- | C] (Webroot) -- C:\windows\SysNative\WRusr.dll
[2011/12/05 20:54:22 | 000,108,896 | ---- | C] (Webroot) -- C:\windows\SysNative\drivers\WRkrn.sys
[2011/12/05 20:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2011/12/05 20:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\WRData
[2011/12/05 20:50:34 | 000,000,000 | ---D | C] -- C:\Users\The Haupts\AppData\Roaming\Ticosu
[2011/12/05 20:50:34 | 000,000,000 | ---D | C] -- C:\Users\The Haupts\AppData\Roaming\Bilyi
[2011/12/05 20:30:52 | 000,000,000 | ---D | C] -- C:\Users\The Haupts\Desktop\CREDIT REPORTS
[2009/11/15 11:09:50 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe
[3 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/04 20:04:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\The Haupts\Desktop\OTL.exe
[2012/01/04 20:02:16 | 000,294,400 | ---- | M] () -- C:\Users\The Haupts\Desktop\exeHelper.com
[2012/01/04 19:55:19 | 000,017,952 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 19:55:19 | 000,017,952 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 19:52:11 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/01/04 19:52:11 | 000,623,940 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/01/04 19:52:11 | 000,106,316 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/01/04 19:50:23 | 000,000,064 | ---- | M] () -- C:\windows\SysWow64\rp_stats.dat
[2012/01/04 19:50:23 | 000,000,044 | ---- | M] () -- C:\windows\SysWow64\rp_rules.dat
[2012/01/04 19:47:14 | 000,108,896 | ---- | M] (Webroot) -- C:\windows\SysNative\drivers\BGVrbBTH.sys
[2012/01/04 19:47:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/04 19:46:56 | 2411,913,216 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/04 19:11:00 | 000,000,928 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-403314768-3812790126-486052709-1001UA.job
[2012/01/04 02:11:00 | 000,000,876 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-403314768-3812790126-486052709-1001Core.job
[2012/01/03 21:11:27 | 000,294,400 | ---- | M] () -- C:\Users\The Haupts\Desktop\exeHelper_com
[2012/01/03 19:44:13 | 000,108,896 | ---- | M] (Webroot) -- C:\windows\SysNative\drivers\eLysWqUF.sys
[2012/01/03 19:38:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\The Haupts\Desktop\OTL_exe
[2012/01/02 23:23:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\The Haupts\Desktop\Missingphotoson7OTL_exe
[2012/01/02 23:21:42 | 000,108,896 | ---- | M] (Webroot) -- C:\windows\SysNative\drivers\HwOOKeJN.sys
[2012/01/01 23:01:37 | 000,108,896 | ---- | M] (Webroot) -- C:\windows\SysNative\drivers\BCtRluXO.sys
[2012/01/01 22:38:57 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/01/01 22:17:59 | 004,360,044 | R--- | M] (Swearware) -- C:\Users\The Haupts\Desktop\Missingphotoson7.exe
[2012/01/01 14:25:28 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/01/01 00:34:37 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\The Haupts\Desktop\HijackThis (1).exe
[2011/12/29 23:08:34 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/12/28 22:04:15 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/28 20:39:46 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 10:00:25 | 000,001,963 | ---- | M] () -- C:\Users\The Haupts\Desktop\Play Moon Tycoon.lnk
[2011/12/28 10:00:24 | 000,002,285 | ---- | M] () -- C:\Users\The Haupts\Desktop\Google Chrome.lnk
[2011/12/27 00:07:38 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/25 13:08:08 | 000,001,449 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/12/24 07:18:15 | 000,013,902 | ---- | M] () -- C:\Users\The Haupts\396384_163216053778546_130468153720003_189474_131098944_n.jpg
[2011/12/15 10:37:50 | 000,141,272 | ---- | M] (Webroot) -- C:\windows\SysWow64\WRusr.dll
[2011/12/15 10:37:50 | 000,108,896 | ---- | M] (Webroot) -- C:\windows\SysNative\drivers\WRkrn.sys
[2011/12/15 10:37:50 | 000,091,832 | ---- | M] (Webroot) -- C:\windows\SysNative\WRusr.dll
[2011/12/14 03:21:15 | 000,324,672 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[3 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/04 20:02:10 | 000,294,400 | ---- | C] () -- C:\Users\The Haupts\Desktop\exeHelper.com
[2012/01/03 21:11:20 | 000,294,400 | ---- | C] () -- C:\Users\The Haupts\Desktop\exeHelper_com
[2012/01/01 22:30:29 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/01/01 22:30:29 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/01 22:30:29 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/01/01 22:30:29 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/01/01 22:30:29 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/01 22:30:29 | 000,002,254 | ---- | C] () -- C:\Users\Public\Desktop\PMB.lnk
[2012/01/01 22:30:29 | 000,002,168 | ---- | C] () -- C:\Users\Public\Desktop\PMB Launcher.lnk
[2012/01/01 22:30:29 | 000,002,109 | ---- | C] () -- C:\Users\Public\Desktop\PMB Guide.lnk
