Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: eddie, can you rescue?


(!)

eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,259 posts.
 
Join Date: Mar 2001
Location: Bradford, England
22-Jul-2012, 12:21 PM #16
Posting OTL log:

OTL logfile created on: 7/18/2012 2:40:35 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = F:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.27 Gb Available Physical Memory | 15.51% Memory free
3.49 Gb Paging File | 1.20 Gb Available in Paging File | 34.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 215.36 Gb Total Space | 154.81 Gb Free Space | 71.88% Space Free | Partition Type: NTFS
Drive D: | 17.22 Gb Total Space | 2.49 Gb Free Space | 14.46% Space Free | Partition Type: NTFS
Drive F: | 7.60 Gb Total Space | 7.60 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: PKE | User Name: peckent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/18 14:28:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2012/07/13 02:56:29 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Users\peckent\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler. exe
PRC - [2012/07/11 17:58:17 | 001,551,384 | ---- | M] (Google Inc.) -- C:\Users\peckent\AppData\Local\Google\Chrome\Application\20.0.1132.57\Insta ller\setup.exe
PRC - [2012/07/06 11:53:20 | 000,217,536 | ---- | M] (Facebook) -- C:\Users\peckent\AppData\Local\Facebook\Messenger\2.1.4570.0\FacebookMessen ger.exe
PRC - [2012/07/03 11:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/23 10:12:26 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/11 13:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/08/15 08:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/04/19 01:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/22 17:30:52 | 000,266,240 | ---- | M] () -- C:\Program Files (x86)\HP Button Manager\BM.exe
PRC - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/08 21:54:38 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e3 9162b83f3303aaa\System.Web.ni.dll
MOD - [2012/07/08 21:54:07 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe6 51c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/07/08 21:53:58 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f8773 6d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/07/05 20:58:56 | 021,015,488 | ---- | M] () -- C:\Users\peckent\AppData\Local\Facebook\Messenger\2.1.4570.0\libcef.dll
MOD - [2012/07/05 20:58:16 | 000,284,096 | ---- | M] () -- C:\Users\peckent\AppData\Local\Facebook\Messenger\2.1.4570.0\CefSharp.WinFo rms.dll
MOD - [2012/07/05 20:56:24 | 000,456,128 | ---- | M] () -- C:\Users\peckent\AppData\Local\Facebook\Messenger\2.1.4570.0\CefSharp.dll
MOD - [2012/05/22 15:45:18 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083c bbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/22 15:40:01 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d4 9b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/22 15:39:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c50 6bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/22 15:39:18 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673 d948179195c\System.ni.dll
MOD - [2012/05/22 15:38:55 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a35 9778ea57d914c\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Dat a.dll
MOD - [2010/02/22 17:30:52 | 000,266,240 | ---- | M] () -- C:\Program Files (x86)\HP Button Manager\BM.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/12 15:39:57 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/03 11:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 11:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 11:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 11:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 11:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 11:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/09 10:21:59 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/01 02:22:02 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/22 12:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/20 02:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/20 01:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 21:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 21:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/23 20:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/04/01 02:22:04 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{435795D6-C142-443D-9CF5-DF53555445FA}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{A4E7CFF3-A356-4AC5-8377-F4FD9F8817F7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{CAE32FEA-4AB6-4F0F-AA49-50310E439920}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{F7133569-3DCB-4188-97EF-226825FA9793}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{435795D6-C142-443D-9CF5-DF53555445FA}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A4E7CFF3-A356-4AC5-8377-F4FD9F8817F7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
IE - HKLM\..\SearchScopes\{CAE32FEA-4AB6-4F0F-AA49-50310E439920}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{F7133569-3DCB-4188-97EF-226825FA9793}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blekkosearch.mystart.com/vafo...D&tbp=homepage
IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found
IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\SearchScopes,DefaultScope = {A4E7CFF3-A356-4AC5-8377-F4FD9F8817F7}
IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\SearchScopes\{24D32B2D-C7A0-4B38-8AE6-24BFE53EE2B5}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=WCL2&o=100000082&src=kw&q={searchTerms}&locale=&apn_p tnrs=^AA2&apn_dtid=^YYYYYY^YY^US&apn_uid=B6AF509F-47CE-4175-B474-5CB33D721D31&apn_sauid=5ED2A4A0-01E1-4223-8A83-0FEE40211D9B&
IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch.mystart.com/vafoontoolbar/?source=4744474a&tbp=rbox&toolbarid=vafoontoolbar&u=20120415638E48A580C2851 52144C76D&q={searchTerms}
IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\SearchScopes\{435795D6-C142-443D-9CF5-DF53555445FA}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\SearchScopes\{A4E7CFF3-A356-4AC5-8377-F4FD9F8817F7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\SearchScopes\{CAE32FEA-4AB6-4F0F-AA49-50310E439920}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\SearchScopes\{F7133569-3DCB-4188-97EF-226825FA9793}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Blekko"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.wahooschools.org/"
FF - prefs.js..keyword.URL: "http://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=vafoontoolbar&u=USERGUID&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\peckent\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\peckent\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\peckent\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\peckent\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\peckent\Desktop\npAmazonMP3DownloaderPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\peckent\AppData\Local\Facebook\Messenger\2.1.4570.0\npFbDesktopPlu gin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearc h.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\firefoxaddon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/08 16:27:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/12 15:40:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/28 11:28:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Users\peckent\AppData\Roaming\NetAssistant\ [2011/04/10 10:59:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6c4b3bf5-26fe-4373-8571-4e39446b7fd0}: C:\Program Files (x86)\getdislike\getdislike [2011/07/13 07:56:10 | 000,009,216 | ---- | M] (GetDislike)
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\firefoxaddon
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\info@friendschecker. com: C:\Program Files (x86)\FriendsChecker\Firefox\ [2012/06/05 13:18:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/12 15:40:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/28 11:28:35 | 000,000,000 | ---D | M]

[2012/03/23 12:11:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\peckent\AppData\Roaming\Mozilla\Extensions
[2012/07/12 11:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\peckent\AppData\Roaming\Mozilla\Firefox\Profiles\oknc1m79.default\ extensions
[2012/06/07 09:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/04 13:30:54 | 000,000,000 | ---D | M] ("GetDislike.com") -- C:\Program Files (x86)\Mozilla Firefox\extensions\{6c4b3bf5-26fe-4373-8571-4e39446b7fd0}
[2012/06/05 13:18:50 | 000,000,000 | ---D | M] (FriendsChecker) -- C:\PROGRAM FILES (X86)\FRIENDSCHECKER\FIREFOX
[2012/07/08 16:27:04 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/06/02 15:06:16 | 000,552,655 | ---- | M] () (No name found) -- C:\USERS\PECKENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OKNC1M79.DEFAULT\ EXTENSIONS\{771F3037-9885-4423-B50F-A5EDE4854E26}.XPI
[2012/07/12 15:39:59 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/05 23:09:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/12 15:39:44 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/07/12 15:39:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/12 15:39:44 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/07/12 15:39:44 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/15 16:52:22 | 000,002,160 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
[2012/07/12 15:39:44 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/07/12 15:39:44 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=ct2559 647
CHR - default_search_provider: suggest_url = http://search.conduit.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\peckent\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoo gleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\peckent\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.d ll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\peckent\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf 32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\peckent\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\peckent\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\peckent\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlu gin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - Extension: Google Translate = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: Angry Birds = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Solitaire = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim\1.4.0.3_0\
CHR - Extension: Freecell Solitaire = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\cabpjbpfakfhcfidnjahmdophhihafkh\1.0.0.1_0\
CHR - Extension: Multiplayer Piano = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbadoggeokhliehfonkefnfcbgocojid\13_0\
CHR - Extension: Solitaire Easter = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdhlajlhnhnhkjmnfnangaepoilhbcan\1.0.0.1_0\
CHR - Extension: Flight = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\cecapiaiollboefeimjhhdpopcfghejh\1.0_0\
CHR - Extension: StoryLines = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\celkoncipomnbmcomjieepceifpcdgdl\1.0.1_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_0\
CHR - Extension: Google Search = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Netflix = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh\1.0.0.2_0\
CHR - Extension: TripAdvisor = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnegghdcleoigballbmdmlhklhcdjli\1.0_0\
CHR - Extension: After the Deadline = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjadjbdihbaodagojiomdljhjhjfho\1.2_0\
CHR - Extension: PicMonkey = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm\1.3_0\
CHR - Extension: Cut the Rope = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\13_0\
CHR - Extension: The Elementals = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfhfehlnocjpbnbcabcjjnemkkkghaak\1.0.1_0\
CHR - Extension: Flood-It! = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp\1.11_0\
CHR - Extension: Cloud Reader = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.0.0.0_0\
CHR - Extension: avast! WebRep = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Nyan Cat - Lost in Space Flash = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaflfnajckagdhjlnkgndmbodjpkagcc\1.0_0\
CHR - Extension: Angry Games! = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeooehfcbblgooocjcchakggbaeljifc\1.0.2_0\
CHR - Extension: Water = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhngniaikeechlfoobjdckgdngpbkdoj\1.5_0\
CHR - Extension: Max = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjdeaehmpjghhfgepinklammfakbiceo\1.0_0\
CHR - Extension: Cargo Bridge = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\
CHR - Extension: Shopping Assistant = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\keigpnkjljkelclbjbekcfnaomfodamj\3.2.7_0\
CHR - Extension: Sand 2 = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\klicmgamjpclmbhppmdeamffedflmkcn\1.0.4_0\
CHR - Extension: Little Alchemy = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.12_0\
CHR - Extension: Webcam Toy = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.3.5_0\
CHR - Extension: Clear History = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhibcmkdgpfagejobeajjlidmoddmicp\1.4_0\
CHR - Extension: Rain Alarm = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\meaikaglpfemjncbioflellmppndgmok\1.1.6_0\
CHR - Extension: Where's My Water? = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnfafbniofcfoifoalcjaabpbddllccc\1.4_0\
CHR - Extension: Nyan Cat = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\neimpplmbdhflkfojgmplkgflkgmodpd\3.0_0\
CHR - Extension: Nyan Cat Lost In Space = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocolcbginmpjiobmipdgimnpeplgbghg\1.2_0\
CHR - Extension: Travel Math = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofpimeaclblbaodahnhhmlblagijlnad\1.0_0\
CHR - Extension: Psykopaint = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\
CHR - Extension: Psykopaint = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak
CHR - Extension: Uno = C:\Users\peckent\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnlcclaocpblfckpfgmpdfndodkofpo\2.3.1_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001..\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O4 - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001..\Run: [Facebook Update] C:\Users\peckent\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe File not found
O4 - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001..\Run: [InstallIQUpdater] C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 File not found
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-50251.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\peckent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Disney Vacation Connection.lnk = File not found
O4 - Startup: C:\Users\peckent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\peckent\AppData\Local\Facebook\Messenger\2.1.4570.0\FacebookMessen ger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D04A0FC-3742-4DD7-99AD-8C633B5A0934}: DhcpNameServer = 129.93.5.53 129.93.6.189
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{824F79AF-F341-4ED9-841E-FF5B529EF33B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/09 14:42:55 | 000,000,000 | ---D | C] -- C:\Users\peckent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012/07/08 16:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\vafoontoolbar
[2012/07/08 16:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/07/08 16:28:56 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/07/08 16:28:54 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/08 16:28:39 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/07/08 16:28:36 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/08 16:28:35 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/07/08 16:28:33 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/07/08 16:25:52 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/08 16:25:46 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[1 C:\Users\peckent\Desktop\*.tmp files -> C:\Users\peckent\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/18 14:41:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/18 14:34:43 | 000,729,944 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/18 14:34:43 | 000,626,540 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/18 14:34:43 | 000,107,784 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/18 14:19:58 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/07/18 14:19:58 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/07/18 14:04:48 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001UA.job
[2012/07/18 14:03:51 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/18 12:11:51 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/18 12:11:44 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001Core.job
[2012/07/18 12:09:30 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001Core.job
[2012/07/18 12:06:18 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001UA.job
[2012/07/18 12:00:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/16 11:06:55 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/16 11:06:55 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/12 18:19:43 | 000,711,240 | ---- | M] () -- C:\Windows\is-50251.exe
[2012/07/12 18:19:43 | 000,010,550 | ---- | M] () -- C:\Windows\is-50251.msg
[2012/07/12 18:19:43 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 18:19:43 | 000,000,459 | ---- | M] () -- C:\Windows\is-50251.lst
[2012/07/12 11:29:35 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2012/07/11 21:37:27 | 000,422,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/11 21:36:30 | 1405,276,160 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/11 18:06:28 | 000,002,406 | ---- | M] () -- C:\Users\peckent\Desktop\Google Chrome.lnk
[2012/07/09 14:42:55 | 000,001,333 | ---- | M] () -- C:\Users\peckent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012/07/08 18:51:29 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForpeckent.job
[2012/07/08 16:28:58 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/08 16:28:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/03 11:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/07/03 11:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/03 11:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/07/03 11:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/03 11:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/07/03 11:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/07/03 11:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 11:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/07/03 11:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[1 C:\Users\peckent\Desktop\*.tmp files -> C:\Users\peckent\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/12 18:19:43 | 000,711,240 | ---- | C] () -- C:\Windows\is-50251.exe
[2012/07/12 18:19:43 | 000,010,550 | ---- | C] () -- C:\Windows\is-50251.msg
[2012/07/12 18:19:43 | 000,000,459 | ---- | C] () -- C:\Windows\is-50251.lst
[2012/07/08 16:28:58 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/08 16:15:52 | 000,001,333 | ---- | C] () -- C:\Users\peckent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2011/06/23 12:58:37 | 000,022,572 | ---- | C] () -- C:\Windows\hpqins19.dat
[2011/04/28 16:38:36 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/28 16:38:36 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/07 21:06:21 | 000,001,854 | ---- | C] () -- C:\Users\peckent\AppData\Roaming\GhostObjGAFix.xml
[2011/04/06 14:38:25 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/02 03:52:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/02 03:44:32 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/11/02 03:44:32 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

