Advertisement
Advertisement
 Search | |
| |
22-Jul-2012, 12:21 PM
#16 | |||||||
| Posting OTL log: OTL logfile created on: 7/18/2012 2:40:35 PM - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = F:\ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.75 Gb Total Physical Memory | 0.27 Gb Available Physical Memory | 15.51% Memory free 3.49 Gb Paging File | 1.20 Gb Available in Paging File | 34.52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 215.36 Gb Total Space | 154.81 Gb Free Space | 71.88% Space Free | Partition Type: NTFS Drive D: | 17.22 Gb Total Space | 2.49 Gb Free Space | 14.46% Space Free | Partition Type: NTFS Drive F: | 7.60 Gb Total Space | 7.60 Gb Free Space | 99.99% Space Free | Partition Type: FAT32 Computer Name: PKE | User Name: peckent | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/18 14:28:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:\OTL.exe PRC - [2012/07/13 02:56:29 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Users\peckent\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler. exe PRC - [2012/07/11 17:58:17 | 001,551,384 | ---- | M] (Google Inc.) -- C:\Users\peckent\AppData\Local\Google\Chrome\Application\20.0.1132.57\Insta ller\setup.exe PRC - [2012/07/06 11:53:20 | 000,217,536 | ---- | M] (Facebook) -- C:\Users\peckent\AppData\Local\Facebook\Messenger\2.1.4570.0\FacebookMessen ger.exe PRC - [2012/07/03 11:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/03/23 10:12:26 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/10/11 13:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe PRC - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe PRC - [2011/08/15 08:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe PRC - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2011/04/19 01:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2010/02/22 17:30:52 | 000,266,240 | ---- | M] () -- C:\Program Files (x86)\HP Button Manager\BM.exe PRC - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe ========== Modules (No Company Name) ========== MOD - [2012/07/08 21:54:38 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e3 9162b83f3303aaa\System.Web.ni.dll MOD - [2012/07/08 21:54:07 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe6 51c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/07/08 21:53:58 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f8773 6d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/07/05 20:58:56 | 021,015,488 | ---- | M] () -- C:\Users\peckent\AppData\Local\Facebook\Messenger\2.1.4570.0\libcef.dll MOD - [2012/07/05 20:58:16 | 000,284,096 | ---- | M] () -- C:\Users\peckent\AppData\Local\Facebook\Messenger\2.1.4570.0\CefSharp.WinFo rms.dll MOD - [2012/07/05 20:56:24 | 000,456,128 | ---- | M] () -- C:\Users\peckent\AppData\Local\Facebook\Messenger\2.1.4570.0\CefSharp.dll MOD - [2012/05/22 15:45:18 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083c bbc623e01b389f09\System.Data.ni.dll MOD - [2012/05/22 15:40:01 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d4 9b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/22 15:39:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c50 6bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/22 15:39:18 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673 d948179195c\System.ni.dll MOD - [2012/05/22 15:38:55 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a35 9778ea57d914c\mscorlib.ni.dll MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Dat a.dll MOD - [2010/02/22 17:30:52 | 000,266,240 | ---- | M] () -- C:\Program Files (x86)\HP Button Manager\BM.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/07/12 15:39:57 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/07/03 11:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012/07/03 11:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012/07/03 11:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012/07/03 11:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012/07/03 11:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012/07/03 11:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/03/09 10:21:59 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/04/01 02:22:02 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/02/22 12:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010/09/20 02:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010/09/20 01:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009/10/07 21:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/10/07 21:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/08/23 20:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2011/04/01 02:22:04 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{435795D6-C142-443D-9CF5-DF53555445FA}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{A4E7CFF3-A356-4AC5-8377-F4FD9F8817F7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{CAE32FEA-4AB6-4F0F-AA49-50310E439920}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{F7133569-3DCB-4188-97EF-226825FA9793}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{435795D6-C142-443D-9CF5-DF53555445FA}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{A4E7CFF3-A356-4AC5-8377-F4FD9F8817F7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647 IE - HKLM\..\SearchScopes\{CAE32FEA-4AB6-4F0F-AA49-50310E439920}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{F7133569-3DCB-4188-97EF-226825FA9793}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1 IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blekkosearch.mystart.com/vafo...D&tbp=homepage IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\SearchScopes,DefaultScope = {A4E7CFF3-A356-4AC5-8377-F4FD9F8817F7} IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\SearchScopes\{24D32B2D-C7A0-4B38-8AE6-24BFE53EE2B5}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=WCL2&o=100000082&src=kw&q={searchTerms}&locale=&apn_p tnrs=^AA2&apn_dtid=^YYYYYY^YY^US&apn_uid=B6AF509F-47CE-4175-B474-5CB33D721D31&apn_sauid=5ED2A4A0-01E1-4223-8A83-0FEE40211D9B& IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch.mystart.com/vafoontoolbar/?source=4744474a&tbp=rbox&toolbarid=vafoontoolbar&u=20120415638E48A580C2851 52144C76D&q={searchTerms} IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\SearchScopes\{435795D6-C142-443D-9CF5-DF53555445FA}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz= IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\SearchScopes\{A4E7CFF3-A356-4AC5-8377-F4FD9F8817F7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647 IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\SearchScopes\{CAE32FEA-4AB6-4F0F-AA49-50310E439920}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\SearchScopes\{F7133569-3DCB-4188-97EF-226825FA9793}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Blekko" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.wahooschools.org/" FF - prefs.js..keyword.URL: "http://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=vafoontoolbar&u=USERGUID&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\peckent\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\peckent\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\peckent\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\peckent\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\peckent\Desktop\npAmazonMP3DownloaderPlugin.dll File not found FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\peckent\AppData\Local\Facebook\Messenger\2.1.4570.0\npFbDesktopPlu gin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearc h.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\firefoxaddon FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/08 16:27:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/12 15:40:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/28 11:28:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Users\peckent\AppData\Roaming\NetAssistant\ [2011/04/10 10:59:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6c4b3bf5-26fe-4373-8571-4e39446b7fd0}: C:\Program Files (x86)\getdislike\getdislike [2011/07/13 07:56:10 | 000,009,216 | ---- | M] (GetDislike) FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\firefoxaddon FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\info@friendschecker. com: C:\Program Files (x86)\FriendsChecker\Firefox\ [2012/06/05 13:18:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/12 15:40:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/28 11:28:35 | 000,000,000 | ---D | M] [2012/03/23 12:11:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\peckent\AppData\Roaming\Mozilla\Extensions [2012/07/12 11:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\peckent\AppData\Roaming\Mozilla\Firefox\Profiles\oknc1m79.default\ extensions [2012/06/07 09:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011/08/04 13:30:54 | 000,000,000 | ---D | M] ("GetDislike.com") -- C:\Program Files (x86)\Mozilla Firefox\extensions\{6c4b3bf5-26fe-4373-8571-4e39446b7fd0} [2012/06/05 13:18:50 | 000,000,000 | ---D | M] (FriendsChecker) -- C:\PROGRAM FILES (X86)\FRIENDSCHECKER\FIREFOX [2012/07/08 16:27:04 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012/06/02 15:06:16 | 000,552,655 | ---- | M] () (No name found) -- C:\USERS\PECKENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OKNC1M79.DEFAULT\ EXTENSIONS\{771F3037-9885-4423-B50F-A5EDE4854E26}.XPI [2012/07/12 15:39:59 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/05/05 23:09:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/07/12 15:39:44 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml [2012/07/12 15:39:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/07/12 15:39:44 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml [2012/07/12 15:39:44 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml [2012/04/15 16:52:22 | 000,002,160 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml [2012/07/12 15:39:44 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml [2012/07/12 15:39:44 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Conduit (Enabled) CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=ct2559 647 CHR - default_search_provider: suggest_url = http://search.conduit.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\peckent\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoo gleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\peckent\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.d ll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\peckent\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf 32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\peckent\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\peckent\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\peckent\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlu gin.