[2012/01/01 22:30:29 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\Play Plants vs. Zombies.lnk
[2012/01/01 22:30:29 | 000,001,927 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2012/01/01 22:30:29 | 000,001,881 | ---- | C] () -- C:\Users\Public\Desktop\RideMax 6.0.lnk
[2012/01/01 22:30:29 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/01 22:30:29 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Deluxe 2011.lnk
[2012/01/01 22:30:29 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/01/01 22:30:29 | 000,001,449 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2012/01/01 22:30:29 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/01/01 22:30:29 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/01/01 22:30:29 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/01/01 22:30:29 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/01/01 22:30:29 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/01/01 22:30:29 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/01/01 22:30:29 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
[2012/01/01 22:30:29 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/01/01 22:30:29 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/01/01 22:30:29 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/01/01 22:30:29 | 000,001,007 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat_com.lnk
[2012/01/01 22:30:29 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/01/01 22:30:28 | 000,002,266 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2012/01/01 22:30:28 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\Global Agenda Launcher.lnk
[2012/01/01 22:30:28 | 000,002,024 | ---- | C] () -- C:\Users\Public\Desktop\CamSuite.lnk
[2012/01/01 22:30:28 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/01 22:30:28 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\Play Hidden World.lnk
[2012/01/01 22:30:28 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/01 22:30:28 | 000,001,715 | ---- | C] () -- C:\Users\Public\Desktop\LVT.lnk
[2012/01/01 22:30:28 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2012/01/01 22:30:28 | 000,001,328 | ---- | C] () -- C:\Users\Public\Desktop\Pirates of the Caribbean Online.lnk
[2012/01/01 22:30:28 | 000,001,254 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2012/01/01 22:30:28 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2012/01/01 22:30:28 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/01/01 22:30:28 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\LEGO MINDSTORMS NXT 2.0.lnk
[2012/01/01 22:30:28 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/01/01 22:30:28 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2012/01/01 22:22:55 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/01/01 22:22:55 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/01/01 22:22:55 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/01/01 22:22:55 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/01/01 22:22:55 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/01/01 14:25:28 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/01 14:25:28 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/28 22:04:15 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/28 20:39:46 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/25 08:12:18 | 000,001,963 | ---- | C] () -- C:\Users\The Haupts\Desktop\Play Moon Tycoon.lnk
[2011/12/24 07:18:46 | 000,013,902 | ---- | C] () -- C:\Users\The Haupts\396384_163216053778546_130468153720003_189474_131098944_n.jpg
[2011/11/09 22:39:44 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll
[2011/11/09 22:39:32 | 000,054,784 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2011/09/28 19:34:54 | 000,007,610 | ---- | C] () -- C:\Users\The Haupts\AppData\Local\Resmon.ResmonCfg
[2011/07/25 12:35:53 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/06/27 20:24:27 | 000,000,126 | ---- | C] () -- C:\windows\QUICKEN.INI
[2011/05/08 16:12:19 | 000,000,064 | ---- | C] () -- C:\windows\SysWow64\rp_stats.dat
[2011/05/08 16:12:19 | 000,000,044 | ---- | C] () -- C:\windows\SysWow64\rp_rules.dat
[2011/05/06 20:10:46 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/23 18:59:02 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
[2010/03/26 18:18:51 | 000,000,094 | ---- | C] () -- C:\windows\family.ini
[2010/03/15 21:08:48 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/01/01 19:32:33 | 000,011,776 | ---- | C] () -- C:\Users\The Haupts\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/15 10:45:12 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe
[2009/11/15 10:45:12 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe
[2009/07/26 16:07:52 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2011/12/31 02:04:17 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\.minecraft