========== LOP Check ==========

[2012/03/06 19:53:55 | 000,000,000 | ---D | M] -- C:\Users\peckent\AppData\Roaming\Amazon
[2011/12/11 18:00:08 | 000,000,000 | ---D | M] -- C:\Users\peckent\AppData\Roaming\Disney.Vacation.Connection.460.73ACE317F4A 7B83CB919AF282FBA5D3D96899CDE.1
[2011/04/10 10:59:58 | 000,000,000 | ---D | M] -- C:\Users\peckent\AppData\Roaming\NetAssistant
[2011/03/09 19:18:02 | 000,000,000 | ---D | M] -- C:\Users\peckent\AppData\Roaming\Registry Mechanic
[2011/09/17 21:34:50 | 000,000,000 | ---D | M] -- C:\Users\peckent\AppData\Roaming\Sammsoft
[2011/08/14 13:12:21 | 000,000,000 | ---D | M] -- C:\Users\peckent\AppData\Roaming\W3i, LLC
[2011/04/10 11:01:34 | 000,000,000 | ---D | M] -- C:\Users\peckent\AppData\Roaming\WeatherBug
[2011/03/30 17:06:29 | 000,000,000 | ---D | M] -- C:\Users\peckent\AppData\Roaming\Windows Live Writer
[2012/07/18 12:09:30 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001Core.job
[2012/07/18 12:06:18 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001UA.job
[2012/07/12 11:29:35 | 000,000,414 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro64 startups.job
[2012/07/11 21:37:28 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2011/02/21 14:27:26 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010/07/11 00:57:16 | 000,000,000 | -HSD | M] -- C:\boot
[2012/07/18 12:05:59 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010/11/02 04:15:27 | 000,000,000 | -H-D | M] -- C:\HP
[2011/02/01 11:05:32 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/13 22:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/05/29 21:11:22 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/07/16 20:57:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012/06/02 15:11:16 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011/01/26 00:49:26 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012/04/28 19:55:25 | 000,000,000 | ---D | M] -- C:\SwSetup
[2012/07/18 14:43:50 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/01/26 00:49:29 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2011/01/26 00:48:27 | 000,000,000 | R--D | M] -- C:\Users
[2012/07/12 18:19:43 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %windir%\Installer\*.* >
[2011/10/17 13:26:31 | 001,437,184 | ---- | M] () -- C:\Windows\Installer\12045b1e.msi
[2011/04/10 10:59:12 | 000,336,896 | ---- | M] () -- C:\Windows\Installer\13cc28c1.msi
[2011/11/11 17:16:20 | 008,458,240 | R--- | M] () -- C:\Windows\Installer\15b23ebb.msp
[2011/11/11 17:15:00 | 001,795,584 | R--- | M] () -- C:\Windows\Installer\15b23ed2.msp
[2011/11/01 14:34:30 | 002,531,840 | R--- | M] () -- C:\Windows\Installer\15b23ee9.msp
[2011/11/01 14:34:58 | 004,225,536 | R--- | M] () -- C:\Windows\Installer\15b23f05.msp
[2011/11/11 17:14:40 | 009,096,192 | R--- | M] () -- C:\Windows\Installer\15b23f1c.msp
[2011/11/01 14:34:28 | 002,247,168 | R--- | M] () -- C:\Windows\Installer\15b23f33.msp
[2011/11/01 14:34:56 | 004,250,112 | R--- | M] () -- C:\Windows\Installer\15b23f5b.msp
[2007/04/10 17:31:24 | 000,930,816 | ---- | M] () -- C:\Windows\Installer\169a1f5c.msi
[2011/04/22 19:41:34 | 011,507,712 | R--- | M] () -- C:\Windows\Installer\169a1f76.msp
[2011/01/15 09:46:32 | 002,049,536 | ---- | M] () -- C:\Windows\Installer\169add.msi
[2012/04/05 23:50:22 | 049,125,888 | ---- | M] () -- C:\Windows\Installer\16d2e0b6.msi
[2012/07/16 20:56:34 | 000,025,600 | ---- | M] () -- C:\Windows\Installer\199deede.msi
[2011/11/22 00:42:40 | 033,189,888 | R--- | M] () -- C:\Windows\Installer\1a20b622.msp
[2011/09/15 18:35:54 | 001,411,072 | R--- | M] () -- C:\Windows\Installer\1a20b62d.msp
[2011/09/15 18:37:52 | 034,428,416 | R--- | M] () -- C:\Windows\Installer\1a20b62e.msp
[2011/09/15 18:37:28 | 016,691,712 | R--- | M] () -- C:\Windows\Installer\1a20b635.msp
[2011/09/15 18:34:54 | 428,804,608 | R--- | M] () -- C:\Windows\Installer\1a20b843.msp
[2011/09/15 18:34:14 | 008,499,712 | R--- | M] () -- C:\Windows\Installer\1a20b851.msp
[2011/09/15 18:38:04 | 010,838,528 | R--- | M] () -- C:\Windows\Installer\1a20b85c.msp
[2011/09/15 18:39:22 | 011,163,136 | R--- | M] () -- C:\Windows\Installer\1a20b868.msp
[2011/09/15 18:40:36 | 007,959,552 | R--- | M] () -- C:\Windows\Installer\1a20b872.msp
[2010/03/31 16:07:16 | 002,376,704 | ---- | M] () -- C:\Windows\Installer\1de8cc.msi
[2011/07/09 09:35:25 | 002,323,456 | ---- | M] () -- C:\Windows\Installer\1e6c94d5.msi
[2012/02/24 18:38:04 | 047,848,756 | ---- | M] () -- C:\Windows\Installer\1e7cb212.msi
[2011/08/23 18:01:10 | 003,480,576 | ---- | M] () -- C:\Windows\Installer\1e7cb218.msi
[2012/02/24 18:45:23 | 000,412,832 | ---- | M] () -- C:\Windows\Installer\1e7cb222.msi
[2011/11/19 18:57:46 | 002,682,368 | ---- | M] () -- C:\Windows\Installer\1ecd70bf.msi
[2010/11/10 02:15:36 | 001,830,400 | R--- | M] () -- C:\Windows\Installer\1f8b64f9.msp
[2010/11/10 01:23:40 | 001,139,712 | R--- | M] () -- C:\Windows\Installer\1f8b6507.msp
[2010/11/10 04:58:48 | 005,870,080 | R--- | M] () -- C:\Windows\Installer\1f8b6520.msp
[2010/11/09 22:15:02 | 000,113,664 | R--- | M] () -- C:\Windows\Installer\1f8b655f.msp
[2010/11/10 03:22:32 | 005,514,240 | R--- | M] () -- C:\Windows\Installer\1f8b6575.msp
[2010/11/10 03:20:22 | 003,733,504 | R--- | M] () -- C:\Windows\Installer\1f8b6581.msp
[2010/11/10 03:16:22 | 003,314,688 | R--- | M] () -- C:\Windows\Installer\1f8b65a0.msp
[2010/11/10 03:18:26 | 014,617,088 | R--- | M] () -- C:\Windows\Installer\1f8b65cf.msp
[2010/11/10 02:15:38 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\1f8b65d7.msp
[2010/11/10 01:46:30 | 004,427,776 | R--- | M] () -- C:\Windows\Installer\1f8b65e8.msp
[2010/11/10 02:20:38 | 002,932,736 | R--- | M] () -- C:\Windows\Installer\1f8b65fe.msp
[2010/11/10 02:36:26 | 002,958,336 | R--- | M] () -- C:\Windows\Installer\1f8b661a.msp
[2010/11/10 02:31:00 | 000,205,312 | R--- | M] () -- C:\Windows\Installer\1f8b6625.msp
[2010/11/10 02:21:48 | 000,024,576 | R--- | M] () -- C:\Windows\Installer\1f8b662d.msp
[2010/11/10 02:39:06 | 000,636,928 | R--- | M] () -- C:\Windows\Installer\1f8b6635.msp
[2011/02/11 08:59:10 | 023,633,408 | R--- | M] () -- C:\Windows\Installer\203f72ca.msp
[2011/02/24 15:15:46 | 011,551,232 | R--- | M] () -- C:\Windows\Installer\203f72e6.msp
[2011/01/11 08:48:54 | 000,235,008 | ---- | M] () -- C:\Windows\Installer\203f72ee.msi
[2011/01/11 09:19:42 | 000,226,816 | ---- | M] () -- C:\Windows\Installer\203f72f5.msi
[2010/11/20 23:33:46 | 001,980,928 | R--- | M] () -- C:\Windows\Installer\203f730b.msp
[2011/12/08 20:24:04 | 004,989,952 | R--- | M] () -- C:\Windows\Installer\20d36cc8.msp
[2011/12/26 07:24:12 | 008,835,072 | R--- | M] () -- C:\Windows\Installer\20d36cd2.msp
[2011/04/16 00:14:54 | 003,186,176 | ---- | M] () -- C:\Windows\Installer\212adf6a.msi
[2011/04/16 08:44:26 | 002,770,944 | ---- | M] () -- C:\Windows\Installer\212adf96.msi
[2011/04/29 12:33:30 | 008,173,568 | R--- | M] () -- C:\Windows\Installer\212adfac.msp
[2011/04/19 04:21:02 | 000,235,520 | ---- | M] () -- C:\Windows\Installer\212adfbf.msi
[2011/04/19 04:54:14 | 000,227,328 | ---- | M] () -- C:\Windows\Installer\212adfc6.msi
[2011/04/29 12:28:40 | 001,995,264 | R--- | M] () -- C:\Windows\Installer\212adfdc.msp
[2011/04/29 12:31:46 | 009,006,080 | R--- | M] () -- C:\Windows\Installer\212adff3.msp
[2011/03/17 20:03:50 | 000,308,736 | R--- | M] () -- C:\Windows\Installer\212ae009.msp
[2012/07/11 13:39:00 | 007,918,592 | ---- | M] () -- C:\Windows\Installer\21fe9ddc.msi
[2012/01/22 12:11:39 | 000,907,776 | ---- | M] () -- C:\Windows\Installer\22cd1613.msi
[2010/03/15 17:17:32 | 002,397,184 | ---- | M] () -- C:\Windows\Installer\230c0.msi
[2010/05/07 22:45:10 | 008,193,024 | ---- | M] () -- C:\Windows\Installer\23278.msi
[2010/06/05 17:53:42 | 004,042,752 | ---- | M] () -- C:\Windows\Installer\232d6.msi
[2010/06/05 17:54:54 | 005,425,152 | ---- | M] () -- C:\Windows\Installer\232de.msi
[2010/06/05 17:56:08 | 002,656,768 | ---- | M] () -- C:\Windows\Installer\232e5.msi
[2010/01/12 03:41:08 | 001,867,264 | ---- | M] () -- C:\Windows\Installer\232f3.msi
[2010/06/17 23:55:44 | 007,839,744 | ---- | M] () -- C:\Windows\Installer\2330f.msi
[2009/07/12 14:16:26 | 000,223,232 | ---- | M] () -- C:\Windows\Installer\23316.msi
[2011/06/21 12:01:14 | 004,991,488 | R--- | M] () -- C:\Windows\Installer\23b038a.msp
[2010/03/18 16:41:24 | 001,901,056 | ---- | M] () -- C:\Windows\Installer\241e088a.msi
[2011/01/11 17:50:38 | 008,177,152 | R--- | M] () -- C:\Windows\Installer\24b15f25.msp
[2011/03/17 20:01:58 | 009,563,648 | R--- | M] () -- C:\Windows\Installer\24b15f3c.msp
[2010/11/20 23:32:52 | 004,165,120 | R--- | M] () -- C:\Windows\Installer\24b15f63.msp
[2011/03/17 20:00:20 | 000,090,624 | R--- | M] () -- C:\Windows\Installer\24b15f6b.msp
[2011/01/11 00:54:22 | 003,173,888 | ---- | M] () -- C:\Windows\Installer\24b15f73.msi
[2011/01/11 17:49:20 | 009,003,008 | R--- | M] () -- C:\Windows\Installer\24b15f90.msp
[2011/03/17 20:05:24 | 004,989,440 | R--- | M] () -- C:\Windows\Installer\24b15fa7.msp
[2008/07/17 15:47:30 | 002,081,792 | ---- | M] () -- C:\Windows\Installer\25045.msi
[2007/05/16 14:08:22 | 001,819,136 | ---- | M] () -- C:\Windows\Installer\2507d.msi
[2010/04/16 23:57:32 | 001,453,056 | ---- | M] () -- C:\Windows\Installer\25082.msi
[2012/02/03 16:13:48 | 004,988,928 | R--- | M] () -- C:\Windows\Installer\262a8830.msp
[2011/10/26 17:36:14 | 002,829,312 | R--- | M] () -- C:\Windows\Installer\262a883a.msp
[2012/05/05 22:57:27 | 012,938,752 | ---- | M] () -- C:\Windows\Installer\26e17310.msi
[2012/05/05 23:11:39 | 000,207,360 | ---- | M] () -- C:\Windows\Installer\26e17320.msi
[2009/07/12 11:43:18 | 000,231,936 | ---- | M] () -- C:\Windows\Installer\27360.msi
[2010/06/22 13:53:34 | 006,667,776 | ---- | M] () -- C:\Windows\Installer\2736b.msi
[2010/06/10 20:10:28 | 000,500,224 | ---- | M] () -- C:\Windows\Installer\27370.msi
[2010/06/22 13:43:34 | 002,917,376 | ---- | M] () -- C:\Windows\Installer\27375.msi