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - Extension: Google Translate = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\ CHR - Extension: Angry Birds = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: Solitaire = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim\1.4.0.3_0\ CHR - Extension: Freecell Solitaire = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\cabpjbpfakfhcfidnjahmdophhihafkh\1.0.0.1_0\ CHR - Extension: Multiplayer Piano = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbadoggeokhliehfonkefnfcbgocojid\13_0\ CHR - Extension: Solitaire Easter = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdhlajlhnhnhkjmnfnangaepoilhbcan\1.0.0.1_0\ CHR - Extension: Flight = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\cecapiaiollboefeimjhhdpopcfghejh\1.0_0\ CHR - Extension: StoryLines = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\celkoncipomnbmcomjieepceifpcdgdl\1.0.1_0\ CHR - Extension: Add to Amazon Wish List = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_0\ CHR - Extension: Google Search = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Netflix = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh\1.0.0.2_0\ CHR - Extension: TripAdvisor = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnegghdcleoigballbmdmlhklhcdjli\1.0_0\ CHR - Extension: After the Deadline = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjadjbdihbaodagojiomdljhjhjfho\1.2_0\ CHR - Extension: PicMonkey = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm\1.3_0\ CHR - Extension: Cut the Rope = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\13_0\ CHR - Extension: The Elementals = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfhfehlnocjpbnbcabcjjnemkkkghaak\1.0.1_0\ CHR - Extension: Flood-It! = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp\1.11_0\ CHR - Extension: Cloud Reader = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.0.0.0_0\ CHR - Extension: avast! WebRep = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\ CHR - Extension: Nyan Cat - Lost in Space Flash = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaflfnajckagdhjlnkgndmbodjpkagcc\1.0_0\ CHR - Extension: Angry Games! = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeooehfcbblgooocjcchakggbaeljifc\1.0.2_0\ CHR - Extension: Water = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhngniaikeechlfoobjdckgdngpbkdoj\1.5_0\ CHR - Extension: Max = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjdeaehmpjghhfgepinklammfakbiceo\1.0_0\ CHR - Extension: Cargo Bridge = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\ CHR - Extension: Shopping Assistant = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\keigpnkjljkelclbjbekcfnaomfodamj\3.2.7_0\ CHR - Extension: Sand 2 = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\klicmgamjpclmbhppmdeamffedflmkcn\1.0.4_0\ CHR - Extension: Little Alchemy = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.12_0\ CHR - Extension: Webcam Toy = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.3.5_0\ CHR - Extension: Clear History = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhibcmkdgpfagejobeajjlidmoddmicp\1.4_0\ CHR - Extension: Rain Alarm = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\meaikaglpfemjncbioflellmppndgmok\1.1.6_0\ CHR - Extension: Where's My Water? = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnfafbniofcfoifoalcjaabpbddllccc\1.4_0\ CHR - Extension: Nyan Cat = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\neimpplmbdhflkfojgmplkgflkgmodpd\3.0_0\ CHR - Extension: Nyan Cat Lost In Space = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocolcbginmpjiobmipdgimnpeplgbghg\1.2_0\ CHR - Extension: Travel Math = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofpimeaclblbaodahnhhmlblagijlnad\1.0_0\ CHR - Extension: Psykopaint = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\ CHR - Extension: Psykopaint = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak CHR - Extension: Uno = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnlcclaocpblfckpfgmpdfndodkofpo\2.3.1_0\ O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security)) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found O4 - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001..\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found O4 - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001..\Run: [Facebook Update] C:\Users\peckent\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe File not found O4 - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001..\Run: [InstallIQUpdater] C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC) O4 - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 File not found O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-50251.exe () O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\peckent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Disney Vacation Connection.lnk = File not found O4 - Startup: C:\Users\peckent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\peckent\AppData\Local\Facebook\Messenger\2.1.4570.0\FacebookMessen ger.exe (Facebook) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D04A0FC-3742-4DD7-99AD-8C633B5A0934}: DhcpNameServer = 129.93.5.53 129.93.6.189 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{824F79AF-F341-4ED9-841E-FF5B529EF33B}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/07/09 14:42:55 | 000,000,000 | ---D | C] -- C:\Users\peckent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2012/07/08 16:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\vafoontoolbar [2012/07/08 16:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012/07/08 16:28:56 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012/07/08 16:28:54 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012/07/08 16:28:39 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012/07/08 16:28:36 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012/07/08 16:28:35 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012/07/08 16:28:33 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012/07/08 16:25:52 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012/07/08 16:25:46 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [1 C:\Users\peckent\Desktop\*.tmp files -> C:\Users\peckent\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/18 14:41:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/07/18 14:34:43 | 000,729,944 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/07/18 14:34:43 | 000,626,540 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/07/18 14:34:43 | 000,107,784 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/07/18 14:19:58 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012/07/18 14:19:58 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012/07/18 14:04:48 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001UA.job [2012/07/18 14:03:51 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/07/18 12:11:51 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/07/18 12:11:44 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001Core.job [2012/07/18 12:09:30 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001Core.job [2012/07/18 12:06:18 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001UA.job [2012/07/18 12:00:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/16 11:06:55 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/16 11:06:55 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/12 18:19:43 | 000,711,240 | ---- | M] () -- C:\Windows\is-50251.exe [2012/07/12 18:19:43 | 000,010,550 | ---- | M] () -- C:\Windows\is-50251.msg [2012/07/12 18:19:43 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/12 18:19:43 | 000,000,459 | ---- | M] () -- C:\Windows\is-50251.lst [2012/07/12 11:29:35 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job [2012/07/11 21:37:27 | 000,422,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/11 21:36:30 | 1405,276,160 | -HS- | M] () -- C:\hiberfil.sys [2012/07/11 18:06:28 | 000,002,406 | ---- | M] () -- C:\Users\peckent\Desktop\Google Chrome.lnk [2012/07/09 14:42:55 | 000,001,333 | ---- | M] () -- C:\Users\peckent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012/07/08 18:51:29 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForpeckent.job [2012/07/08 16:28:58 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012/07/08 16:28:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/07/03 11:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012/07/03 11:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012/07/03 11:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012/07/03 11:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012/07/03 11:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012/07/03 11:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012/07/03 11:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012/07/03 11:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012/07/03 11:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [1 C:\Users\peckent\Desktop\*.tmp files -> C:\Users\peckent\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/12 18:19:43 | 000,711,240 | ---- | C] () -- C:\Windows\is-50251.exe [2012/07/12 18:19:43 | 000,010,550 | ---- | C] () -- C:\Windows\is-50251.msg [2012/07/12 18:19:43 | 000,000,459 | ---- | C] () -- C:\Windows\is-50251.lst [2012/07/08 16:28:58 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012/07/08 16:15:52 | 000,001,333 | ---- | C] () -- C:\Users\peckent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2011/06/23 12:58:37 | 000,022,572 | ---- | C] () -- C:\Windows\hpqins19.dat [2011/04/28 16:38:36 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011/04/28 16:38:36 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011/04/07 21:06:21 | 000,001,854 | ---- | C] () -- C:\Users\peckent\AppData\Roaming\GhostObjGAFix.xml [2011/04/06 14:38:25 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/11/02 03:52:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010/11/02 03:44:32 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini [2010/11/02 03:44:32 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini ========== LOP Check ========== [2012/03/06 19:53:55 | 000,000,000 | ---D | M] -- C:\Users\peckent\AppData\Roaming\Amazon [2011/12/11 18:00:08 | 000,000,000 | ---D | M] -- C:\Users\peckent\AppData\Roaming\Disney.Vacation.Connection.460.73ACE317F4A 