[2011/11/17 12:11:47 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\Alawar
[2010/06/21 16:27:47 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\Big Fish Games
[2011/12/07 22:55:30 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\Bilyi
[2011/11/16 05:20:44 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\Bilyoc
[2011/12/27 09:15:12 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\Braid
[2011/12/31 02:04:17 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\Catalina Marketing Corp
[2011/06/16 06:19:14 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\DarksporeData
[2011/06/18 16:54:09 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\Disney.Vacation.Connection.460.73ACE317F4A7B83CB919A F282FBA5D3D96899CDE.1
[2011/09/09 17:32:08 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\Dwarfs
[2011/11/23 03:45:52 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\Dyemt
[2011/12/31 02:04:17 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\Facebook
[2011/05/08 19:41:13 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\Flip Video
[2010/09/23 22:20:09 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\GetRightToGo
[2010/12/29 00:24:19 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\HandBrake
[2011/04/21 06:30:13 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\Hi-Rez Studios
[2010/06/21 17:53:10 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\Hotdog Hotshot
[2011/01/23 14:18:28 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\HotSync
[2011/06/09 06:15:43 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\Ice-pick Lodge
[2011/12/31 02:04:17 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\IObit
[2011/11/19 21:29:56 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\MediaWmplay
[2011/08/16 08:24:50 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\MinMaxGames
[2011/08/11 17:27:59 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\Mount&Blade Warband
[2010/06/21 18:14:22 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\NevoSoft Games
[2010/09/26 13:36:04 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\OpenOffice.org
[2011/05/22 10:00:45 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\playmink
[2011/10/01 15:10:37 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\Prism
[2011/12/07 23:04:42 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\Qaxeog
[2010/06/11 05:21:42 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\SPORE
[2011/06/30 14:58:34 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\The Creative Assembly
[2011/12/07 23:07:26 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\Ticosu
[2011/12/31 02:04:15 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\TolvanData
[2011/06/03 14:23:55 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\wargaming.net
[2011/11/19 18:52:00 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\Ycw
[2010/09/26 09:51:29 | 000,000,000 | ---D | M] -- C:\Users\The Haupts\AppData\Roaming\YoudaGames
[2011/04/21 15:59:05 | 000,032,548 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:EB5BDBB0
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:56F368C9
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:8E9C9E8F
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:1A4BF204
@Alternate Data Stream - 227 bytes -> C:\ProgramData\Temp:C5E2BAEE
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:9D6EAEC3
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:3C9B05C4
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:9D03192E
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:A6CDBCAC
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:B1FBBD09
@Alternate Data Stream - 197 bytes -> C:\ProgramData\Temp:969C0C96
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:751D6870
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:A652BC99
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:6E11933F
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:A7B70C4E
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:0E67073E
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:F3591DDB
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:6FD36C4B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E883A78D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:9DB67071
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:2216A431
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E6D148BC
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:0E22C5DB
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:F2DC4B0B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:3815BC84
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:04BB186B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp

354012D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp

2397415
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:F986CC21
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:EA7D76BE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4C49306C
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:60C897F3
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:61A065F2
< End of report >

And for good Measure.... the exeHelper

exeHelper by Raktor
Build 20100414
Run at 20:02:19 on 01/04/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
exeHelper by Raktor
Build 20100414
Run at 20:03:22 on 01/04/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Thank You Eddie.

Missingphotoson7 · 04-Jan-2012, 09:19 PM **#15**

Oh i also forgot this one from otl...

OTL Extras logfile created on: 1/4/2012 8:04:30 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\The Haupts\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 53.91% Memory free
5.99 Gb Paging File | 4.23 Gb Available in Paging File | 70.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 440.59 Gb Total Space | 47.88 Gb Free Space | 10.87% Space Free | Partition Type: NTFS
Drive F: | 37.26 Gb Total Space | 18.63 Gb Free Space | 50.00% Space Free | Partition Type: NTFS

Computer Name: THEHAUPTS-PC | User Name: The Haupts | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = internetshortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil e]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf ile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil e]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf ile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{35A50BE1-FDD7-4FC7-CCE5-03D2A63D4CF4}" = AMD Catalyst Install Manager
"{3C32C938-3071-BEF0-1EA5-403A420031A0}" = ccc-utility64
"{3F372A41-8007-012F-F5AE-685F588FC897}" = AMD Media Foundation Decoders
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{74E85F31-573F-45BF-8939-4D2BCDCC2083}" = LEGO MINDSTORMS NXT Driver for x64
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EC8A40B2-096A-4EA4-B11A-167F87F293A7}" = iCloud
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2461E016-9FB4-B233-A74D-91D11A664342}" = CCC Help English
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29EA755D-404B-4310-872C-EB1B8513F9D6}" = LXH-JME LVT Driver
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Driver and Application Installation
"{48A25E19-D9AE-4BBE-9411-6F4C5D328B39}" = Skype™ Beta 5.0
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51002784-18FA-8FF9-9A1A-2468E7FCA096}" = Catalyst Control Center Graphics Previews Common
"{53753510-7620-4D2B-9C0B-111F871615D9}" = LEGO MINDSTORMS NXT - English Language Pack
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{699D0EFA-5AC2-4DAB-846E-E4EFDA00ACAC}" = OddSrv
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C1D47CC-682C-4673-8CA8-DEE659628599}" = LEGO MINDSTORMS NXT Migration Package
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{722AF0E9-9BAB-4556-9AA6-B5240D46E4B3}" = Global Agenda Launcher
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7556C28F-DE34-6D62-5920-47ADAFA952D6}" = Catalyst Control Center InstallProxy
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{803E6DED-5050-4E3D-B26A-5915397362CD}" = Lenovo Screensaver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF399570-0FB0-122E-0C35-849F15AFAB19}" = Application Profiles
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C454E7DD-A09A-6D06-7FF9-59753475FC09}" = Catalyst Pro Control Center
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB263F8D-EF2D-4EB5-A368-A27056EE92D4}" = LEGO MINDSTORMS NXT Software v2.0
"{CE23BD08-F6FD-3337-D8BC-5B55E69263A5}" = Catalyst Control Center InstallProxy
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CamSuite
"{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D94E5A89-D815-403A-BBE1-C5A7702F2C17}" = Lenovo Brightness Adjustment Software
"{DA109884-7CDC-5F21-5F0B-742AA74F84E1}" = Catalyst Control Center Localization All
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{EB5F211D-85D5-44C4-BB15-1207C77EF430}" = Visual C++ 8.0 Runtime Setup Package
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"AVerMedia MiniCard Hybrid TV" = AVerMedia MiniCard Hybrid TV 1.3.64.74
"BFGC" = Big Fish Games: Game Manager
"BFG-Hidden World" = Hidden World
"BFG-Plants vs. Zombies" = Plants vs. Zombies
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Disney Pirates of the Caribbean Online" = Disney Pirates of the Caribbean Online
"EA Download Manager" = EA Download Manager
"hon" = Heroes of Newerth
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Moon Tycoon" = Moon Tycoon
"NetDevil_LEGO_Universe_is1" = LEGO Universe
"OpenAL" = OpenAL
"RealPlayer 12.0" = RealPlayer
"Security Task Manager" = Security Task Manager 1.8d
"Steam App 8930" = Sid Meier's Civilization V
"TurboTax 2009" = TurboTax 2009
"WinLiveSuite" = Windows Live Essentials
"WRUNINST" = Webroot SecureAnywhere
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!