[2010/06/22 13:45:28 | 007,454,720 | ---- | M] () -- C:\Windows\Installer\2737a.msi
[2010/06/22 13:45:42 | 000,410,112 | ---- | M] () -- C:\Windows\Installer\2737f.msi
[2010/06/22 13:45:56 | 000,994,816 | ---- | M] () -- C:\Windows\Installer\27384.msi
[2010/06/22 13:42:56 | 001,889,792 | ---- | M] () -- C:\Windows\Installer\27389.msi
[2010/06/22 13:42:40 | 005,750,272 | ---- | M] () -- C:\Windows\Installer\2738e.msi
[2010/06/22 13:46:08 | 001,265,152 | ---- | M] () -- C:\Windows\Installer\27394.msi
[2010/06/22 13:46:20 | 001,249,792 | ---- | M] () -- C:\Windows\Installer\27399.msi
[2010/06/22 13:46:30 | 001,233,408 | ---- | M] () -- C:\Windows\Installer\2739e.msi
[2010/06/22 13:46:40 | 001,304,576 | ---- | M] () -- C:\Windows\Installer\273a3.msi
[2010/06/22 13:46:48 | 000,750,080 | ---- | M] () -- C:\Windows\Installer\273a8.msi
[2010/06/22 13:46:58 | 001,251,328 | ---- | M] () -- C:\Windows\Installer\273ad.msi
[2010/06/22 13:47:08 | 001,254,912 | ---- | M] () -- C:\Windows\Installer\273b2.msi
[2010/06/22 13:47:18 | 001,259,520 | ---- | M] () -- C:\Windows\Installer\273b7.msi
[2010/06/22 13:47:26 | 001,269,760 | ---- | M] () -- C:\Windows\Installer\273bc.msi
[2010/06/22 13:47:36 | 001,250,816 | ---- | M] () -- C:\Windows\Installer\273c1.msi
[2010/06/22 13:47:46 | 001,277,440 | ---- | M] () -- C:\Windows\Installer\273c6.msi
[2010/06/22 13:47:56 | 001,261,568 | ---- | M] () -- C:\Windows\Installer\273cb.msi
[2010/06/22 13:48:06 | 001,256,960 | ---- | M] () -- C:\Windows\Installer\273d0.msi
[2010/06/22 13:48:14 | 001,243,136 | ---- | M] () -- C:\Windows\Installer\273d5.msi
[2010/06/22 13:48:24 | 001,259,008 | ---- | M] () -- C:\Windows\Installer\273da.msi
[2010/06/22 13:48:32 | 001,256,448 | ---- | M] () -- C:\Windows\Installer\273df.msi
[2010/06/22 13:48:42 | 001,289,728 | ---- | M] () -- C:\Windows\Installer\273e4.msi
[2010/06/22 13:48:52 | 001,246,720 | ---- | M] () -- C:\Windows\Installer\273e9.msi
[2010/06/22 13:49:02 | 001,275,904 | ---- | M] () -- C:\Windows\Installer\273ee.msi
[2010/06/22 13:49:12 | 001,254,912 | ---- | M] () -- C:\Windows\Installer\273f3.msi
[2010/06/22 13:49:20 | 000,942,592 | ---- | M] () -- C:\Windows\Installer\273f8.msi
[2010/06/22 13:49:30 | 001,243,648 | ---- | M] () -- C:\Windows\Installer\273fd.msi
[2010/06/22 13:49:54 | 001,937,408 | ---- | M] () -- C:\Windows\Installer\27402.msi
[2010/06/22 13:50:24 | 000,279,552 | ---- | M] () -- C:\Windows\Installer\27407.msi
[2010/06/22 13:44:54 | 002,438,144 | ---- | M] () -- C:\Windows\Installer\2740d.msi
[2010/01/12 09:26:20 | 003,639,808 | ---- | M] () -- C:\Windows\Installer\27412.msi
[2006/12/02 04:20:42 | 003,227,648 | ---- | M] () -- C:\Windows\Installer\27421.msi
[2010/02/02 16:46:38 | 001,544,704 | ---- | M] () -- C:\Windows\Installer\27428.msi
[2010/02/02 16:46:38 | 000,829,440 | ---- | M] () -- C:\Windows\Installer\2742f.msi
[2010/02/02 16:46:40 | 001,304,576 | ---- | M] () -- C:\Windows\Installer\27436.msi
[2010/06/24 02:38:34 | 001,010,688 | ---- | M] () -- C:\Windows\Installer\274f9a.msi
[2011/03/18 18:11:01 | 003,665,408 | ---- | M] () -- C:\Windows\Installer\29066c58.msi
[2011/03/25 09:16:38 | 005,135,872 | R--- | M] () -- C:\Windows\Installer\29f366d1.msp
[2011/04/13 11:48:16 | 035,326,464 | R--- | M] () -- C:\Windows\Installer\29f366e8.msp
[2012/03/26 19:21:30 | 007,622,656 | ---- | M] () -- C:\Windows\Installer\2b9816b5.msi
[2012/04/01 14:16:34 | 000,032,256 | ---- | M] () -- C:\Windows\Installer\2cbc09.msi
[2011/04/28 05:42:32 | 004,990,976 | R--- | M] () -- C:\Windows\Installer\2dcda6f.msp
[2011/04/29 12:27:04 | 004,158,464 | R--- | M] () -- C:\Windows\Installer\2dcda95.msp
[2011/10/24 15:43:44 | 026,820,096 | ---- | M] () -- C:\Windows\Installer\37c50c75.msi
[2012/07/09 14:42:11 | 012,750,848 | ---- | M] () -- C:\Windows\Installer\3a361c6.msi
[2010/07/10 21:58:24 | 000,020,480 | ---- | M] () -- C:\Windows\Installer\3a77bb.msi
[2012/01/22 10:20:42 | 001,707,520 | R--- | M] () -- C:\Windows\Installer\3af5973d.msp
[2011/11/01 13:34:26 | 001,169,920 | R--- | M] () -- C:\Windows\Installer\3f77982c.msp
[2012/03/23 14:59:02 | 007,899,648 | R--- | M] () -- C:\Windows\Installer\3f779843.msp
[2012/03/27 00:28:54 | 005,009,920 | R--- | M] () -- C:\Windows\Installer\3f77985a.msp
[2012/04/25 11:23:58 | 038,233,600 | ---- | M] () -- C:\Windows\Installer\4846b539.msi
[2011/09/21 16:18:24 | 004,985,856 | R--- | M] () -- C:\Windows\Installer\48cb318d.msp
[2012/04/28 11:19:09 | 016,613,376 | R--- | M] () -- C:\Windows\Installer\4e2883.msp
[2010/03/15 17:18:40 | 002,397,184 | ---- | M] () -- C:\Windows\Installer\4e5729.msi
[2010/05/07 22:47:58 | 008,227,328 | ---- | M] () -- C:\Windows\Installer\4e572f.msi
[2010/06/05 18:08:06 | 004,235,264 | ---- | M] () -- C:\Windows\Installer\4e5735.msi
[2010/06/05 18:18:32 | 006,564,352 | ---- | M] () -- C:\Windows\Installer\4e573b.msi
[2008/08/08 16:11:02 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\4e5741.msi
[2009/05/27 22:14:27 | 001,097,728 | ---- | M] () -- C:\Windows\Installer\541a45a.msi
[2009/05/27 23:35:13 | 002,974,720 | ---- | M] () -- C:\Windows\Installer\541a462.msi
[2011/08/17 11:49:58 | 000,683,520 | ---- | M] () -- C:\Windows\Installer\566308.msi
[2011/07/15 06:36:18 | 002,118,144 | ---- | M] () -- C:\Windows\Installer\56630e.msi
[2011/06/06 15:45:15 | 002,318,848 | ---- | M] () -- C:\Windows\Installer\5a8d6b7.msi
[2012/01/03 12:44:25 | 015,929,344 | R--- | M] () -- C:\Windows\Installer\5a8d6b8.msp
[2010/06/25 03:09:18 | 000,564,736 | ---- | M] () -- C:\Windows\Installer\5e5797.msi
[2009/04/14 04:50:22 | 005,191,680 | R--- | M] () -- C:\Windows\Installer\6181960.msp
[2009/04/14 03:22:08 | 019,840,000 | R--- | M] () -- C:\Windows\Installer\6181969.msp
[2009/04/04 10:14:58 | 001,094,656 | R--- | M] () -- C:\Windows\Installer\6181975.msp
[2009/04/04 11:36:32 | 021,390,848 | R--- | M] () -- C:\Windows\Installer\6181976.msp
[2009/04/04 17:09:34 | 015,190,016 | R--- | M] () -- C:\Windows\Installer\618197d.msp
[2009/04/04 17:08:40 | 343,058,432 | R--- | M] () -- C:\Windows\Installer\6181b7b.msp
[2009/04/04 17:05:54 | 007,999,488 | R--- | M] () -- C:\Windows\Installer\6181b8a.msp
[2009/04/04 17:10:08 | 009,926,144 | R--- | M] () -- C:\Windows\Installer\6181b95.msp
[2009/04/04 17:10:16 | 007,888,384 | R--- | M] () -- C:\Windows\Installer\6181b9f.msp
[2009/04/04 17:10:24 | 001,282,560 | R--- | M] () -- C:\Windows\Installer\6181ba7.msp
[2009/04/14 03:20:06 | 009,573,376 | R--- | M] () -- C:\Windows\Installer\6181bb0.msp
[2009/04/14 04:56:18 | 020,498,944 | R--- | M] () -- C:\Windows\Installer\6181bb9.msp
[2009/02/25 19:08:18 | 008,311,808 | R--- | M] () -- C:\Windows\Installer\6181be8.msp
[2009/05/07 09:04:06 | 018,341,376 | R--- | M] () -- C:\Windows\Installer\6181bf1.msp
[2009/04/14 03:46:12 | 015,438,848 | R--- | M] () -- C:\Windows\Installer\6181bfa.msp
[2009/04/14 04:51:24 | 001,303,040 | R--- | M] () -- C:\Windows\Installer\6181c03.msp
[2011/03/28 21:34:06 | 008,810,496 | ---- | M] () -- C:\Windows\Installer\6323d62.msi
[2011/03/28 21:38:32 | 004,227,072 | ---- | M] () -- C:\Windows\Installer\6323d66.msi
[2011/03/28 21:33:57 | 000,026,112 | ---- | M] () -- C:\Windows\Installer\6323d6a.msi
[2011/03/28 21:35:41 | 000,074,240 | ---- | M] () -- C:\Windows\Installer\6323d6e.msi
[2011/03/28 21:38:22 | 002,856,448 | ---- | M] () -- C:\Windows\Installer\6323d72.msi
[2011/03/28 21:38:56 | 009,553,920 | ---- | M] () -- C:\Windows\Installer\6323d76.msi
[2011/03/28 21:38:41 | 000,053,248 | ---- | M] () -- C:\Windows\Installer\6323d7a.msi
[2011/03/28 21:38:47 | 000,037,888 | ---- | M] () -- C:\Windows\Installer\6323d7e.msi
[2011/03/28 21:33:22 | 009,433,088 | ---- | M] () -- C:\Windows\Installer\6323d82.msi
[2011/03/28 21:33:29 | 007,710,720 | ---- | M] () -- C:\Windows\Installer\6323d8b.msi
[2011/03/28 21:33:38 | 004,680,704 | ---- | M] () -- C:\Windows\Installer\6323da2.msi
[2011/03/28 21:33:40 | 002,343,936 | ---- | M] () -- C:\Windows\Installer\6323db0.msi
[2011/03/28 21:33:45 | 000,147,968 | ---- | M] () -- C:\Windows\Installer\6323db4.msi
[2011/03/28 21:33:46 | 000,429,056 | ---- | M] () -- C:\Windows\Installer\6323db8.msi
[2011/03/28 21:33:56 | 004,004,864 | ---- | M] () -- C:\Windows\Installer\6323dc2.msi
[2011/03/28 21:34:09 | 002,312,704 | ---- | M] () -- C:\Windows\Installer\6323dd1.msi
[2011/03/28 21:34:16 | 008,332,288 | ---- | M] () -- C:\Windows\Installer\6323ddd.msi
[2011/03/28 21:35:07 | 021,302,784 | ---- | M] () -- C:\Windows\Installer\6323e0b.msi
[2011/03/28 21:35:20 | 003,664,384 | ---- | M] () -- C:\Windows\Installer\6323e22.msi
[2011/03/28 21:35:44 | 003,734,016 | ---- | M] () -- C:\Windows\Installer\6323e26.msi
[2011/03/28 21:36:02 | 013,850,624 | ---- | M] () -- C:\Windows\Installer\6323e7b.msi
[2011/03/28 21:36:08 | 008,313,856 | ---- | M] () -- C:\Windows\Installer\6323eac.msi
[2011/03/28 21:36:57 | 034,193,408 | ---- | M] () -- C:\Windows\Installer\6323ee9.msi
[2011/03/28 21:37:55 | 011,846,656 | ---- | M] () -- C:\Windows\Installer\6323f89.msi
[2011/03/28 21:38:02 | 000,775,168 | ---- | M] () -- C:\Windows\Installer\6323f8d.msi
[2011/03/28 21:38:26 | 006,363,136 | ---- | M] () -- C:\Windows\Installer\6323f91.msi
[2011/03/28 21:38:37 | 006,195,200 | ---- | M] () -- C:\Windows\Installer\6323f95.msi
[2011/03/28 21:39:05 | 003,454,976 | ---- | M] () -- C:\Windows\Installer\6323f99.msi
[2011/03/28 21:33:16 | 000,067,072 | ---- | M] () -- C:\Windows\Installer\6323f9d.msi
[2011/03/28 21:33:32 | 001,492,992 | ---- | M] () -- C:\Windows\Installer\6323fa1.msi
[2011/03/28 21:34:57 | 001,070,592 | ---- | M] () -- C:\Windows\Installer\6323fa5.msi
[2011/03/28 21:35:28 | 006,660,608 | ---- | M] () -- C:\Windows\Installer\6323fa9.msi
[2011/03/28 21:36:15 | 003,410,944 | ---- | M] () -- C:\Windows\Installer\6323fad.msi
[2011/03/28 21:36:19 | 004,175,360 | ---- | M] () -- C:\Windows\Installer\6323fb1.msi
[2011/03/28 21:37:01 | 004,250,112 | ---- | M] () -- C:\Windows\Installer\6323fb5.msi