7B83CB919AF282FBA5D3D96899CDE.1 [2011/04/10 10:59:58 | 000,000,000 | ---D | M] -- C:\Users\peckent\AppData\Roaming\NetAssistant [2011/03/09 19:18:02 | 000,000,000 | ---D | M] -- C:\Users\peckent\AppData\Roaming\Registry Mechanic [2011/09/17 21:34:50 | 000,000,000 | ---D | M] -- C:\Users\peckent\AppData\Roaming\Sammsoft [2011/08/14 13:12:21 | 000,000,000 | ---D | M] -- C:\Users\peckent\AppData\Roaming\W3i, LLC [2011/04/10 11:01:34 | 000,000,000 | ---D | M] -- C:\Users\peckent\AppData\Roaming\WeatherBug [2011/03/30 17:06:29 | 000,000,000 | ---D | M] -- C:\Users\peckent\AppData\Roaming\Windows Live Writer [2012/07/18 12:09:30 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001Core.job [2012/07/18 12:06:18 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001UA.job [2012/07/12 11:29:35 | 000,000,414 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro64 startups.job [2012/07/11 21:37:28 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011/02/21 14:27:26 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010/07/11 00:57:16 | 000,000,000 | -HSD | M] -- C:\boot [2012/07/18 12:05:59 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010/11/02 04:15:27 | 000,000,000 | -H-D | M] -- C:\HP [2011/02/01 11:05:32 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009/07/13 22:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012/05/29 21:11:22 | 000,000,000 | R--D | M] -- C:\Program Files [2012/07/16 20:57:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2012/06/02 15:11:16 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011/01/26 00:49:26 | 000,000,000 | -HSD | M] -- C:\Recovery [2012/04/28 19:55:25 | 000,000,000 | ---D | M] -- C:\SwSetup [2012/07/18 14:43:50 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011/01/26 00:49:29 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV [2011/01/26 00:48:27 | 000,000,000 | R--D | M] -- C:\Users [2012/07/12 18:19:43 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %windir%\Installer\*.* > [2011/10/17 13:26:31 | 001,437,184 | ---- | M] () -- C:\Windows\Installer\12045b1e.msi [2011/04/10 10:59:12 | 000,336,896 | ---- | M] () -- C:\Windows\Installer\13cc28c1.msi [2011/11/11 17:16:20 | 008,458,240 | R--- | M] () -- C:\Windows\Installer\15b23ebb.msp [2011/11/11 17:15:00 | 001,795,584 | R--- | M] () -- C:\Windows\Installer\15b23ed2.msp [2011/11/01 14:34:30 | 002,531,840 | R--- | M] () -- C:\Windows\Installer\15b23ee9.msp [2011/11/01 14:34:58 | 004,225,536 | R--- | M] () -- C:\Windows\Installer\15b23f05.msp [2011/11/11 17:14:40 | 009,096,192 | R--- | M] () -- C:\Windows\Installer\15b23f1c.msp [2011/11/01 14:34:28 | 002,247,168 | R--- | M] () -- C:\Windows\Installer\15b23f33.msp [2011/11/01 14:34:56 | 004,250,112 | R--- | M] () -- C:\Windows\Installer\15b23f5b.msp [2007/04/10 17:31:24 | 000,930,816 | ---- | M] () -- C:\Windows\Installer\169a1f5c.msi [2011/04/22 19:41:34 | 011,507,712 | R--- | M] () -- C:\Windows\Installer\169a1f76.msp [2011/01/15 09:46:32 | 002,049,536 | ---- | M] () -- C:\Windows\Installer\169add.msi [2012/04/05 23:50:22 | 049,125,888 | ---- | M] () -- C:\Windows\Installer\16d2e0b6.msi [2012/07/16 20:56:34 | 000,025,600 | ---- | M] () -- C:\Windows\Installer\199deede.msi [2011/11/22 00:42:40 | 033,189,888 | R--- | M] () -- C:\Windows\Installer\1a20b622.msp [2011/09/15 18:35:54 | 001,411,072 | R--- | M] () -- C:\Windows\Installer\1a20b62d.msp [2011/09/15 18:37:52 | 034,428,416 | R--- | M] () -- C:\Windows\Installer\1a20b62e.msp [2011/09/15 18:37:28 | 016,691,712 | R--- | M] () -- C:\Windows\Installer\1a20b635.msp [2011/09/15 18:34:54 | 428,804,608 | R--- | M] () -- C:\Windows\Installer\1a20b843.msp [2011/09/15 18:34:14 | 008,499,712 | R--- | M] () -- C:\Windows\Installer\1a20b851.msp [2011/09/15 18:38:04 | 010,838,528 | R--- | M] () -- C:\Windows\Installer\1a20b85c.msp [2011/09/15 18:39:22 | 011,163,136 | R--- | M] () -- C:\Windows\Installer\1a20b868.msp [2011/09/15 18:40:36 | 007,959,552 | R--- | M] () -- C:\Windows\Installer\1a20b872.msp [2010/03/31 16:07:16 | 002,376,704 | ---- | M] () -- C:\Windows\Installer\1de8cc.msi [2011/07/09 09:35:25 | 002,323,456 | ---- | M] () -- C:\Windows\Installer\1e6c94d5.msi [2012/02/24 18:38:04 | 047,848,756 | ---- | M] () -- C:\Windows\Installer\1e7cb212.msi [2011/08/23 18:01:10 | 003,480,576 | ---- | M] () -- C:\Windows\Installer\1e7cb218.msi [2012/02/24 18:45:23 | 000,412,832 | ---- | M] () -- C:\Windows\Installer\1e7cb222.msi [2011/11/19 18:57:46 | 002,682,368 | ---- | M] () -- C:\Windows\Installer\1ecd70bf.msi [2010/11/10 02:15:36 | 001,830,400 | R--- | M] () -- C:\Windows\Installer\1f8b64f9.msp [2010/11/10 01:23:40 | 001,139,712 | R--- | M] () -- C:\Windows\Installer\1f8b6507.msp [2010/11/10 04:58:48 | 005,870,080 | R--- | M] () -- C:\Windows\Installer\1f8b6520.msp [2010/11/09 22:15:02 | 000,113,664 | R--- | M] () -- C:\Windows\Installer\1f8b655f.msp [2010/11/10 03:22:32 | 005,514,240 | R--- | M] () -- C:\Windows\Installer\1f8b6575.msp [2010/11/10 03:20:22 | 003,733,504 | R--- | M] () -- C:\Windows\Installer\1f8b6581.msp [2010/11/10 03:16:22 | 003,314,688 | R--- | M] () -- C:\Windows\Installer\1f8b65a0.msp [2010/11/10 03:18:26 | 014,617,088 | R--- | M] () -- C:\Windows\Installer\1f8b65cf.msp [2010/11/10 02:15:38 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\1f8b65d7.msp [2010/11/10 01:46:30 | 004,427,776 | R--- | M] () -- C:\Windows\Installer\1f8b65e8.msp [2010/11/10 02:20:38 | 002,932,736 | R--- | M] () -- C:\Windows\Installer\1f8b65fe.msp [2010/11/10 02:36:26 | 002,958,336 | R--- | M] () -- C:\Windows\Installer\1f8b661a.msp [2010/11/10 02:31:00 | 000,205,312 | R--- | M] () -- C:\Windows\Installer\1f8b6625.msp [2010/11/10 02:21:48 | 000,024,576 | R--- | M] () -- C:\Windows\Installer\1f8b662d.msp [2010/11/10 02:39:06 | 000,636,928 | R--- | M] () -- C:\Windows\Installer\1f8b6635.msp [2011/02/11 08:59:10 | 023,633,408 | R--- | M] () -- C:\Windows\Installer\203f72ca.msp [2011/02/24 15:15:46 | 011,551,232 | R--- | M] () -- C:\Windows\Installer\203f72e6.msp [2011/01/11 08:48:54 | 000,235,008 | ---- | M] () -- C:\Windows\Installer\203f72ee.msi [2011/01/11 09:19:42 | 000,226,816 | ---- | M] () -- C:\Windows\Installer\203f72f5.msi [2010/11/20 23:33:46 | 001,980,928 | R--- | M] () -- C:\Windows\Installer\203f730b.msp [2011/12/08 20:24:04 | 004,989,952 | R--- | M] () -- C:\Windows\Installer\20d36cc8.msp [2011/12/26 07:24:12 | 008,835,072 | R--- | M] () -- C:\Windows\Installer\20d36cd2.msp [2011/04/16 00:14:54 | 003,186,176 | ---- | M] () -- C:\Windows\Installer\212adf6a.msi [2011/04/16 08:44:26 | 002,770,944 | ---- | M] () -- C:\Windows\Installer\212adf96.msi [2011/04/29 12:33:30 | 008,173,568 | R--- | M] () -- C:\Windows\Installer\212adfac.msp [2011/04/19 04:21:02 | 000,235,520 | ---- | M] () -- C:\Windows\Installer\212adfbf.msi [2011/04/19 04:54:14 | 000,227,328 | ---- | M] () -- C:\Windows\Installer\212adfc6.msi [2011/04/29 12:28:40 | 001,995,264 | R--- | M] () -- C:\Windows\Installer\212adfdc.msp [2011/04/29 12:31:46 | 009,006,080 | R--- | M] () -- C:\Windows\Installer\212adff3.msp [2011/03/17 20:03:50 | 000,308,736 | R--- | M] () -- C:\Windows\Installer\212ae009.msp [2012/07/11 13:39:00 | 007,918,592 | ---- | M] () -- C:\Windows\Installer\21fe9ddc.msi [2012/01/22 12:11:39 | 000,907,776 | ---- | M] () -- C:\Windows\Installer\22cd1613.msi [2010/03/15 17:17:32 | 002,397,184 | ---- | M] () -- C:\Windows\Installer\230c0.msi [2010/05/07 22:45:10 | 008,193,024 | ---- | M] () -- C:\Windows\Installer\23278.msi [2010/06/05 17:53:42 | 004,042,752 | ---- | M] () -- C:\Windows\Installer\232d6.msi [2010/06/05 17:54:54 | 005,425,152 | ---- | M] () -- C:\Windows\Installer\232de.msi [2010/06/05 17:56:08 | 002,656,768 | ---- | M] () -- C:\Windows\Installer\232e5.msi [2010/01/12 03:41:08 | 001,867,264 | ---- | M] () -- C:\Windows\Installer\232f3.msi [2010/06/17 23:55:44 | 007,839,744 | ---- | M] () -- C:\Windows\Installer\2330f.msi [2009/07/12 14:16:26 | 000,223,232 | ---- | M] () -- C:\Windows\Installer\23316.msi [2011/06/21 12:01:14 | 004,991,488 | R--- | M] () -- C:\Windows\Installer\23b038a.msp [2010/03/18 16:41:24 | 001,901,056 | ---- | M] () -- C:\Windows\Installer\241e088a.msi [2011/01/11 17:50:38 | 008,177,152 | R--- | M] () -- C:\Windows\Installer\24b15f25.msp [2011/03/17 20:01:58 | 009,563,648 | R--- | M] () -- C:\Windows\Installer\24b15f3c.msp [2010/11/20 23:32:52 | 004,165,120 | R--- | M] () -- C:\Windows\Installer\24b15f63.msp [2011/03/17 20:00:20 | 000,090,624 | R--- | M] () -- C:\Windows\Installer\24b15f6b.msp [2011/01/11 00:54:22 | 003,173,888 | ---- | M] () -- C:\Windows\Installer\24b15f73.msi [2011/01/11 17:49:20 | 009,003,008 | R--- | M] () -- C:\Windows\Installer\24b15f90.msp [2011/03/17 20:05:24 | 004,989,440 | R--- | M] () -- C:\Windows\Installer\24b15fa7.msp [2008/07/17 15:47:30 | 002,081,792 | ---- | M] () -- C:\Windows\Installer\25045.msi [2007/05/16 14:08:22 | 001,819,136 | ---- | M] () -- C:\Windows\Installer\2507d.msi [2010/04/16 23:57:32 | 001,453,056 | ---- | M] () -- C:\Windows\Installer\25082.msi [2012/02/03 16:13:48 | 004,988,928 | R--- | M] () -- C:\Windows\Installer\262a8830.msp [2011/10/26 17:36:14 | 002,829,312 | R--- | M] () -- C:\Windows\Installer\262a883a.msp [2012/05/05 22:57:27 | 012,938,752 | ---- | M] () -- C:\Windows\Installer\26e17310.msi [2012/05/05 23:11:39 | 000,207,360 | ---- | M] () -- C:\Windows\Installer\26e17320.msi [2009/07/12 11:43:18 | 000,231,936 | ---- | M] () -- C:\Windows\Installer\27360.msi [2010/06/22 13:53:34 | 006,667,776 | ---- | M] () -- C:\Windows\Installer\2736b.msi [2010/06/10 20:10:28 | 000,500,224 | ---- | M] () -- C:\Windows\Installer\27370.msi [2010/06/22 13:43:34 | 002,917,376 | ---- | M] () -- C:\Windows\Installer\27375.msi [2010/06/22 13:45:28 | 007,454,720 | ---- | M] () -- C:\Windows\Installer\2737a.msi [2010/06/22 13:45:42 | 000,410,112 | ---- | M] () -- C:\Windows\Installer\2737f.msi [2010/06/22 13:45:56 | 000,994,816 | ---- | M] () -- C:\Windows\Installer\27384.msi [2010/06/22 13:42:56 | 001,889,792 | ---- | M] () -- C:\Windows\Installer\27389.msi [2010/06/22 13:42:40 | 005,750,272 | ---- | M] () -- C:\Windows\Installer\2738e.msi [2010/06/22 13:46:08 | 001,265,152 | ---- | M] () -- C:\Windows\Installer\27394.msi [2010/06/22 13:46:20 | 001,249,792 | ---- | M] () -- C:\Windows\Installer\27399.msi [2010/06/22 13:46:30 | 001,233,408 | ---- | M] () -- C:\Windows\Installer\2739e.msi [2010/06/22 13:46:40 | 001,304,576 | ---- | M] () -- C:\Windows\Installer\273a3.msi [2010/06/22 13:46:48 | 000,750,080 | ---- | M] () -- C:\Windows\Installer\273a8.msi [2010/06/22 13:46:58 | 