[2011/03/28 21:38:07 | 000,153,600 | ---- | M] () -- C:\Windows\Installer\6323fb9.msi
[2011/03/28 21:38:16 | 000,029,696 | ---- | M] () -- C:\Windows\Installer\6323fbd.msi
[2011/03/28 21:38:44 | 002,631,168 | ---- | M] () -- C:\Windows\Installer\6323fc1.msi
[2011/03/28 21:38:48 | 000,074,240 | ---- | M] () -- C:\Windows\Installer\6323fc5.msi
[2011/03/28 21:38:57 | 000,065,536 | ---- | M] () -- C:\Windows\Installer\6323fc9.msi
[2011/03/28 21:39:02 | 000,056,832 | ---- | M] () -- C:\Windows\Installer\6323fcd.msi
[2011/03/28 21:39:11 | 003,095,552 | ---- | M] () -- C:\Windows\Installer\6323fd1.msi
[2008/08/31 14:35:31 | 000,240,128 | ---- | M] () -- C:\Windows\Installer\63a22e.msi
[2011/04/16 12:18:10 | 001,908,736 | ---- | M] () -- C:\Windows\Installer\63a23b.msi
[2010/11/25 10:12:14 | 000,510,464 | R--- | M] () -- C:\Windows\Installer\6916a.msp
[2010/07/16 09:41:36 | 001,732,608 | R--- | M] () -- C:\Windows\Installer\69171.msp
[2010/07/23 01:04:08 | 011,395,072 | R--- | M] () -- C:\Windows\Installer\75943ca.msp
[2011/01/11 17:53:56 | 001,763,328 | R--- | M] () -- C:\Windows\Installer\75943e5.msp
[2010/08/04 15:12:26 | 001,004,544 | R--- | M] () -- C:\Windows\Installer\75943ed.msp
[2010/07/23 01:03:24 | 000,338,432 | R--- | M] () -- C:\Windows\Installer\7594404.msp
[2009/08/18 13:08:34 | 001,373,696 | R--- | M] () -- C:\Windows\Installer\759441b.msp
[2009/05/26 18:53:56 | 000,579,072 | R--- | M] () -- C:\Windows\Installer\7594431.msp
[2009/10/16 07:08:48 | 002,237,952 | R--- | M] () -- C:\Windows\Installer\7594448.msp
[2010/05/20 19:57:12 | 005,907,456 | R--- | M] () -- C:\Windows\Installer\7594468.msp
[2010/05/20 19:57:18 | 004,989,952 | R--- | M] () -- C:\Windows\Installer\7594469.msp
[2010/12/21 13:06:38 | 011,570,688 | R--- | M] () -- C:\Windows\Installer\759448d.msp
[2010/04/24 17:07:58 | 004,667,392 | R--- | M] () -- C:\Windows\Installer\75944b5.msp
[2009/07/27 04:31:24 | 003,738,624 | R--- | M] () -- C:\Windows\Installer\75944cc.msp
[2010/03/24 18:54:54 | 002,516,992 | R--- | M] () -- C:\Windows\Installer\75944f6.msp
[2010/03/24 18:54:48 | 003,126,272 | R--- | M] () -- C:\Windows\Installer\75944f7.msp
[2009/08/05 07:49:32 | 003,457,024 | R--- | M] () -- C:\Windows\Installer\7594511.msp
[2010/08/13 18:00:36 | 009,404,928 | R--- | M] () -- C:\Windows\Installer\759452a.msp
[2010/10/07 18:43:04 | 001,980,416 | R--- | M] () -- C:\Windows\Installer\7594541.msp
[2010/08/04 15:13:04 | 000,686,080 | R--- | M] () -- C:\Windows\Installer\7594558.msp
[2010/08/13 18:02:20 | 002,545,664 | R--- | M] () -- C:\Windows\Installer\759456f.msp
[2010/08/13 17:59:46 | 008,182,272 | R--- | M] () -- C:\Windows\Installer\7594586.msp
[2010/08/13 18:01:28 | 008,993,280 | R--- | M] () -- C:\Windows\Installer\75945a8.msp
[2010/02/21 01:03:34 | 004,472,832 | R--- | M] () -- C:\Windows\Installer\75945c5.msp
[2010/10/21 18:10:00 | 003,995,136 | R--- | M] () -- C:\Windows\Installer\75945e0.msp
[2010/09/17 06:04:16 | 009,401,856 | R--- | M] () -- C:\Windows\Installer\759462c.msp
[2012/03/15 14:26:06 | 004,212,736 | R--- | M] () -- C:\Windows\Installer\7d4303.msp
[2012/04/22 22:46:00 | 001,187,328 | R--- | M] () -- C:\Windows\Installer\7d430c.msp
[2012/05/30 07:17:06 | 005,010,432 | R--- | M] () -- C:\Windows\Installer\7d4321.msp
[2009/04/14 04:21:34 | 015,303,168 | R--- | M] () -- C:\Windows\Installer\8219c21.msp
[2011/02/16 13:54:08 | 004,992,000 | R--- | M] () -- C:\Windows\Installer\8219c38.msp
[2009/04/14 04:18:14 | 009,684,480 | R--- | M] () -- C:\Windows\Installer\8219c63.msp
[2009/04/14 04:49:26 | 001,922,560 | R--- | M] () -- C:\Windows\Installer\8219c6b.msp
[2012/03/17 16:59:42 | 020,396,032 | ---- | M] () -- C:\Windows\Installer\8f786f07.msi
[2012/03/17 17:00:56 | 011,105,280 | ---- | M] () -- C:\Windows\Installer\8f786f75.msi
[2012/02/29 23:45:14 | 004,989,440 | R--- | M] () -- C:\Windows\Installer\904fba26.msp
[2011/07/11 17:33:14 | 023,254,016 | R--- | M] () -- C:\Windows\Installer\96bf9bd.msp
[2008/09/30 22:07:10 | 006,042,112 | ---- | M] () -- C:\Windows\Installer\9b1a6f1.msi
[2009/07/21 01:29:14 | 006,057,984 | ---- | M] () -- C:\Windows\Installer\9b1a6f8.msi
[2011/02/01 11:05:34 | 002,398,720 | ---- | M] () -- C:\Windows\Installer\9d00008.msi
[2011/02/01 11:05:33 | 000,502,272 | ---- | M] () -- C:\Windows\Installer\9d0000e.msi
[2011/02/01 11:05:44 | 001,714,176 | ---- | M] () -- C:\Windows\Installer\9d00014.msi
[2011/02/01 11:05:49 | 002,024,448 | ---- | M] () -- C:\Windows\Installer\9d0001a.msi
[2011/02/01 11:05:53 | 001,642,496 | ---- | M] () -- C:\Windows\Installer\9d00020.msi
[2011/02/01 11:05:58 | 001,648,640 | ---- | M] () -- C:\Windows\Installer\9d00026.msi
[2011/02/01 11:05:57 | 000,502,272 | ---- | M] () -- C:\Windows\Installer\9d0002c.msi
[2011/02/01 11:06:00 | 002,320,896 | ---- | M] () -- C:\Windows\Installer\9d00032.msi
[2011/02/01 11:06:07 | 000,503,296 | ---- | M] () -- C:\Windows\Installer\9d00038.msi
[2011/02/01 11:06:07 | 000,502,272 | ---- | M] () -- C:\Windows\Installer\9d0003e.msi
[2011/02/01 11:06:17 | 000,514,048 | ---- | M] () -- C:\Windows\Installer\9d00044.msi
[2011/02/01 11:06:14 | 000,518,144 | ---- | M] () -- C:\Windows\Installer\9d0004b.msi
[2011/02/01 11:06:08 | 000,507,904 | ---- | M] () -- C:\Windows\Installer\9d00052.msi
[2011/02/01 11:06:08 | 000,502,272 | ---- | M] () -- C:\Windows\Installer\9d00058.msi
[2011/02/01 11:06:22 | 001,653,760 | ---- | M] () -- C:\Windows\Installer\9d0005e.msi
[2011/02/01 11:06:26 | 001,654,272 | ---- | M] () -- C:\Windows\Installer\9d00064.msi
[2011/02/01 11:06:31 | 001,654,272 | ---- | M] () -- C:\Windows\Installer\9d0006a.msi
[2011/02/01 11:06:30 | 000,502,272 | ---- | M] () -- C:\Windows\Installer\9d00070.msi
[2011/02/01 11:06:38 | 001,642,496 | ---- | M] () -- C:\Windows\Installer\9d00076.msi
[2011/02/01 11:06:46 | 000,847,872 | ---- | M] () -- C:\Windows\Installer\9d0007d.msi
[2011/02/01 11:06:51 | 018,183,680 | ---- | M] () -- C:\Windows\Installer\9d00087.msi
[2009/07/11 21:46:42 | 003,136,512 | ---- | M] () -- C:\Windows\Installer\a14ecf7.msi
[2011/04/28 09:57:38 | 002,721,280 | R--- | M] () -- C:\Windows\Installer\c9ea4c6.msp
[2011/07/27 07:42:04 | 004,985,856 | R--- | M] () -- C:\Windows\Installer\c9ea4dc.msp
[2012/02/17 08:45:24 | 002,299,392 | R--- | M] () -- C:\Windows\Installer\cafd668.msp
[2012/04/28 21:43:58 | 008,459,264 | R--- | M] () -- C:\Windows\Installer\cafd67f.msp
[2012/03/15 02:24:28 | 001,795,584 | R--- | M] () -- C:\Windows\Installer\cafd696.msp
[2012/04/04 22:38:16 | 003,620,864 | R--- | M] () -- C:\Windows\Installer\cafd6ad.msp
[2011/12/15 14:54:16 | 039,732,736 | R--- | M] () -- C:\Windows\Installer\cafd6d1.msp
[2012/04/30 14:38:28 | 005,011,456 | R--- | M] () -- C:\Windows\Installer\cafd6e7.msp
[2012/01/19 14:20:42 | 011,997,696 | R--- | M] () -- C:\Windows\Installer\cafd6f5.msp
[2012/04/28 21:44:02 | 009,586,176 | R--- | M] () -- C:\Windows\Installer\cafd70c.msp
[2012/04/28 21:44:02 | 009,101,824 | R--- | M] () -- C:\Windows\Installer\cafd723.msp
[2012/04/04 22:38:44 | 002,831,360 | R--- | M] () -- C:\Windows\Installer\cafd73a.msp
[2011/05/18 23:06:22 | 038,672,896 | R--- | M] () -- C:\Windows\Installer\d4564f.msp
[2011/07/27 07:39:50 | 009,892,352 | R--- | M] () -- C:\Windows\Installer\d45665.msp
[2011/07/27 07:37:28 | 011,592,192 | R--- | M] () -- C:\Windows\Installer\d45683.msp
[2011/09/06 21:48:02 | 008,181,248 | R--- | M] () -- C:\Windows\Installer\d4569a.msp
[2011/07/21 12:34:34 | 003,456,000 | R--- | M] () -- C:\Windows\Installer\d456a6.msp
[2011/08/10 17:42:04 | 007,070,208 | R--- | M] () -- C:\Windows\Installer\d456bc.msp
[2011/08/24 06:37:22 | 004,985,856 | R--- | M] () -- C:\Windows\Installer\d456d3.msp
[2011/04/06 22:12:06 | 194,340,864 | R--- | M] () -- C:\Windows\Installer\d456f4.msp
[2011/06/21 11:59:26 | 001,764,352 | R--- | M] () -- C:\Windows\Installer\d4570b.msp
[2011/09/06 21:46:22 | 009,006,080 | R--- | M] () -- C:\Windows\Installer\d45722.msp
[2011/08/10 17:43:30 | 003,795,968 | R--- | M] () -- C:\Windows\Installer\d45739.msp
[2008/08/08 16:46:10 | 000,242,176 | ---- | M] () -- C:\Windows\Installer\d481.msi
[2010/07/10 23:39:56 | 000,004,096 | ---- | M] () -- C:\Windows\Installer\d48d.msi
[2012/04/04 22:37:36 | 003,149,824 | R--- | M] () -- C:\Windows\Installer\f4b9277.msp
[2012/04/04 22:37:40 | 002,540,544 | R--- | M] () -- C:\Windows\Installer\f4b929c.msp
[2012/06/19 12:54:42 | 005,009,920 | R--- | M] () -- C:\Windows\Installer\f4b92b3.msp
[2012/06/19 12:54:40 | 002,239,488 | R--- | M] () -- C:\Windows\Installer\f4b92ca.msp
[2012/05/30 07:18:24 | 001,739,264 | R--- | M] () -- C:\Windows\Installer\f4b92d4.msp
[2012/05/30 07:18:08 | 011,885,056 | R--- | M] () -- C:\Windows\Installer\f4b9304.msp
[2012/05/02 21:27:36 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{05BFB060-4F22-4710-B0A2-2801A1B606C5}.SchedServiceConfig.rmi
[2011/06/10 12:23:21 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{439760BC-7737-4386-9B1D-A90A3E8A22EA}.SchedServiceConfig.rmi
[2011/03/28 21:49:01 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}.SchedServiceConfig.rmi
[2011/11/19 19:30:58 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{75104836-CAC7-444E-A39E-3F54151942F5}.SchedServiceConfig.rmi
[2011/04/06 14:38:29 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{774088D4-0777-4D78-904D-E435B318F5D2}.SchedServiceConfig.rmi
[2011/03/10 18:54:37 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{8F473675-D702-45F9-8EBC-342B40C17BF5}.SchedServiceConfig.rmi
[2012/03/17 17:10:34 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}.SchedServiceConfig.rmi
[2011/03/28 21:48:31 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}.SchedServiceConfig.rmi
[2011/02/21 14:11:15 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{E5C95CA5-4565-4B9D-97ED-05088D775614}.SchedServiceConfig.rmi
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %windir%\system32\tasks\*.* >

< %windir%\system32\tasks\*.* /64 >
[2012/07/18 14:20:42 | 000,003,622 | ---- | M] () -- C:\Windows\SysNative\tasks\Ad-Aware Update (Weekly)
[2012/05/12 09:42:07 | 000,003,768 | ---- | M] () -- C:\Windows\SysNative\tasks\Adobe Flash Player Updater
[2012/07/08 16:28:42 | 000,003,924 | ---- | M] () -- C:\Windows\SysNative\tasks\avast! Emergency Update
[2012/07/11 18:01:18 | 000,003,548 | ---- | M] () -- C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001Core
[2012/07/11 18:01:25 | 000,003,916 | ---- | M] () -- C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001UA
[2012/07/16 20:56:59 | 000,003,644 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore
[2012/07/16 20:57:01 | 000,003,896 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA
[2012/07/13 02:56:47 | 000,003,494 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001Core
[2012/07/13 02:56:48 | 000,003,890 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001UA
[2012/07/08 18:43:52 | 000,003,198 | ---- | M] () -- C:\Windows\SysNative\tasks\HPCeeScheduleForpeckent
[2011/04/10 11:05:53 | 000,002,844 | ---- | M] () -- C:\Windows\SysNative\tasks\PC Optimizer Pro64 startups
[2011/01/26 01:52:53 | 000,003,698 | ---- | M] () -- C:\Windows\SysNative\tasks\RecoveryCDWin7
[2012/07/08 15:40:56 | 000,003,148 | ---- | M] () -- C:\Windows\SysNative\tasks\SidebarExecute
[2011/12/15 23:50:36 | 000,003,110 | ---- | M] () -- C:\Windows\SysNative\tasks\{1C463E37-D396-4685-B76D-7E807B3A6378}
[2011/03/19 10:09:30 | 000,003,192 | ---- | M] () -- C:\Windows\SysNative\tasks\{A0C46DB6-84FF-40B1-BB57-C7E1402E28F6}
[2011/02/18 17:00:30 | 000,003,192 | ---- | M] () -- C:\Windows\SysNative\tasks\{B0857758-3D4A-4BB0-87EE-A2B6F02AF9C7}
[2011/06/04 16:46:07 | 000,002,966 | ---- | M] () -- C:\Windows\SysNative\tasks\{B148C9EA-8965-4743-BE71-C4DD1AC103F6}