001,251,328 | ---- | M] () -- C:\Windows\Installer\273ad.msi [2010/06/22 13:47:08 | 001,254,912 | ---- | M] () -- C:\Windows\Installer\273b2.msi [2010/06/22 13:47:18 | 001,259,520 | ---- | M] () -- C:\Windows\Installer\273b7.msi [2010/06/22 13:47:26 | 001,269,760 | ---- | M] () -- C:\Windows\Installer\273bc.msi [2010/06/22 13:47:36 | 001,250,816 | ---- | M] () -- C:\Windows\Installer\273c1.msi [2010/06/22 13:47:46 | 001,277,440 | ---- | M] () -- C:\Windows\Installer\273c6.msi [2010/06/22 13:47:56 | 001,261,568 | ---- | M] () -- C:\Windows\Installer\273cb.msi [2010/06/22 13:48:06 | 001,256,960 | ---- | M] () -- C:\Windows\Installer\273d0.msi [2010/06/22 13:48:14 | 001,243,136 | ---- | M] () -- C:\Windows\Installer\273d5.msi [2010/06/22 13:48:24 | 001,259,008 | ---- | M] () -- C:\Windows\Installer\273da.msi [2010/06/22 13:48:32 | 001,256,448 | ---- | M] () -- C:\Windows\Installer\273df.msi [2010/06/22 13:48:42 | 001,289,728 | ---- | M] () -- C:\Windows\Installer\273e4.msi [2010/06/22 13:48:52 | 001,246,720 | ---- | M] () -- C:\Windows\Installer\273e9.msi [2010/06/22 13:49:02 | 001,275,904 | ---- | M] () -- C:\Windows\Installer\273ee.msi [2010/06/22 13:49:12 | 001,254,912 | ---- | M] () -- C:\Windows\Installer\273f3.msi [2010/06/22 13:49:20 | 000,942,592 | ---- | M] () -- C:\Windows\Installer\273f8.msi [2010/06/22 13:49:30 | 001,243,648 | ---- | M] () -- C:\Windows\Installer\273fd.msi [2010/06/22 13:49:54 | 001,937,408 | ---- | M] () -- C:\Windows\Installer\27402.msi [2010/06/22 13:50:24 | 000,279,552 | ---- | M] () -- C:\Windows\Installer\27407.msi [2010/06/22 13:44:54 | 002,438,144 | ---- | M] () -- C:\Windows\Installer\2740d.msi [2010/01/12 09:26:20 | 003,639,808 | ---- | M] () -- C:\Windows\Installer\27412.msi [2006/12/02 04:20:42 | 003,227,648 | ---- | M] () -- C:\Windows\Installer\27421.msi [2010/02/02 16:46:38 | 001,544,704 | ---- | M] () -- C:\Windows\Installer\27428.msi [2010/02/02 16:46:38 | 000,829,440 | ---- | M] () -- C:\Windows\Installer\2742f.msi [2010/02/02 16:46:40 | 001,304,576 | ---- | M] () -- C:\Windows\Installer\27436.msi [2010/06/24 02:38:34 | 001,010,688 | ---- | M] () -- C:\Windows\Installer\274f9a.msi [2011/03/18 18:11:01 | 003,665,408 | ---- | M] () -- C:\Windows\Installer\29066c58.msi [2011/03/25 09:16:38 | 005,135,872 | R--- | M] () -- C:\Windows\Installer\29f366d1.msp [2011/04/13 11:48:16 | 035,326,464 | R--- | M] () -- C:\Windows\Installer\29f366e8.msp [2012/03/26 19:21:30 | 007,622,656 | ---- | M] () -- C:\Windows\Installer\2b9816b5.msi [2012/04/01 14:16:34 | 000,032,256 | ---- | M] () -- C:\Windows\Installer\2cbc09.msi [2011/04/28 05:42:32 | 004,990,976 | R--- | M] () -- C:\Windows\Installer\2dcda6f.msp [2011/04/29 12:27:04 | 004,158,464 | R--- | M] () -- C:\Windows\Installer\2dcda95.msp [2011/10/24 15:43:44 | 026,820,096 | ---- | M] () -- C:\Windows\Installer\37c50c75.msi [2012/07/09 14:42:11 | 012,750,848 | ---- | M] () -- C:\Windows\Installer\3a361c6.msi [2010/07/10 21:58:24 | 000,020,480 | ---- | M] () -- C:\Windows\Installer\3a77bb.msi [2012/01/22 10:20:42 | 001,707,520 | R--- | M] () -- C:\Windows\Installer\3af5973d.msp [2011/11/01 13:34:26 | 001,169,920 | R--- | M] () -- C:\Windows\Installer\3f77982c.msp [2012/03/23 14:59:02 | 007,899,648 | R--- | M] () -- C:\Windows\Installer\3f779843.msp [2012/03/27 00:28:54 | 005,009,920 | R--- | M] () -- C:\Windows\Installer\3f77985a.msp [2012/04/25 11:23:58 | 038,233,600 | ---- | M] () -- C:\Windows\Installer\4846b539.msi [2011/09/21 16:18:24 | 004,985,856 | R--- | M] () -- C:\Windows\Installer\48cb318d.msp [2012/04/28 11:19:09 | 016,613,376 | R--- | M] () -- C:\Windows\Installer\4e2883.msp [2010/03/15 17:18:40 | 002,397,184 | ---- | M] () -- C:\Windows\Installer\4e5729.msi [2010/05/07 22:47:58 | 008,227,328 | ---- | M] () -- C:\Windows\Installer\4e572f.msi [2010/06/05 18:08:06 | 004,235,264 | ---- | M] () -- C:\Windows\Installer\4e5735.msi [2010/06/05 18:18:32 | 006,564,352 | ---- | M] () -- C:\Windows\Installer\4e573b.msi [2008/08/08 16:11:02 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\4e5741.msi [2009/05/27 22:14:27 | 001,097,728 | ---- | M] () -- C:\Windows\Installer\541a45a.msi [2009/05/27 23:35:13 | 002,974,720 | ---- | M] () -- C:\Windows\Installer\541a462.msi [2011/08/17 11:49:58 | 000,683,520 | ---- | M] () -- C:\Windows\Installer\566308.msi [2011/07/15 06:36:18 | 002,118,144 | ---- | M] () -- C:\Windows\Installer\56630e.msi [2011/06/06 15:45:15 | 002,318,848 | ---- | M] () -- C:\Windows\Installer\5a8d6b7.msi [2012/01/03 12:44:25 | 015,929,344 | R--- | M] () -- C:\Windows\Installer\5a8d6b8.msp [2010/06/25 03:09:18 | 000,564,736 | ---- | M] () -- C:\Windows\Installer\5e5797.msi [2009/04/14 04:50:22 | 005,191,680 | R--- | M] () -- C:\Windows\Installer\6181960.msp [2009/04/14 03:22:08 | 019,840,000 | R--- | M] () -- C:\Windows\Installer\6181969.msp [2009/04/04 10:14:58 | 001,094,656 | R--- | M] () -- C:\Windows\Installer\6181975.msp [2009/04/04 11:36:32 | 021,390,848 | R--- | M] () -- C:\Windows\Installer\6181976.msp [2009/04/04 17:09:34 | 015,190,016 | R--- | M] () -- C:\Windows\Installer\618197d.msp [2009/04/04 17:08:40 | 343,058,432 | R--- | M] () -- C:\Windows\Installer\6181b7b.msp [2009/04/04 17:05:54 | 007,999,488 | R--- | M] () -- C:\Windows\Installer\6181b8a.msp [2009/04/04 17:10:08 | 009,926,144 | R--- | M] () -- C:\Windows\Installer\6181b95.msp [2009/04/04 17:10:16 | 007,888,384 | R--- | M] () -- C:\Windows\Installer\6181b9f.msp [2009/04/04 17:10:24 | 001,282,560 | R--- | M] () -- C:\Windows\Installer\6181ba7.msp [2009/04/14 03:20:06 | 009,573,376 | R--- | M] () -- C:\Windows\Installer\6181bb0.msp [2009/04/14 04:56:18 | 020,498,944 | R--- | M] () -- C:\Windows\Installer\6181bb9.msp [2009/02/25 19:08:18 | 008,311,808 | R--- | M] () -- C:\Windows\Installer\6181be8.msp [2009/05/07 09:04:06 | 018,341,376 | R--- | M] () -- C:\Windows\Installer\6181bf1.msp [2009/04/14 03:46:12 | 015,438,848 | R--- | M] () -- C:\Windows\Installer\6181bfa.msp [2009/04/14 04:51:24 | 001,303,040 | R--- | M] () -- C:\Windows\Installer\6181c03.msp [2011/03/28 21:34:06 | 008,810,496 | ---- | M] () -- C:\Windows\Installer\6323d62.msi [2011/03/28 21:38:32 | 004,227,072 | ---- | M] () -- C:\Windows\Installer\6323d66.msi [2011/03/28 21:33:57 | 000,026,112 | ---- | M] () -- C:\Windows\Installer\6323d6a.msi [2011/03/28 21:35:41 | 000,074,240 | ---- | M] () -- C:\Windows\Installer\6323d6e.msi [2011/03/28 21:38:22 | 002,856,448 | ---- | M] () -- C:\Windows\Installer\6323d72.msi [2011/03/28 21:38:56 | 009,553,920 | ---- | M] () -- C:\Windows\Installer\6323d76.msi [2011/03/28 21:38:41 | 000,053,248 | ---- | M] () -- C:\Windows\Installer\6323d7a.msi [2011/03/28 21:38:47 | 000,037,888 | ---- | M] () -- C:\Windows\Installer\6323d7e.msi [2011/03/28 21:33:22 | 009,433,088 | ---- | M] () -- C:\Windows\Installer\6323d82.msi [2011/03/28 21:33:29 | 007,710,720 | ---- | M] () -- C:\Windows\Installer\6323d8b.msi [2011/03/28 21:33:38 | 004,680,704 | ---- | M] () -- C:\Windows\Installer\6323da2.msi [2011/03/28 21:33:40 | 002,343,936 | ---- | M] () -- C:\Windows\Installer\6323db0.msi [2011/03/28 21:33:45 | 000,147,968 | ---- | M] () -- C:\Windows\Installer\6323db4.msi [2011/03/28 21:33:46 | 000,429,056 | ---- | M] () -- C:\Windows\Installer\6323db8.msi [2011/03/28 21:33:56 | 004,004,864 | ---- | M] () -- C:\Windows\Installer\6323dc2.msi [2011/03/28 21:34:09 | 002,312,704 | ---- | M] () -- C:\Windows\Installer\6323dd1.msi [2011/03/28 21:34:16 | 008,332,288 | ---- | M] () -- C:\Windows\Installer\6323ddd.msi [2011/03/28 21:35:07 | 021,302,784 | ---- | M] () -- C:\Windows\Installer\6323e0b.msi [2011/03/28 21:35:20 | 003,664,384 | ---- | M] () -- C:\Windows\Installer\6323e22.msi [2011/03/28 21:35:44 | 003,734,016 | ---- | M] () -- C:\Windows\Installer\6323e26.msi [2011/03/28 21:36:02 | 013,850,624 | ---- | M] () -- C:\Windows\Installer\6323e7b.msi [2011/03/28 21:36:08 | 008,313,856 | ---- | M] () -- C:\Windows\Installer\6323eac.msi [2011/03/28 21:36:57 | 034,193,408 | ---- | M] () -- C:\Windows\Installer\6323ee9.msi [2011/03/28 21:37:55 | 011,846,656 | ---- | M] () -- C:\Windows\Installer\6323f89.msi [2011/03/28 21:38:02 | 000,775,168 | ---- | M] () -- C:\Windows\Installer\6323f8d.msi [2011/03/28 21:38:26 | 006,363,136 | ---- | M] () -- C:\Windows\Installer\6323f91.msi [2011/03/28 21:38:37 | 006,195,200 | ---- | M] () -- C:\Windows\Installer\6323f95.msi [2011/03/28 21:39:05 | 003,454,976 | ---- | M] () -- C:\Windows\Installer\6323f99.msi [2011/03/28 21:33:16 | 000,067,072 | ---- | M] () -- C:\Windows\Installer\6323f9d.msi [2011/03/28 21:33:32 | 001,492,992 | ---- | M] () -- C:\Windows\Installer\6323fa1.msi [2011/03/28 21:34:57 | 001,070,592 | ---- | M] () -- C:\Windows\Installer\6323fa5.msi [2011/03/28 21:35:28 | 006,660,608 | ---- | M] () -- C:\Windows\Installer\6323fa9.msi [2011/03/28 21:36:15 | 003,410,944 | ---- | M] () -- C:\Windows\Installer\6323fad.msi [2011/03/28 21:36:19 | 004,175,360 | ---- | M] () -- C:\Windows\Installer\6323fb1.msi [2011/03/28 21:37:01 | 004,250,112 | ---- | M] () -- C:\Windows\Installer\6323fb5.msi [2011/03/28 21:38:07 | 000,153,600 | ---- | M] () -- C:\Windows\Installer\6323fb9.msi [2011/03/28 21:38:16 | 000,029,696 | ---- | M] () -- C:\Windows\Installer\6323fbd.msi [2011/03/28 21:38:44 | 002,631,168 | ---- | M] () -- C:\Windows\Installer\6323fc1.msi [2011/03/28 21:38:48 | 000,074,240 | ---- | M] () -- C:\Windows\Installer\6323fc5.msi [2011/03/28 21:38:57 | 000,065,536 | ---- | M] () -- C:\Windows\Installer\6323fc9.msi [2011/03/28 21:39:02 | 000,056,832 | ---- | M] () -- C:\Windows\Installer\6323fcd.msi [2011/03/28 21:39:11 | 003,095,552 | ---- | M] () -- C:\Windows\Installer\6323fd1.msi [2008/08/31 14:35:31 | 000,240,128 | ---- | M] () -- C:\Windows\Installer\63a22e.msi [2011/04/16 12:18:10 | 001,908,736 | ---- | M] () -- C:\Windows\Installer\63a23b.msi [2010/11/25 10:12:14 | 000,510,464 | R--- | M] () -- C:\Windows\Installer\6916a.msp [2010/07/16 09:41:36 | 001,732,608 | R--- | M] () -- C:\Windows\Installer\69171.msp [2010/07/23 01:04:08 | 011,395,072 | R--- | M] () -- C:\Windows\Installer\75943ca.msp [2011/01/11 17:53:56 | 001,763,328 | R--- | M] () -- C:\Windows\Installer\75943e5.msp [2010/08/04 15:12:26 | 001,004,544 | R--- | M] () -- C:\Windows\Installer\75943ed.msp [2010/07/23 01:03:24 | 000,338,432 | R--- | M] () -- C:\Windows\Installer\7594404.msp [2009/08/18 13:08:34 | 001,373,696 | R--- | M] () -- C:\Windows\Installer\759441b.msp [2009/05/26 18:53:56 | 000,579,072 | R--- | M] () -- C:\Windows\Installer\7594431.msp [2009/10/16 07:08:48 | 002,237,952 | R--- | M] () -- C:\Windows\Installer\7594448.msp [2010/05/20 19:57:12 | 005,907,456 | R--- | M] () -- C:\Windows\Installer\7594468.msp [2010/05/20 19:57:18 | 004,989,952 | R--- | M] () -- C:\Windows\Installer\7594469.msp [2010/12/21 13:06:38 | 011,570,688 | R--- | M] () -- C:\Windows\Installer\759448d.msp [2010/04/24 17:07:58 | 004,667,392 | R--- | M] () -- C:\Windows\Installer\75944b5.msp [2009/07/27 04:31:24 | 003,738,624 | R--- | M] () -- C:\Windows\Installer\75944cc.msp [2010/03/24 18:54:54 | 002,516,992 | R--- | M] () -- C:\Windows\Installer\75944f6.msp [2010/03/24 18:54:48 | 003,126,272 | R--- | M] () -- C:\Windows\Installer\75944f7.msp [2009/08/05 07:49:32 | 003,457,024 | R--- | M] () -- C:\Windows\Installer\7594511.msp [2010/08/13 18:00:36 | 009,404,928 | R--- | M] () -- C:\Windows\Installer\759452a.msp [2010/10/07 18:43:04 | 001,980,416 | R--- | M] () -- C:\Windows\Installer\7594541.msp [2010/08/04 15:13:04 | 000,686,080 | R--- | M] () -- C:\Windows\Installer\7594558.msp [2010/08/13 18:02:20 | 002,545,664 | R--- | M] () -- C:\Windows\Installer\759456f.msp [2010/08/13 17:59:46 | 008,182,272 | R--- | M] () -- C:\Windows\Installer\7594586.msp [2010/08/13 18:01:28 | 008,993,280 | R--- | M] () -- C:\Windows\Installer\75945a8.msp [2010/02/21 01:03:34 | 004,472,832 | R--- | M] () -- C:\Windows\Installer\75945c5.msp [2010/10/21 18:10:00 | 003,995,136 | R--- | M] () -- C:\Windows\Installer\75945e0.msp [2010/09/17 06:04:16 | 009,401,856 | R--- | M] () -- C:\Windows\Installer\759462c.msp [2012/03/15 14:26:06 | 004,212,736 | R--- | M] () -- C:\Windows\Installer\7d4303.msp [2012/04/22 22:46:00 | 001,187,328 | R--- | M] () -- C:\Windows\Installer\7d430c.msp [2012/05/30 07:17:06 | 005,010,432 | R--- | M] () -- C:\Windows\Installer\7d4321.msp [2009/04/14 04:21:34 | 015,303,168 | R--- | M] () -- C:\Windows\Installer\8219c21.msp [2011/02/16 13:54:08 | 004,992,000 | R--- | M] () -- C:\Windows\Installer\8219c38.msp [2009/04/14 04:18:14 | 009,684,480 | R--- | M] () -- C:\Windows\Installer\8219c63.msp [2009/04/14 04:49:26 | 001,922,560 | R--- | M] () -- C:\Windows\Installer\8219c6b.msp [2012/03/17 16:59:42 | 020,396,032 | ---- | M] () -- C:\Windows\Installer\8f786f07.msi [2012/03/17 17:00:56 | 011,105,280 | ---- | M] () -- C:\Windows\Installer\8f786f75.msi [2012/02/29 23:45:14 | 004,989,440 | R--- | M] () -- C:\Windows\Installer\904fba26.msp [2011/07/11 17:33:14 | 023,254,016 | R--- | M] () -- C:\Windows\Installer\96bf9bd.msp [2008/09/30 22:07:10 | 006,042,112 | ---- | M] () -- C:\Windows\Installer\9b1a6f1.msi [2009/07/21 01:29:14 | 006,057,984 | ---- | M] () -- C:\Windows\Installer\9b1a6f8.msi [2011/02/01 11:05:34 | 002,398,720 | ---- | M] () -- C:\Windows\Installer\9d00008.msi [2011/02/01 11:05:33 | 000,502,272 | ---- | M] () -- C:\Windows\Installer\9d0000e.msi [2011/02/01 11:05:44 | 001,714,176 | ---- | M] () -- C:\Windows\Installer\9d00014.msi [2011/02/01 11:05:49 | 002,024,448 | ---- | M] () -- C:\Windows\Installer\9d0001a.msi [2011/02/01 11:05:53 | 001,642,496 | ---- | M] () -- C:\Windows\Installer\9d00020.msi [2011/02/01 11:05:58 | 001,648,640 | ---- | M] () -- C:\Windows\Installer\9d00026.msi [2011/02/01 11:05:57 | 000,502,272 | ---- | M] () -- C:\Windows\Installer\9d0002c.msi [2011/02/01 11:06:00 | 002,320,896 | ---- | M] () -- C:\Windows\Installer\9d00032.msi [2011/02/01 11:06:07 | 000,503,296 | ---- | M] () -- C:\Windows\Installer\9d00038.msi [2011/02/01 11:06:07 | 000,502,272 | ---- | M] () -- C:\Windows\Installer\9d0003e.msi [2011/02/01 11:06:17 | 000,514,048 | ---- | M] () -- C:\Windows\Installer\9d00044.msi [2011/02/01 11:06:14 | 000,518,144 | ---- | M] () -- C:\Windows\Installer\9d0004b.msi [2011/02/01 11:06:08 | 000,507,904 | ---- | M] () -- C:\Windows\Installer\9d00052.msi [2011/02/01 11:06:08 | 000,502,272 | ---- | M] () -- C:\Windows\Installer\9d00058.msi [2011/02/01 11:06:22 | 001,653,760 | ---- | M] () -- C:\Windows\Installer\9d0005e.msi [2011/02/01 11:06:26 | 001,654,272 | ---- | M] () -- C:\Windows\Installer\9d00064.msi [2011/02/01 11:06:31 | 001,654,272 | ---- | M] () -- C:\Windows\Installer\9d0006a.msi [2011/02/01 11:06:30 | 000,502,272 | ---- | M] () -- C:\Windows\Installer\9d00070.msi [2011/02/01 11:06:38 | 001,642,496 | ---- | M] () -- C:\Windows\Installer\9d00076.msi [2011/02/01 11:06:46 | 000,847,872 | ---- | M] () -- C:\Windows\Installer\9d0007d.msi [2011/02/01 11:06:51 | 018,183,680 | ---- | M] () -- C:\Windows\Installer\9d00087.msi [2009/07/11 21:46:42 | 003,136,512 | ---- | M] () -- C:\Windows\Installer\a14ecf7.msi [2011/04/28 09:57:38 | 002,721,280 | R--- | M] () -- C:\Windows\Installer\c9ea4c6.msp [2011/07/27 07:42:04 | 004,985,856 | R--- | M] () -- C:\Windows\Installer\c9ea4dc.msp [2012/02/17 08:45:24 | 002,299,392 | R--- | M] () -- C:\Windows\Installer\cafd668.msp [2012/04/28 21:43:58 | 008,459,264 | R--- | M] () -- C:\Windows\Installer\cafd67f.msp [2012/03/15 02:24:28 | 001,795,584 | R--- | M] () -- C:\Windows\Installer\cafd696.msp [2012/04/04 22:38:16 | 003,620,864 | R--- | M] () -- C:\Windows\Installer\cafd6ad.msp [2011/12/15 14:54:16 | 039,732,736 | R--- | M] () -- C:\Windows\Installer\cafd6d1.msp [2012/04/30 14:38:28 | 005,011,456 | R--- | M] () -- C:\Windows\Installer\cafd6e7.msp [2012/01/19 14:20:42 | 011,997,696 | R--- | M] () -- C:\Windows\Installer\cafd6f5.msp [2012/04/28 21:44:02 | 009,586,176 | R--- | M] () -- C:\Windows\Installer\cafd70c.msp [2012/04/28 21:44:02 | 009,101,824 | R--- | M] () -- C:\Windows\Installer\cafd723.msp [2012/04/04 22:38:44 | 002,831,360 | R--- | M] () -- C:\Windows\Installer\cafd73a.msp [2011/05/18 23:06:22 | 038,672,896 | R--- | M] () -- C:\Windows\Installer\d4564f.msp [2011/07/27 07:39:50 | 009,892,352 | R--- | M] () -- C:\Windows\Installer\d45665.msp [2011/07/27 07:37:28 | 011,592,192 | R--- | M] () -- C:\Windows\Installer\d45683.msp [2011/09/06 21:48:02 | 008,181,248 | R--- | M] () -- C:\Windows\Installer\d4569a.msp [2011/07/21 12:34:34 | 003,456,000 | R--- | M] () -- C:\Windows\Installer\d456a6.msp [2011/08/10 17:42:04 | 007,070,208 | R--- | M] () -- C:\Windows\Installer\d456bc.msp [2011/08/24 06:37:22 | 004,985,856 | R--- | M] () -- C:\Windows\Installer\d456d3.msp [2011/04/06 22:12:06 | 194,340,864 | R--- | M] () -- C:\Windows\Installer\d456f4.msp [2011/06/21 11:59:26 | 001,764,352 | R--- | M] () -- C:\Windows\Installer\d4570b.msp [2011/09/06 21:46:22 | 009,006,080 | R--- | M] () -- C:\Windows\Installer\d45722.msp [2011/08/10 17:43:30 | 003,795,968 | R--- | M] () -- C:\Windows\Installer\d45739.msp [2008/08/08 16:46:10 | 000,242,176 | ---- | M] () -- C:\Windows\Installer\d481.msi [2010/07/10 23:39:56 | 000,004,096 | ---- | M] () -- C:\Windows\Installer\d48d.msi [2012/04/04 22:37:36 | 003,149,824 | R--- | M] () -- C:\Windows\Installer\f4b9277.msp [2012/04/04 22:37:40 | 002,540,544 | R--- | M] () -- C:\Windows\Installer\f4b929c.msp [2012/06/19 12:54:42 | 005,009,920 | R--- | M] () -- C:\Windows\Installer\f4b92b3.msp [2012/06/19 12:54:40 | 002,239,488 | R--- | M] () -- C:\Windows\Installer\f4b92ca.msp [2012/05/30 07:18:24 | 001,739,264 | R--- | M] () -- C:\Windows\Installer\f4b92d4.msp [2012/05/30 07:18:08 | 011,885,056 | R--- | M] () -- C:\Windows\Installer\f4b9304.msp [2012/05/02 21:27:36 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{05BFB060-4F22-4710-B0A2-2801A1B606C5}.SchedServiceConfig.rmi [2011/06/10 12:23:21 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{439760BC-7737-4386-9B1D-A90A3E8A22EA}.SchedServiceConfig.rmi [2011/03/28 21:49:01 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}.SchedServiceConfig.rmi [2011/11/19 19:30:58 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{75104836-CAC7-444E-A39E-3F54151942F5}.SchedServiceConfig.rmi [2011/04/06 14:38:29 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{774088D4-0777-4D78-904D-E435B318F5D2}.SchedServiceConfig.rmi [2011/03/10 18:54:37 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{8F473675-D702-45F9-8EBC-342B40C17BF5}.SchedServiceConfig.rmi [2012/03/17 17:10:34 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}.SchedServiceConfig.rmi [2011/03/28 21:48:31 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}.SchedServiceConfig.rmi [2011/02/21 14:11:15 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{E5C95CA5-4565-4B9D-97ED-05088D775614}.SchedServiceConfig.rmi [1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ] < %windir%\system32\tasks\*.* > < %windir%\system32\tasks\*.* /64 > [2012/07/18 14:20:42 | 000,003,622 | ---- | M] () -- C:\Windows\SysNative\tasks\Ad-Aware Update (Weekly) [2012/05/12 09:42:07 | 000,003,768 | ---- | M] () -- C:\Windows\SysNative\tasks\Adobe Flash Player Updater [2012/07/08 16:28:42 | 000,003,924 | ---- | M] () -- C:\Windows\SysNative\tasks\avast! Emergency Update [2012/07/11 18:01:18 | 000,003,548 | ---- | M] () -- C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001Core [2012/07/11 18:01:25 | 000,003,916 | ---- | M] () -- C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001UA [2012/07/16 20:56:59 | 000,003,644 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore [2012/07/16 20:57:01 | 000,003,896 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA [2012/07/13 02:56:47 | 000,003,494 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001Core [2012/07/13 02:56:48 | 000,003,890 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001UA [2012/07/08 18:43:52 | 000,003,198 | ---- | M] () -- C:\Windows\SysNative\tasks\HPCeeScheduleForpeckent [2011/04/10 11:05:53 | 000,002,844 | ---- | M] () -- C:\Windows\SysNative\tasks\PC Optimizer Pro64 startups [2011/01/26 01:52:53 | 000,003,698 | ---- | M] () -- C:\Windows\SysNative\tasks\RecoveryCDWin7 [2012/07/08 15:40:56 | 000,003,148 | ---- | M] () -- C:\Windows\SysNative\tasks\SidebarExecute [2011/12/15 23:50:36 | 000,003,110 | ---- | M] () -- C:\Windows\SysNative\tasks\{1C463E37-D396-4685-B76D-7E807B3A6378} [2011/03/19 10:09:30 | 000,003,192 | ---- | M] () -- C:\Windows\SysNative\tasks\{A0C46DB6-84FF-40B1-BB57-C7E1402E28F6} [2011/02/18 17:00:30 | 000,003,192 | ---- | M] () -- C:\Windows\SysNative\tasks\{B0857758-3D4A-4BB0-87EE-A2B6F02AF9C7} [2011/06/04 16:46:07 | 000,002,966 | ---- | M] () -- C:\Windows\SysNative\tasks\{B148C9EA-8965-4743-BE71-C4DD1AC103F6} < %systemroot%\Fonts\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2010/07/10 21:17:45 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2010/07/10 21:15:00 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010/07/10 21:17:45 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010/07/10 21:15:00 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2010/07/10 21:17:45 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010/07/10 21:15:00 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2010/07/10 21:17:45 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2010/07/10 21:15:00 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009/07/13 20:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009/07/13 20:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009/07/13 20:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009/07/13 20:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: SVCHOST.EXE > [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe < MD5 for: USERINIT.EXE > [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010/07/10 21:17:45 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010/07/10 21:17:45 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < C:\Windows\assembly\tmp\U\*.* /s > < %Temp%\smtmp\1\*.* > < %Temp%\smtmp\2\*.* > < %Temp%\smtmp\3\*.* > < %Temp%\smtmp\4\*.* > < type c:\diskreport.txt /c > Microsoft DiskPart version 6.1.7601 Copyright (C) 1999-2008 Microsoft Corporation. On computer: PKE Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- Volume 0 E DVD-ROM 0 B No Media Volume 1 SYSTEM NTFS Partition 199 MB Healthy System Volume 2 C NTFS Partition 215 GB Healthy Boot Volume 3 D RECOVERY NTFS Partition 17 GB Healthy Volume 4 HP_TOOLS FAT32 Partition 103 MB Healthy Volume 5 F USB DISK FAT32 Removable 7800 MB Healthy ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp  FC5A2B2@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp 1B5B4F1
__________________ Just go with the flow, like a twig on the shoulders of a mighty stream MVP in Consumer Security |
22-Jul-2012, 12:24 PM
#18 | |||||||
| Last then I'll look at the logs  Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.08.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 peckent :: PKE [administrator] Protection: Enabled 7/8/2012 6:32:06 PM mbam-log-2012-07-08 (18-32-06).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 211376 Time elapsed: 10 minute(s), 14 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 6 HKCR\CLSID\{056c9352-8cb3-4465-9190-8a37b981e949} (PUP.AdurrPlugin) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{056C9352-8CB3-4465-9190-8A37B981E949} (PUP.AdurrPlugin) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{056C9352-8CB3-4465-9190-8A37B981E949} (PUP.AdurrPlugin) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{056C9352-8CB3-4465-9190-8A37B981E949} (PUP.AdurrPlugin) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vfd-pmi (PUP.FCTPlugin) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 9 C:\Program Files (x86)\Object (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\chromeaddon (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\content (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\defaults (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\defaults\preferences (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\locale (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\locale\en-US (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\skin (PUP.FCTPlugin) -> Quarantined and deleted successfully. Files Detected: 32 C:\Program Files (x86)\Object\status.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\chromeaddon.crx (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\ChromeAddon.pem (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\config.ini (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\status2.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\status3.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\status4.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\vfd-pmi_uninstall.exe (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\chromeaddon\._included.js (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\chromeaddon\background.html (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\chromeaddon\included.js (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\chromeaddon\manifest.json (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\build.sh (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\chrome.manifest (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\config_build.sh (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\files (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\install.rdf (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\readme.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\content\.DS_Store (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\content\firefoxOverlay.xul (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\content\installid.js (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\content\overlay.js (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\content\sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\defaults\.DS_Store (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\defaults\preferences\.DS_Store (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\defaults\preferences\._sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\defaults\preferences\sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\locale\.DS_Store (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\locale\en-US\.DS_Store (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\locale\en-US\sudoku.dtd (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\locale\en-US\sudoku.properties (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\skin\overlay.css (PUP.FCTPlugin) -> Quarantined and deleted successfully. (end) |
22-Jul-2012, 01:05 PM
#19 | |||||||
| Okay, firstly your Java is out of date, so lets sort that out: Upgrade Java : (32 bits)
After doing the above, for the remains of the Java, can you do this: Open Java in the Control Panel and under the General tab, under Temporary Internet Files, click the Settings button. Then click on Delete Files. Make sure both of these options are checked:
---------------------- Then, go to AddRemove Programs via the control panel, or Start | Programs, and uninstall these, if there: blekkosearch conduit ask.com websearch Reboot, then, run the following fix: The ERUNT tool is just a failsafe, 99.999% of the time, no problems arise, but prefer to be safe The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first. Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding. Backing Up Your Registry
 ---------------- Run OTL
======================= After doing the above, can you then run this and post the log: Delete any copies of Combofix that you have. Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.  Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:  Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. eddie |
28-Jul-2012, 03:09 PM
#22 | ||||||
| Quote:
Quote:
 ok, for you, i will . in fact, i'm going right at this instance & having at it. ! except,  i'm violating the no-extra-work-on-weekends *rule.*  are you fine with that..? i feel like a taskmistress. not good.. (although you mentioned it, so i'll do it, & then you can bother with it whenever it suits.  ? ) |
28-Jul-2012, 07:32 PM
#23 | ||||||
| for the java, it didn’t give me any options regarding the download; when i clicked on the link it started downloading right away. i moved it to the desktop later (since there wasn’t an option for that earlier, not sure what i missed there.  even cancelled the download & tried again -- same thing).then to add to the joy, no OTL log after reboot, so i ran it again. more user-related trouble --> realised (too late) i had word doc open with your instructions . tried to close it, & everything froze.here is 1st log that was eventually produced: ----------------- Files\Folders moved on Reboot... File\Folder C:\Users\peckent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Disney Vacation Connection.lnk not found! File move failed. C:\Users\peckent\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot. C:\Users\peckent\AppData\Local\Temp\~DF3B8481D9F47943A9.TMP moved successfully. C:\Users\peckent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{585956A3-FEF0-40B5-B0A6-8DB813ED74F0}.tmp moved successfully. C:\Users\peckent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7E7EF67F-4DFA-494B-9E64-7C371A15EC69}.tmp moved successfully. C:\Users\peckent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A505D7D0-AC82-420C-991E-9F7481A6D6B3}.tmp moved successfully. C:\Users\peckent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D0FA1A0D-1BFB-4400-9756-EE7C20FFA748}.tmp moved successfully. File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. PendingFileRenameOperations files... File C:\Users\peckent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Disney Vacation Connection.lnk not found! [2011/01/26 01:53:46 | 000,000,000 | ---- | M] () C:\Users\peckent\AppData\Local\Temp\FXSAPIDebugLogFile.txt : Unable to obtain MD5 File C:\Users\peckent\AppData\Local\Temp\~DF3B8481D9F47943A9.TMP not found! File C:\Users\peckent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{585956A3-FEF0-40B5-B0A6-8DB813ED74F0}.tmp not found! File C:\Users\peckent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7E7EF67F-4DFA-494B-9E64-7C371A15EC69}.tmp not found! File C:\Users\peckent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A505D7D0-AC82-420C-991E-9F7481A6D6B3}.tmp not found! File C:\Users\peckent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D0FA1A0D-1BFB-4400-9756-EE7C20FFA748}.tmp not found! [2012/07/28 17:16:19 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5 Registry entries deleted on Reboot... ----------- had thermal shutdown.. final log though! :-------------------- All processes killed ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{435795D6-C142-443D-9CF5-DF53555445FA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{435795D6-C142-443D-9CF5-DF53555445FA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{435795D6-C142-443D-9CF5-DF53555445FA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{435795D6-C142-443D-9CF5-DF53555445FA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-2327258083-2090196491-1419138448-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{37153479-1976-43c3-a1ee-557513977b64} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37153479-1976-43c3-a1ee-557513977b64}\ not found. Registry key HKEY_USERS\S-1-5-21-2327258083-2090196491-1419138448-1001\Software\Microsoft\Internet Explorer\SearchScopes\{24D32B2D-C7A0-4B38-8AE6-24BFE53EE2B5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24D32B2D-C7A0-4B38-8AE6-24BFE53EE2B5}\ not found. Registry key HKEY_USERS\S-1-5-21-2327258083-2090196491-1419138448-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found. Registry key HKEY_USERS\S-1-5-21-2327258083-2090196491-1419138448-1001\Software\Microsoft\Internet Explorer\SearchScopes\{435795D6-C142-443D-9CF5-DF53555445FA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{435795D6-C142-443D-9CF5-DF53555445FA}\ not found. Registry key HKEY_USERS\S-1-5-21-2327258083-2090196491-1419138448-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Prefs.js: "Blekko" removed from browser.search.selectedEngine Prefs.js: "http://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=vafoontoolbar&u=USERGUID&q=" removed from keyword.URL 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mywebsearch.com/Plugin\ not found. Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin\ not found. File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearc h.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin not found. Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to remove the default_search_provider items. Registry value HKEY_USERS\S-1-5-21-2327258083-2090196491-1419138448-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found. Registry value HKEY_USERS\S-1-5-21-2327258083-2090196491-1419138448-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DW6 not found. Registry value HKEY_USERS\S-1-5-21-2327258083-2090196491-1419138448-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DW7 not found. Registry value HKEY_USERS\S-1-5-21-2327258083-2090196491-1419138448-1001\Software\Microsoft\Windows\CurrentVersion\Run\\HPAdvisorDock not found. Registry value HKEY_USERS\S-1-5-21-2327258083-2090196491-1419138448-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Weather not found. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found. File move failed. C:\Users\peckent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Disney Vacation Connection.lnk scheduled to be moved on reboot. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explo rer\\NoActiveDesktop not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explo rer\\NoActiveDesktopChanges not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\ gopher|:gopher:// /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ not found. File Protocol\Handler\grooveLocalGWS - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ not found. File Protocol\Handler\livecall - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ not found. File Protocol\Handler\ms-help - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ not found. File Protocol\Handler\msnim - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ not found. File Protocol\Handler\wlmailhtml - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ not found. File Protocol\Handler\wlpg - No CLSID value found not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad\\WebCheck not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad\\WebCheck not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. File/Folder C:\Users\peckent\Desktop\*.tmp not found. File/Folder C:\Windows\Installer\*.tmp not found. Unable to delete ADS C:\ProgramData\Temp:430C6D84 . Unable to delete ADS C:\ProgramData\Temp FC5A2B2 .Unable to delete ADS C:\ProgramData\Temp 1B5B4F1 .Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\peckent\Downloads\cmd.bat deleted successfully. C:\Users\peckent\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: peckent ->Temp folder emptied: 307708 bytes ->Temporary Internet Files folder emptied: 44796 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 6789841 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2418 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deplo yment folder emptied: 0 bytes RecycleBin emptied: 182475220 bytes Total Files Cleaned = 181.00 mb [EMPTYJAVA] User: All Users User: Default User: Default User User: peckent ->Java cache emptied: 0 bytes User: Public Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: peckent ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.55.0 log created on 07282012_173255 Files\Folders moved on Reboot... File\Folder C:\Users\peckent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Disney Vacation Connection.lnk not found! File\Folder C:\Users\peckent\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. PendingFileRenameOperations files... File C:\Users\peckent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Disney Vacation Connection.lnk not found! File C:\Users\peckent\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! [2012/07/28 17:53:26 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5 Registry entries deleted on Reboot... ---------- thanks v. v. much!! |
29-Jul-2012, 08:30 AM
#24 | |||||||
| Its okay to post at the weekends, its just that as I work late hours thru the week, when the weekend comes, I try to get out and do things, or watch films etc. I do still keep an eye on here when I can As for Java, did it finally install, and were the old ones removed? If you're unsure, can you re-run OTL as you originally did at the very beginning. Only the one log will be produced, just copy/paste that here |
29-Jul-2012, 02:14 PM
#25 | ||||||
| i would hope you're getting out with a schedule like that!! sounds as if you may as well forget sleeping & breathing if you're putting down those hours !!glad you mentioned movies, since everyone waits for those installments! ! the soapbox hibernated from neglect (i'm just teasing, & know you can't constantly do everything).ok, java. ? i was hoping you could tell, eeeeek. i peeked under control panel & programmes, & it said 7.0.50 is there. i didn't re-run OTL, as i'm trying the lazy way first. is 7.0.50 what's supposed to there? <holding my breath > |
30-Jul-2012, 02:41 PM
#26 | |||||||
| That's okay about the Java, that is the latest version Can you run this for me know Delete any copies of Combofix that you have. Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. eddie |
30-Jul-2012, 07:22 PM
#27 | ||||||
| java -- woo hoo! Quote:
thanks!! |
31-Jul-2012, 08:27 PM
#28 | ||||||
| don’t know if you need the play-by-play or not.. cf downloaded, i renamed it after the fact & make a desktop shortcut. ran cf, but it never gave the option for the recovery console (which wasn’t on there as far as i could tell). everything running along smoothly, then thermal shutdown. i restarted it, & cf. cf said not to run any other programmes & that it was preparing a log. the log never materialised, just a blinking cursor. i finally closed it, and tried to restart cf. got error message: illegal operation attempted on a registry key that has been marked for deletion. tried deleting cf & was going to re-install & start over, except it didn’t show up anywhere (not under the re-named username123.exe or combofix). same error message no matter what i tried to open (ie. turning avast back on, et al.) gave up, reinstalled cf --> it ran, it logged ‼ thanks again.. ================== ComboFix 12-07-30.03 - peckent 07/31/2012 15:42:04.2.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1787.732 [GMT -5:00] Running from: c:\users\peckent\Desktop\username123.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\program files (x86)\getdislike\chrome.crx c:\program files (x86)\getdislike\GetDislike.dll c:\program files (x86)\getdislike\GetDislike.xpi c:\program files (x86)\getdislike\Interop.MSHTML.dll c:\program files (x86)\getdislike\Interop.SHDocVw.dll c:\program files (x86)\Mozilla Firefox\searchplugins\search.xml c:\windows\SysWow64\DEBUG.log . . ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 ))))))))))))))))))))))))))))))) . . 2012-07-31 20:52 . 2012-07-31 20:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-31 20:12 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75D0242F-26BB-438B-A0CD-11634D5CEA30}\mpengine.dll 2012-07-29 21:35 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-28 21:52 . 2012-07-28 21:52 -------- d-----w- C:\_OTL 2012-07-28 20:52 . 2012-07-28 20:52 -------- d-----w- c:\program files (x86)\ERUNT 2012-07-28 20:27 . 2012-07-28 20:27 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-07-28 20:26 . 2012-07-28 20:24 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-07-12 20:40 . 2012-07-21 18:10 18912 ----a-w- c:\program files (x86)\Mozilla Firefox\AccessibleMarshal.dll 2012-07-12 20:39 . 2012-07-21 18:10 136672 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll 2012-07-12 20:39 . 2012-07-21 18:10 117728 ----a-w- c:\program files (x86)\Mozilla Firefox\crashreporter.exe 2012-07-12 20:39 . 2012-07-12 20:40 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll 2012-07-12 20:39 . 2012-07-21 18:10 913888 ----a-w- c:\program files (x86)\Mozilla Firefox\firefox.exe 2012-07-12 20:39 . 2012-07-21 18:10 573920 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-07-12 20:39 . 2012-07-21 18:10 258528 ----a-w- c:\program files (x86)\Mozilla Firefox\freebl3.dll 2012-07-12 20:39 . 2012-07-21 18:10 82400 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll 2012-07-12 20:39 . 2012-07-12 20:39 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll 2012-07-12 20:39 . 2012-07-21 18:10 425952 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll 2012-07-12 20:39 . 2012-07-21 18:10 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-07-12 02:16 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-12 02:04 . 2012-06-02 08:20 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-07-11 23:15 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 23:14 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2012-07-11 23:14 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll 2012-07-11 23:14 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll 2012-07-11 23:14 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll 2012-07-11 23:14 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll 2012-07-11 23:14 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll 2012-07-11 23:14 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll 2012-07-11 23:14 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-07-08 23:22 . 