< %systemroot%\Fonts\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/07/10 21:17:45 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/07/10 21:15:00 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/07/10 21:17:45 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/07/10 21:15:00 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/07/10 21:17:45 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/07/10 21:15:00 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/07/10 21:17:45 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/07/10 21:15:00 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009/07/13 20:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009/07/13 20:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/13 20:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009/07/13 20:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/07/10 21:17:45 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/07/10 21:17:45 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: PKE
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 SYSTEM NTFS Partition 199 MB Healthy System
Volume 2 C NTFS Partition 215 GB Healthy Boot
Volume 3 D RECOVERY NTFS Partition 17 GB Healthy
Volume 4 HP_TOOLS FAT32 Partition 103 MB Healthy
Volume 5 F USB DISK FAT32 Removable 7800 MB Healthy

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TempFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp1B5B4F1
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,259 posts.
 
Join Date: Mar 2001
Location: Bradford, England
22-Jul-2012, 12:22 PM #17
2nd part:

OTL Extras logfile created on: 7/18/2012 2:40:35 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = F:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.27 Gb Available Physical Memory | 15.51% Memory free
3.49 Gb Paging File | 1.20 Gb Available in Paging File | 34.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 215.36 Gb Total Space | 154.81 Gb Free Space | 71.88% Space Free | Partition Type: NTFS
Drive D: | 17.22 Gb Total Space | 2.49 Gb Free Space | 14.46% Space Free | Partition Type: NTFS
Drive F: | 7.60 Gb Total Space | 7.60 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: PKE | User Name: peckent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{0405261C-D4F2-4233-A20F-F78842AEB7BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0AE2A834-ED70-458C-8914-A6F430215F4E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{255D7F82-BD43-4912-B092-024FB96D14DB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{34D14DED-6E74-4151-94AA-A97FAF0D0E15}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{352C1D1F-C0C1-4EA8-815B-C3A4D4F35E0F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{35757811-5012-455E-A47D-443C8538679E}" = rport=445 | protocol=6 | dir=out | app=system |
"{4473F296-EFCB-45D9-89EC-ECA503196102}" = rport=138 | protocol=17 | dir=out | app=system |
"{465E45A9-78B2-440B-AB01-64A16017C52A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{49CA087C-3C85-4C08-B2A7-0DDAE62D0F58}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D00DB91-71CD-45BB-9941-AC9AB2CCA8F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{702B1B9F-F2C2-4F55-87CE-7CF4264FA74E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{747B9222-42BC-4DFB-BAA7-BA4C22D1A7DE}" = lport=138 | protocol=17 | dir=in | app=system |
"{7A6704E9-4733-43B9-9B31-DCD77BA4C2DE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{83A27B46-8C0F-41F6-A2ED-4BA31589F2CB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{95A4E2AA-4B90-4491-9D63-C0984843D61E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{963BAC4A-20F4-4289-857F-F46A5E34D182}" = lport=139 | protocol=6 | dir=in | app=system |
"{99BF2BDC-4750-472F-B549-EA33AC25E3EC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{A3E47080-3A9D-4343-BC92-C023EADC47AB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A519A79A-0033-4FEA-8DEE-04EC527D5A78}" = rport=137 | protocol=17 | dir=out | app=system |
"{ABA49393-B4DA-4D78-B8D6-CAB1151552BD}" = lport=445 | protocol=6 | dir=in | app=system |
"{B09CFC17-B3FC-4961-B309-341B55F5A269}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B1A06897-541D-44AA-9902-A22AD9EF663B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD55EEB0-A0AE-452B-B1CD-87548796A9EB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CC6F11AC-C6C9-4FE5-BA75-55778C12ED87}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D186D3BB-A3EF-4DA0-A93E-C5BAAB48F50C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D69C75BE-34F6-4E81-A7EA-72611CB8450B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DBC77953-CE22-49B4-957A-68E4DEDC3499}" = rport=139 | protocol=6 | dir=out | app=system |
"{F0019FC3-21FD-4D08-8077-7D493E8F1CCF}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{09804204-2350-455E-86DC-2FAA82565AA0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1354F6A1-8215-493B-9769-0A70EACC086D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1380CD53-F3D2-4EEF-B9A5-E59C7D82A31B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{166FFDCD-494F-4FA3-86D9-B39F83EBCE15}" = protocol=17 | dir=in | app=c:\users\peckent\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{19F7560F-9D3A-402D-90F5-5D3935CC635B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1FC75898-1BB0-4A13-9D41-5C6323283C3F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{264D1A12-EF98-406D-B445-D85B209234CC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{317C40CB-F4DB-48E2-9CBE-D071D527C077}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{33E181E8-9B22-49DD-83F6-C8709403ED66}" = protocol=6 | dir=out | app=system |
"{36566958-5B85-4E0F-A545-EDD7D13D7B36}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{3DE4F6B4-262A-45C5-B4F4-27E30D06B1EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{42494CDC-F8CA-47BF-9ACE-8E39C37817E1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{474649C4-3A1C-440B-B72A-445B62B870D0}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{4CCA39E1-FD98-491E-A142-8E5F9B48058C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4E1F067D-DFE7-4564-827A-4E16E0AF9BF5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{512A6CB5-85E9-4C42-BB58-793A6027F480}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5546208C-E14D-4251-927C-AA9F628615C0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{55B26457-BF14-44D2-B348-CDFE5572230E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5BDAFD7A-1A8E-4341-8274-1F162A35EF0B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6F3DFD26-A8C2-439F-BA7B-85493848EB55}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{742E5A6D-6CAE-412C-B281-9338B5DE96D0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{780394E4-C85E-4B37-9B52-4C60DDF96136}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{8140C2FD-858B-4074-A0CB-7D3F9FA70D05}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{839F6628-275F-4999-BCD5-BEE487B5C00B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{84F656AB-380E-47E5-8FA2-3E858BFA9208}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8F6232E0-AA39-4BBB-A719-8EE95C54C2FA}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{93EE76D5-AFD9-4E15-AFE6-5EF5D68FC588}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{947B4483-7ED3-42B6-90F0-35F86216B954}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98E944B5-9152-4567-A505-09451AAF6280}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{9E5E8895-89BF-43D8-B9C7-E78324225AAE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A2D5BB28-D2B6-41AD-8A84-173B790B80A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B517816B-3EDC-43D9-8839-C07308B97A55}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B6D33CE8-BE23-470B-AB02-432932F7F71C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C27FA382-3FB3-4985-9675-2D1A1FBCAB53}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CAD7B46B-8A76-447D-BC27-5D444A8EF2AE}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{D74A834E-6B96-4AE9-8498-D99D15B3CEE3}" = protocol=6 | dir=in | app=c:\users\peckent\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D8372440-0E8B-41FE-8F35-2E9AA99D974D}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{DD47BF08-6891-4FAB-BF39-11BD674D87D7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DF44F79E-E551-4E0D-83F0-03A46D72DB89}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E6534443-29CF-4DAE-8DAC-94CF5F16A975}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{FB68550F-C04E-4D1C-82BB-7F8E1F0B87AA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{FF257C5E-2AF3-4783-8930-9B4EB7AA0165}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"TCP Query User{4453CE18-8778-4FD9-A559-5FD21CCE1746}C:\users\peckent\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\peckent\appdata\roaming\spotify\spotify.exe |
"TCP Query User{DB3DB626-5A49-4A3C-BF4D-B101A8B20FCF}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{D12A933B-5ABE-4646-AD1C-91D1ECEB1475}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{D605D22A-42DB-4453-A80F-0498646D430F}C:\users\peckent\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\peckent\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series" = Canon MX340 series MP Drivers
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C01AE65A-8874-3A33-BE03-23F8516A0350}" = ccc-utility64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"HP Print Projects" = HP Print Projects 1.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0190D9DE-6D57-7727-861E-D4BEA111D86B}" = Catalyst Control Center Core Implementation
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0A785656-433A-0575-8C5D-A8EAE05329CA}" = CCC Help Thai
"{0AD77FFC-874E-9AAE-6A76-549DFEB17849}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CD58F4F-B339-4B81-FAD4-2BF9E3590F60}" = CCC Help Czech
"{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A47631D-8875-7993-476D-130C5D41D101}" = CCC Help Spanish
"{1A5B672C-66B6-43C4-8265-9B1D49462EA0}" = ArcSoft WebCam Companion 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28749552-9DBD-1D10-A894-6079282C941F}" = CCC Help German
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30F4D459-824A-498C-826C-7721B777207F}" = Catalyst Control Center - Branding
"{32BA2A6E-6C61-0347-8958-7B2113982A55}" = CCC Help Portuguese
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3C66EECF-8143-55D4-774A-309A59230A92}" = Catalyst Control Center Graphics Full Existing
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4925C0C2-E4E2-456B-9791-0F228BDDC428}" = Facebook Messenger 2.1.4570.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54372041-9715-DE87-F84E-B0995D7567C6}" = CCC Help Chinese Traditional
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D6A4F95-49B5-0FC4-81CF-18176000B235}" = Catalyst Control Center Graphics Full New
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{66D31A57-0446-3886-AEFF-201E1E7C4854}" = Google Talk Plugin
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D3650CA-7104-5DF0-E7EC-290CEC529AF8}" = CCC Help Korean
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76B344A5-F756-0107-3559-1D97F9B316DC}" = CCC Help Norwegian
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C36414C-DC87-4943-A525-BC1717BA17C9}" = HP Documentation
"{7CA09975-C4BE-469D-E45F-E47E9391106B}" = CCC Help Dutch
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81ADC365-6BA4-E757-81DA-BC9DC12DD291}" = Catalyst Control Center InstallProxy
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{8FA97A48-D942-AE67-D901-7C4136CC9DFD}" = CCC Help Danish
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{920E9471-FF68-680F-537C-F21777E53D31}" = CCC Help Turkish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A4E828B6-FE61-E279-A174-F5323931400B}" = CCC Help Finnish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B6BEB695-166D-E268-8AA2-A243F615D0BA}" = CCC Help Japanese
"{C21A705D-D992-204F-8A2A-C31F490F502F}" = CCC Help Greek
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CA634931-0CC3-4067-ABCC-7182E1DC23B7}" = HP Button Manager
"{CAA10DB8-E20C-9192-38F9-1F5399EA2DB7}" = CCC Help Italian
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD184A27-1174-E497-189A-0CA5DB56BC97}" = CCC Help Chinese Standard
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF2371B6-8422-49DB-908B-14B67C074667}" = ArcSoft Magic-i Visual Effects 2
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D31612BB-C6D7-4142-96AE-16DB062354CF}" = HP Webcam User's Guide
"{D3A451EE-219D-F373-5152-8C4760278628}" = Catalyst Control Center Graphics Light
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5959B62-9515-8DC9-ED0B-1680210AAC3E}" = CCC Help English
"{DA9481F2-D8A1-CC1D-4A8E-22854E60C6EB}" = Catalyst Control Center Localization All
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE2B9A3D-976F-BE70-7557-52EE82BAB1C6}" = CCC Help French
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9F950D9-A469-644E-3977-31F2963AEE23}" = CCC Help Swedish
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED6CEC68-1D49-5BCB-57B4-CD128E242356}" = CCC Help Hungarian
"{EDE97402-4A1F-2D15-FDB4-5620C57A9BA5}" = Catalyst Control Center Graphics Previews Common
"{F08A7C44-17FC-ED74-831E-5BCA9D5B77AD}" = ccc-core-static
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1224610-A17E-4E65-560A-D56B963D650D}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7C81FF0-8624-8C6E-D28D-CF68DFE7AE8C}" = Catalyst Control Center Graphics Previews Vista
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"avast" = avast! Free Antivirus
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FriendsChecker" = FriendsChecker
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 en-GB)" = Mozilla Firefox 13.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087396" = Polar Bowler
"WT087414" = Virtual Families
"WT087453" = Chuzzle Deluxe

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2327258083-2090196491-1419138448-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Google Chrome" = Google Chrome
"NetAssistant" = NetAssistant for Firefox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/14/2012 11:08:38 PM | Computer Name = pke | Source = Sound Recorder | ID = 65535
Description =

Error - 1/14/2012 11:08:38 PM | Computer Name = pke | Source = Sound Recorder | ID = 65535
Description =

Error - 1/14/2012 11:08:38 PM | Computer Name = pke | Source = Sound Recorder | ID = 65535
Description =

Error - 1/14/2012 11:08:38 PM | Computer Name = pke | Source = Sound Recorder | ID = 65535
Description =

Error - 1/14/2012 11:08:38 PM | Computer Name = pke | Source = Sound Recorder | ID = 65535
Description =

Error - 1/14/2012 11:08:38 PM | Computer Name = pke | Source = Sound Recorder | ID = 65535
Description =

Error - 1/14/2012 11:08:38 PM | Computer Name = pke | Source = Sound Recorder | ID = 65535
Description =

Error - 1/14/2012 11:08:38 PM | Computer Name = pke | Source = Sound Recorder | ID = 65535
Description =

Error - 1/14/2012 11:08:39 PM | Computer Name = pke | Source = Sound Recorder | ID = 65535
Description =

Error - 1/14/2012 11:08:39 PM | Computer Name = pke | Source = Sound Recorder | ID = 65535
Description =

[ Hewlett-Packard Events ]
Error - 5/2/2012 10:11:17 PM | Computer Name = pke | Source = HPSF.exe | ID = 4000
Description =

Error - 5/17/2012 8:06:16 PM | Computer Name = pke | Source = HPSF.exe | ID = 4000
Description =

Error - 5/17/2012 8:24:07 PM | Computer Name = pke | Source = HPSF.exe | ID = 4000
Description =

Error - 5/17/2012 8:24:13 PM | Computer Name = pke | Source = HPSF.exe | ID = 4000
Description =

Error - 5/17/2012 8:24:27 PM | Computer Name = pke | Source = HPSF.exe | ID = 4000
Description =

Error - 5/17/2012 8:24:33 PM | Computer Name = pke | Source = HPSF.exe | ID = 4000
Description =

Error - 5/17/2012 8:27:43 PM | Computer Name = pke | Source = HPSF.exe | ID = 4000
Description =

Error - 5/17/2012 8:27:47 PM | Computer Name = pke | Source = HPSF.exe | ID = 4000
Description =

Error - 5/24/2012 7:31:52 PM | Computer Name = pke | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146233088 at HPSFConfigReader.ConfigHelper.loadXML()

at HPSFConfigReader.ConfigHelper..ctor() at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources (Boolean
isOnAppLoad) Message: Exception of type 'System.Exception' was thrown. StackTrace:
at HPSFConfigReader.ConfigHelper.loadXML() at HPSFConfigReader.ConfigHelper..ctor()

at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources (Boolean
isOnAppLoad) Source: HPSFConfigReader Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 1786
Ram
Utilization: 80 TargetSite: Void loadXML()

Error - 5/26/2012 10:51:29 AM | Computer Name = pke | Source = HPSF.exe | ID = 4000
Description =

[ HP Wireless Assistant Events ]
Error - 5/6/2012 4:21:27 PM | Computer Name = pke | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 5/12/2012 12:42:14 PM | Computer Name = pke | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 5/17/2012 7:55:14 PM | Computer Name = pke | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 5/19/2012 10:53:43 AM | Computer Name = pke | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)

Error - 5/22/2012 4:16:16 PM | Computer Name = pke | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 5/22/2012 10:24:12 PM | Computer Name = pke | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 6/13/2012 10:09:04 PM | Computer Name = pke | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 7/8/2012 5:44:05 PM | Computer Name = pke | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 7/8/2012 7:26:39 PM | Computer Name = pke | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 7/8/2012 7:28:39 PM | Computer Name = pke | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

[ System Events ]
Error - 12/10/2011 5:39:31 PM | Computer Name = pke | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:29:50 PM on ?12/?10/?2011 was unexpected.