2012-02-09 18:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93EC3907-C16E-4DE6-A9ED-5A5CBC581474}\gapaengine.dll 2012-07-08 22:31 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-07-08 22:31 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-07-08 22:31 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-07-08 22:30 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-07-08 22:30 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-07-08 22:30 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-07-08 22:30 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-07-08 22:30 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-08 22:30 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-07-08 22:30 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-07-08 22:28 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-07-08 22:28 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-07-08 22:28 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-07-08 22:28 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-07-08 22:28 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-07-08 22:28 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-07-08 21:58 . 2012-07-08 21:58 -------- d-----w- c:\program files (x86)\vafoontoolbar 2012-07-08 21:28 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-07-08 21:28 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-07-08 21:28 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-07-08 21:28 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-07-08 21:28 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-08 21:28 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-07-08 21:25 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr 2012-07-08 21:25 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-07-08 21:20 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-07-08 21:20 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-07-08 21:20 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-07-08 21:20 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-07-08 21:19 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-07-08 21:19 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-07-08 21:19 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-07-08 21:16 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-07-08 21:16 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-28 20:24 . 2010-07-11 03:58 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-07-12 02:08 . 2011-03-10 01:21 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-03 18:46 . 2011-08-24 17:53 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-03 16:21 . 2012-05-30 02:13 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-05-12 15:15 . 2012-04-01 19:21 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-12 15:15 . 2012-03-24 19:12 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2c28e48b-1d93-3aa7-8b5f-82576c04a7bb}] 2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Facebook Update"="c:\users\peckent\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "GoogleChromeAutoLaunch_7F28BBEDCF20FE6B4C022DEFCEC2476C"="c:\users\peckent \AppData\Local\Google\Chrome\Application\chrome.exe" [2012-07-10 1250328] "InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-17 98304] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-03-23 217256] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\users\peckent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Facebook Messenger.lnk - c:\users\peckent\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessen ger.exe [2012-7-26 244656] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Button Manager.lnk - c:\program files (x86)\HP Button Manager\BM.exe [2011-5-8 266240] Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-21 113120] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-30 1255736] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-01 69376] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-20 203264] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416] S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-20 7767552] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-20 279040] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-04-01 17152] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - LAVASOFT_KERNEXPLORER . Contents of the 'Scheduled Tasks' folder . 2012-07-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-01 07:40] . 2012-07-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001Core.job - c:\users\peckent\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-08 22:59] . 2012-07-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001UA.job - c:\users\peckent\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-08 22:59] . 2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 20:04] . 2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 20:04] . 2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001Core.job - c:\users\peckent\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-02 21:57] . 2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001UA.job - c:\users\peckent\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-02 21:57] . 2012-07-08 c:\windows\Tasks\HPCeeScheduleForpeckent.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\peckent\AppData\Roaming\Mozilla\Firefox\Profiles\oknc1m79.default\ FF - prefs.js: browser.search.selectedEngine - Search the Web FF - prefs.js: browser.startup.homepage - hxxp://www.wahooschools.org/ FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62133&p= user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0); . - - - - ORPHANS REMOVED - - - - . HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Amazon MP3 Downloader - c:\users\peckent\Desktop\Uninstall.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-07-31 15:58:03 ComboFix-quarantined-files.txt 2012-07-31 20:58 . Pre-Run: 166,373,015,552 bytes free Post-Run: 166,022,574,080 bytes free . - - End Of File - - D9D3F6F25ED5572E231EA7904E64530B |
02-Aug-2012, 05:26 PM
#30 | ||||||
| i thought i already put the mbam logs on, & didn't understand why they weren't showing all those removals (the massive one over 200, & the shorter one.. 43? or something close to that number). i'll paste below. i'll write down the thermal shutdown notes next time; it happens often enough. i think it begins by saying BIOS. (well, that's helpful, isn't it?  ) is that why the mbam didn't show everything? it either completely froze when i clicked to remove it, or there was another thermal shutdown, or both. i'll have to peek at my notes, & i hope i detailed that part.. :S thanks again eddie !!============ Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.08.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 peckent :: PKE [administrator] Protection: Enabled 7/8/2012 6:32:06 PM mbam-log-2012-07-08 (18-32-06).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 211376 Time elapsed: 10 minute(s), 14 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 6 HKCR\CLSID\{056c9352-8cb3-4465-9190-8a37b981e949} (PUP.AdurrPlugin) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{056C9352-8CB3-4465-9190-8A37B981E949} (PUP.AdurrPlugin) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{056C9352-8CB3-4465-9190-8A37B981E949} (PUP.AdurrPlugin) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{056C9352-8CB3-4465-9190-8A37B981E949} (PUP.AdurrPlugin) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vfd-pmi (PUP.FCTPlugin) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 9 C:\Program Files (x86)\Object (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\chromeaddon (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\content (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\defaults (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\defaults\preferences (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\locale (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\locale\en-US (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\skin (PUP.FCTPlugin) -> Quarantined and deleted successfully. Files Detected: 32 C:\Program Files (x86)\Object\status.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\chromeaddon.crx (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\ChromeAddon.pem (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\config.ini (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\status2.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\status3.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\status4.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\vfd-pmi_uninstall.exe (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\chromeaddon\._included.js (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\chromeaddon\background.html (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\chromeaddon\included.js (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\chromeaddon\manifest.json (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\build.sh (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\chrome.manifest (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\config_build.sh (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\files (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\install.rdf (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\readme.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\content\.DS_Store (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\content\firefoxOverlay.xul (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\content\installid.js (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\content\overlay.js (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\content\sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\defaults\.DS_Store (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\defaults\preferences\.DS_Store (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\defaults\preferences\._sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\defaults\preferences\sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\locale\.DS_Store (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\locale\en-US\.DS_Store (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\locale\en-US\sudoku.dtd (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\locale\en-US\sudoku.properties (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files (x86)\Object\firefoxaddon\skin\overlay.css (PUP.FCTPlugin) -> Quarantined and deleted successfully. (end) -------------------- this is the one (below) that had 43 objects & then froze. it’s not showing anything; why is that? ---------------------- Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.18.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 peckent :: PKE [administrator] Protection: Enabled 7/18/2012 12:14:08 PM mbam-log-2012-07-18 (12-14-08).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 354839 Time elapsed: 1 hour(s), 59 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.
If you're not already familiar with forums, watch our Welcome Guide to get started.
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