Error - 12/10/2011 5:40:23 PM | Computer Name = pke | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 12/10/2011 6:30:13 PM | Computer Name = pke | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 12/10/2011 7:29:28 PM | Computer Name = pke | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the RtVOsdService service.

Error - 12/10/2011 9:16:58 PM | Computer Name = pke | Source = bowser | ID = 8003
Description =

Error - 12/11/2011 5:56:19 PM | Computer Name = pke | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:29:43 PM on ?12/?11/?2011 was unexpected.

Error - 12/11/2011 5:56:31 PM | Computer Name = pke | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 12/11/2011 5:56:36 PM | Computer Name = pke | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 12/11/2011 5:58:12 PM | Computer Name = pke | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 12/11/2011 6:01:37 PM | Computer Name = pke | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.

Last edited by eddie5659; 22-Jul-2012 at 12:55 PM..
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,259 posts.
 
Join Date: Mar 2001
Location: Bradford, England
22-Jul-2012, 12:24 PM #18
Last then I'll look at the logs

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.08.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
peckent :: PKE [administrator]

Protection: Enabled

7/8/2012 6:32:06 PM
mbam-log-2012-07-08 (18-32-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211376
Time elapsed: 10 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCR\CLSID\{056c9352-8cb3-4465-9190-8a37b981e949} (PUP.AdurrPlugin) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{056C9352-8CB3-4465-9190-8A37B981E949} (PUP.AdurrPlugin) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{056C9352-8CB3-4465-9190-8A37B981E949} (PUP.AdurrPlugin) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{056C9352-8CB3-4465-9190-8A37B981E949} (PUP.AdurrPlugin) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vfd-pmi (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 9
C:\Program Files (x86)\Object (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\chromeaddon (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\content (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\defaults (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\defaults\preferences (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\locale (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\locale\en-US (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\skin (PUP.FCTPlugin) -> Quarantined and deleted successfully.

Files Detected: 32
C:\Program Files (x86)\Object\status.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\chromeaddon.crx (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\ChromeAddon.pem (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\config.ini (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\status2.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\status3.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\status4.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\vfd-pmi_uninstall.exe (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\chromeaddon\._included.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\chromeaddon\background.html (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\chromeaddon\included.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\chromeaddon\manifest.json (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\build.sh (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\chrome.manifest (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\config_build.sh (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\files (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\install.rdf (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\readme.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\content\.DS_Store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\content\firefoxOverlay.xul (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\content\installid.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\content\overlay.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\content\sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\defaults\.DS_Store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\defaults\preferences\.DS_Store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\defaults\preferences\._sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\defaults\preferences\sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\locale\.DS_Store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\locale\en-US\.DS_Store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\locale\en-US\sudoku.dtd (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\locale\en-US\sudoku.properties (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\skin\overlay.css (PUP.FCTPlugin) -> Quarantined and deleted successfully.

(end)
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,259 posts.
 
Join Date: Mar 2001
Location: Bradford, England
22-Jul-2012, 01:05 PM #19
Okay, firstly your Java is out of date, so lets sort that out:

Upgrade Java : (32 bits)
  • Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 5 .
  • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
  • Accept License Agreement.[/b]".
  • Click on the link to download Windows Offline Installation 32 bit ( jre-7u5-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u5-windows-i586.exe and select "Run as an Administrator.")
  • Don't install any of the toolbars that are offered.


After doing the above, for the remains of the Java, can you do this:

Open Java in the Control Panel and under the General tab, under Temporary Internet Files, click the Settings button. Then click on Delete Files.

Make sure both of these options are checked:
  • Applications and Applets
  • Trace and Log Files
OK out of all the screens.

----------------------

Then, go to AddRemove Programs via the control panel, or Start | Programs, and uninstall these, if there:


blekkosearch
conduit
ask.com
websearch


Reboot, then, run the following fix:

The ERUNT tool is just a failsafe, 99.999% of the time, no problems arise, but prefer to be safe


The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  1. Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  2. Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  3. Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  4. Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  5. Make sure that at least the first two check boxes are ticked
  6. Press OK
  7. Press YES to create the folder.

----------------
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{435795D6-C142-443D-9CF5-DF53555445FA}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    IE - HKLM\..\SearchScopes\{435795D6-C142-443D-9CF5-DF53555445FA}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
    IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blekkosearch.mystart.com/vafo...D&tbp=homepage
    IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found
    IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\SearchScopes\{24D32B2D-C7A0-4B38-8AE6-24BFE53EE2B5}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=WCL2&o=100000082&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AA2&apn_dtid=^YYYYYY^YY^US&apn_uid=B6AF509F-47CE-4175-B474-5CB33D721D31&apn_sauid=5ED2A4A0-01E1-4223-8A83-0FEE40211D9B&
    IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch.mystart.com/vafoontoolbar/?source=4744474a&tbp=rbox&toolbarid=vafoontoolbar&u=20120415638E48A580C285152144C76D&q={searchTerms}
    IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\SearchScopes\{435795D6-C142-443D-9CF5-DF53555445FA}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    IE - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
    FF - prefs.js..browser.search.selectedEngine: "Blekko"
    FF - prefs.js..keyword.URL: "http://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=vafoontoolbar&u=USERGUID&q="
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\peckent\Desktop\npAmazonMP3DownloaderPlugin.dll File not found
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin
    CHR - default_search_provider: Conduit (Enabled)
    CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=ct2559 647
    CHR - default_search_provider: suggest_url = http://search.conduit.com/
    O3 - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4 - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
    O4 - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001..\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
    O4 - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe File not found
    O4 - HKU\S-1-5-21-2327258083-2090196491-1419138448-1001..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\peckent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Disney Vacation Connection.lnk = File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [1 C:\Users\peckent\Desktop\*.tmp files -> C:\Users\peckent\Desktop\*.tmp -> ]
    [1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    :Files
    ipconfig /flushdns /c
    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp] 
    [emptyjava]
    [EMPTYFLASH] 
    [CREATERESTOREPOINT] 
    [Reboot]
  • Then click the Run Fix button at the top
  • Click OK.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.


=======================

After doing the above, can you then run this and post the log:

Delete any copies of Combofix that you have.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.
  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

eddie
nittiley's Avatar
Account Disabled with 2,667 posts.
THREAD STARTER
 
Join Date: Aug 2011
Experience: Beginner
27-Jul-2012, 12:06 PM #20
sorry i'm so late returning to this!

thanks for posting the logs

sooo.. my dumb question of the day -- was there a lot of malware on it, or were those other things?
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,259 posts.
 
Join Date: Mar 2001
Location: Bradford, England
28-Jul-2012, 02:04 PM #21
Some of it is malware, some just need tidying up.

If you do all that I posted in the above reply, that would be great
nittiley's Avatar
Account Disabled with 2,667 posts.
THREAD STARTER
 
Join Date: Aug 2011
Experience: Beginner
28-Jul-2012, 03:09 PM #22
Quote:
Originally Posted by eddie5659 View Post
Some of it is malware, some just need tidying up.
good to know! i was curious, so thanks a tonne!!

Quote:
If you do all that I posted in the above reply, that would be great
do you mean quit all my blathering, & messing about, & get to work for crying out loud?! ok, for you, i will . in fact, i'm going right at this instance & having at it. !

except, i'm violating the no-extra-work-on-weekends *rule.* are you fine with that..? i feel like a taskmistress. not good..
(although you mentioned it, so i'll do it, & then you can bother with it whenever it suits. ? )
nittiley's Avatar
Account Disabled with 2,667 posts.
THREAD STARTER
 
Join Date: Aug 2011
Experience: Beginner
28-Jul-2012, 07:32 PM #23
for the java, it didnít give me any options regarding the download; when i clicked on the link it started downloading right away. i moved it to the desktop later (since there wasnít an option for that earlier, not sure what i missed there. even cancelled the download & tried again -- same thing).

then to add to the joy, no OTL log after reboot, so i ran it again. more user-related trouble --> realised (too late) i had word doc open with your instructions . tried to close it, & everything froze.

here is 1st log that was eventually produced:
-----------------

Files\Folders moved on Reboot...
File\Folder C:\Users\peckent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Disney Vacation Connection.lnk not found!
File move failed. C:\Users\peckent\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
C:\Users\peckent\AppData\Local\Temp\~DF3B8481D9F47943A9.TMP moved successfully.
C:\Users\peckent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{585956A3-FEF0-40B5-B0A6-8DB813ED74F0}.tmp moved successfully.
C:\Users\peckent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7E7EF67F-4DFA-494B-9E64-7C371A15EC69}.tmp moved successfully.
C:\Users\peckent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A505D7D0-AC82-420C-991E-9F7481A6D6B3}.tmp moved successfully.
C:\Users\peckent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D0FA1A0D-1BFB-4400-9756-EE7C20FFA748}.tmp moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\peckent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Disney Vacation Connection.lnk not found!
[2011/01/26 01:53:46 | 000,000,000 | ---- | M] () C:\Users\peckent\AppData\Local\Temp\FXSAPIDebugLogFile.txt : Unable to obtain MD5
File C:\Users\peckent\AppData\Local\Temp\~DF3B8481D9F47943A9.TMP not found!
File C:\Users\peckent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{585956A3-FEF0-40B5-B0A6-8DB813ED74F0}.tmp not found!
File C:\Users\peckent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7E7EF67F-4DFA-494B-9E64-7C371A15EC69}.tmp not found!
File C:\Users\peckent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A505D7D0-AC82-420C-991E-9F7481A6D6B3}.tmp not found!
File C:\Users\peckent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D0FA1A0D-1BFB-4400-9756-EE7C20FFA748}.tmp not found!
[2012/07/28 17:16:19 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...

-----------
had thermal shutdown..

final log though! :

--------------------

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{435795D6-C142-443D-9CF5-DF53555445FA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{435795D6-C142-443D-9CF5-DF53555445FA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{435795D6-C142-443D-9CF5-DF53555445FA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{435795D6-C142-443D-9CF5-DF53555445FA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-2327258083-2090196491-1419138448-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2327258083-2090196491-1419138448-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{37153479-1976-43c3-a1ee-557513977b64} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37153479-1976-43c3-a1ee-557513977b64}\ not found.
Registry key HKEY_USERS\S-1-5-21-2327258083-2090196491-1419138448-1001\Software\Microsoft\Internet Explorer\SearchScopes\{24D32B2D-C7A0-4B38-8AE6-24BFE53EE2B5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24D32B2D-C7A0-4B38-8AE6-24BFE53EE2B5}\ not found.
Registry key HKEY_USERS\S-1-5-21-2327258083-2090196491-1419138448-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_USERS\S-1-5-21-2327258083-2090196491-1419138448-1001\Software\Microsoft\Internet Explorer\SearchScopes\{435795D6-C142-443D-9CF5-DF53555445FA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{435795D6-C142-443D-9CF5-DF53555445FA}\ not found.
Registry key HKEY_USERS\S-1-5-21-2327258083-2090196491-1419138448-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "Blekko" removed from browser.search.selectedEngine
Prefs.js: "http://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=vafoontoolbar&u=USERGUID&q=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mywebsearch.com/Plugin\ not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin\ not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearc h.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin not found.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Registry value HKEY_USERS\S-1-5-21-2327258083-2090196491-1419138448-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-2327258083-2090196491-1419138448-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DW6 not found.
Registry value HKEY_USERS\S-1-5-21-2327258083-2090196491-1419138448-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DW7 not found.
Registry value HKEY_USERS\S-1-5-21-2327258083-2090196491-1419138448-1001\Software\Microsoft\Windows\CurrentVersion\Run\\HPAdvisorDock not found.
Registry value HKEY_USERS\S-1-5-21-2327258083-2090196491-1419138448-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Weather not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
File move failed. C:\Users\peckent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Disney Vacation Connection.lnk scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explo rer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explo rer\\NoActiveDesktopChanges not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\ gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ not found.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ not found.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ not found.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ not found.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ not found.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ not found.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad\\WebCheck not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
File/Folder C:\Users\peckent\Desktop\*.tmp not found.
File/Folder C:\Windows\Installer\*.tmp not found.
Unable to delete ADS C:\ProgramData\Temp:430C6D84 .
Unable to delete ADS C:\ProgramData\TempFC5A2B2 .
Unable to delete ADS C:\ProgramData\Temp1B5B4F1 .
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\peckent\Downloads\cmd.bat deleted successfully.
C:\Users\peckent\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: peckent
->Temp folder emptied: 307708 bytes
->Temporary Internet Files folder emptied: 44796 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6789841 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2418 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deplo yment folder emptied: 0 bytes
RecycleBin emptied: 182475220 bytes

Total Files Cleaned = 181.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: peckent
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: peckent
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.55.0 log created on 07282012_173255

Files\Folders moved on Reboot...
File\Folder C:\Users\peckent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Disney Vacation Connection.lnk not found!
File\Folder C:\Users\peckent\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\peckent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Disney Vacation Connection.lnk not found!
File C:\Users\peckent\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012/07/28 17:53:26 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...

----------

thanks v. v. much!!
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,259 posts.
 
Join Date: Mar 2001
Location: Bradford, England
29-Jul-2012, 08:30 AM #24
Its okay to post at the weekends, its just that as I work late hours thru the week, when the weekend comes, I try to get out and do things, or watch films etc. I do still keep an eye on here when I can

As for Java, did it finally install, and were the old ones removed? If you're unsure, can you re-run OTL as you originally did at the very beginning. Only the one log will be produced, just copy/paste that here
nittiley's Avatar
Account Disabled with 2,667 posts.
THREAD STARTER
 
Join Date: Aug 2011
Experience: Beginner
29-Jul-2012, 02:14 PM #25
i would hope you're getting out with a schedule like that!! sounds as if you may as well forget sleeping & breathing if you're putting down those hours !!

glad you mentioned movies, since everyone waits for those installments! ! the soapbox hibernated from neglect (i'm just teasing, & know you can't constantly do everything).

ok, java. ? i was hoping you could tell, eeeeek. i peeked under control panel & programmes, & it said 7.0.50 is there. i didn't re-run OTL, as i'm trying the lazy way first.
is 7.0.50 what's supposed to there? <holding my breath >
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,259 posts.
 
Join Date: Mar 2001
Location: Bradford, England
30-Jul-2012, 02:41 PM #26
That's okay about the Java, that is the latest version

Can you run this for me know

Delete any copies of Combofix that you have.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.
  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

eddie
nittiley's Avatar
Account Disabled with 2,667 posts.
THREAD STARTER
 
Join Date: Aug 2011
Experience: Beginner
30-Jul-2012, 07:22 PM #27
java -- woo hoo!

Quote:
* IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop
today's ridiculous question.. what do i do if it just starts downloading like mad when i click on it, & i can't rename it or save it first? i'll try right clicking, but if that doesn't give me any options, then what?

thanks!!
nittiley's Avatar
Account Disabled with 2,667 posts.
THREAD STARTER
 
Join Date: Aug 2011
Experience: Beginner
31-Jul-2012, 08:27 PM #28
donít know if you need the play-by-play or not..

cf downloaded, i renamed it after the fact & make a desktop shortcut. ran cf, but it never gave the option for the recovery console (which wasnít on there as far as i could tell). everything running along smoothly, then thermal shutdown. i restarted it, & cf. cf said not to run any other programmes & that it was preparing a log.

the log never materialised, just a blinking cursor. i finally closed it, and tried to restart cf. got error message: illegal operation attempted on a registry key that has been marked for deletion.

tried deleting cf & was going to re-install & start over, except it didnít show up anywhere (not under the re-named username123.exe or combofix). same error message no matter what i tried to open (ie. turning avast back on, et al.)

gave up, reinstalled cf --> it ran, it logged ‼

thanks again..


==================

ComboFix 12-07-30.03 - peckent 07/31/2012 15:42:04.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1787.732 [GMT -5:00]
Running from: c:\users\peckent\Desktop\username123.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files (x86)\getdislike\chrome.crx
c:\program files (x86)\getdislike\GetDislike.dll
c:\program files (x86)\getdislike\GetDislike.xpi
c:\program files (x86)\getdislike\Interop.MSHTML.dll
c:\program files (x86)\getdislike\Interop.SHDocVw.dll
c:\program files (x86)\Mozilla Firefox\searchplugins\search.xml
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))
.
.
2012-07-31 20:52 . 2012-07-31 20:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-31 20:12 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75D0242F-26BB-438B-A0CD-11634D5CEA30}\mpengine.dll
2012-07-29 21:35 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-28 21:52 . 2012-07-28 21:52 -------- d-----w- C:\_OTL
2012-07-28 20:52 . 2012-07-28 20:52 -------- d-----w- c:\program files (x86)\ERUNT
2012-07-28 20:27 . 2012-07-28 20:27 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-28 20:26 . 2012-07-28 20:24 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-12 20:40 . 2012-07-21 18:10 18912 ----a-w- c:\program files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2012-07-12 20:39 . 2012-07-21 18:10 136672 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-07-12 20:39 . 2012-07-21 18:10 117728 ----a-w- c:\program files (x86)\Mozilla Firefox\crashreporter.exe
2012-07-12 20:39 . 2012-07-12 20:40 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-07-12 20:39 . 2012-07-21 18:10 913888 ----a-w- c:\program files (x86)\Mozilla Firefox\firefox.exe
2012-07-12 20:39 . 2012-07-21 18:10 573920 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-07-12 20:39 . 2012-07-21 18:10 258528 ----a-w- c:\program files (x86)\Mozilla Firefox\freebl3.dll
2012-07-12 20:39 . 2012-07-21 18:10 82400 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2012-07-12 20:39 . 2012-07-12 20:39 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-07-12 20:39 . 2012-07-21 18:10 425952 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2012-07-12 20:39 . 2012-07-21 18:10 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-07-12 02:16 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 02:04 . 2012-06-02 08:20 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-07-11 23:15 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 23:14 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 23:14 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 23:14 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 23:14 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 23:14 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 23:14 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 23:14 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 23:14 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-08 23:22 . 2012-02-09 18:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93EC3907-C16E-4DE6-A9ED-5A5CBC581474}\gapaengine.dll
2012-07-08 22:31 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-07-08 22:31 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-07-08 22:31 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-07-08 22:30 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-07-08 22:30 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-08 22:30 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-07-08 22:30 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-07-08 22:30 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-08 22:30 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-07-08 22:30 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-07-08 22:28 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-07-08 22:28 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-07-08 22:28 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-08 22:28 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-08 22:28 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-07-08 22:28 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-07-08 21:58 . 2012-07-08 21:58 -------- d-----w- c:\program files (x86)\vafoontoolbar
2012-07-08 21:28 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-08 21:28 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-08 21:28 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-08 21:28 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-08 21:28 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-08 21:28 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-08 21:25 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-08 21:25 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-08 21:20 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-08 21:20 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-08 21:20 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-08 21:20 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-08 21:19 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-08 21:19 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-08 21:19 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-08 21:16 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-08 21:16 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-28 20:24 . 2010-07-11 03:58 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-12 02:08 . 2011-03-10 01:21 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 18:46 . 2011-08-24 17:53 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 16:21 . 2012-05-30 02:13 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-12 15:15 . 2012-04-01 19:21 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-12 15:15 . 2012-03-24 19:12 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2c28e48b-1d93-3aa7-8b5f-82576c04a7bb}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Facebook Update"="c:\users\peckent\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"GoogleChromeAutoLaunch_7F28BBEDCF20FE6B4C022DEFCEC2476C"="c:\users\peckent \AppData\Local\Google\Chrome\Application\chrome.exe" [2012-07-10 1250328]
"InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-17 98304]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-03-23 217256]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\peckent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\peckent\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessen ger.exe [2012-7-26 244656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Button Manager.lnk - c:\program files (x86)\HP Button Manager\BM.exe [2011-5-8 266240]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-21 113120]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-30 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-01 69376]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-20 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-20 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-20 279040]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-04-01 17152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-01 07:40]
.
2012-07-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001Core.job
- c:\users\peckent\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-08 22:59]
.
2012-07-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001UA.job
- c:\users\peckent\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-08 22:59]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 20:04]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 20:04]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001Core.job
- c:\users\peckent\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-02 21:57]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2327258083-2090196491-1419138448-1001UA.job
- c:\users\peckent\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-02 21:57]
.
2012-07-08 c:\windows\Tasks\HPCeeScheduleForpeckent.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\peckent\AppData\Roaming\Mozilla\Firefox\Profiles\oknc1m79.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxp://www.wahooschools.org/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62133&p=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Amazon MP3 Downloader - c:\users\peckent\Desktop\Uninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-31 15:58:03
ComboFix-quarantined-files.txt 2012-07-31 20:58
.
Pre-Run: 166,373,015,552 bytes free
Post-Run: 166,022,574,080 bytes free
.
- - End Of File - - D9D3F6F25ED5572E231EA7904E64530B
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,259 posts.
 
Join Date: Mar 2001
Location: Bradford, England
01-Aug-2012, 04:55 PM #29
Did you manage to get the MBAM log that had over 200 items in it that I mentioned here:

http://forums.techguy.org/8416200-post12.html

When you get the 'thermal shutdown' at shutdown, can you post the full message it gives?

-------------

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :file
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    :folderfind
    *blekkosearch*
    *conduit*
    *ask.com
    *websearch*
    :filefind
    *blekkosearch*
    *conduit*
    *ask.com
    *websearch*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt


-----------------------

Then, can you do this with OTL:
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    Code:
    type C:\Windows\SysNative\tasks\{1C463E37-D396-4685-B76D-7E807B3A6378} /c
    type C:\Windows\SysNative\tasks\{A0C46DB6-84FF-40B1-BB57-C7E1402E28F6} /c
    type C:\Windows\SysNative\tasks\{B0857758-3D4A-4BB0-87EE-A2B6F02AF9C7} /c
    type C:\Windows\SysNative\tasks\{B148C9EA-8965-4743-BE71-C4DD1AC103F6} /c
  • Then click the Run Scan button at the top
  • When the scan completes, it will open only one notepad window, OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file

eddie
nittiley's Avatar
Account Disabled with 2,667 posts.
THREAD STARTER
 
Join Date: Aug 2011
Experience: Beginner
02-Aug-2012, 05:26 PM #30
i thought i already put the mbam logs on, & didn't understand why they weren't showing all those removals (the massive one over 200, & the shorter one.. 43? or something close to that number). i'll paste below.

i'll write down the thermal shutdown notes next time; it happens often enough. i think it begins by saying BIOS. (well, that's helpful, isn't it? )

is that why the mbam didn't show everything? it either completely froze when i clicked to remove it, or there was another thermal shutdown, or both. i'll have to peek at my notes, & i hope i detailed that part.. :S

thanks again eddie !!

============
Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.08.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
peckent :: PKE [administrator]

Protection: Enabled

7/8/2012 6:32:06 PM
mbam-log-2012-07-08 (18-32-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211376
Time elapsed: 10 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCR\CLSID\{056c9352-8cb3-4465-9190-8a37b981e949} (PUP.AdurrPlugin) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{056C9352-8CB3-4465-9190-8A37B981E949} (PUP.AdurrPlugin) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{056C9352-8CB3-4465-9190-8A37B981E949} (PUP.AdurrPlugin) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{056C9352-8CB3-4465-9190-8A37B981E949} (PUP.AdurrPlugin) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vfd-pmi (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 9
C:\Program Files (x86)\Object (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\chromeaddon (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\content (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\defaults (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\defaults\preferences (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\locale (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\locale\en-US (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\skin (PUP.FCTPlugin) -> Quarantined and deleted successfully.

Files Detected: 32
C:\Program Files (x86)\Object\status.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\chromeaddon.crx (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\ChromeAddon.pem (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\config.ini (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\status2.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\status3.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\status4.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\vfd-pmi_uninstall.exe (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\chromeaddon\._included.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\chromeaddon\background.html (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\chromeaddon\included.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\chromeaddon\manifest.json (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\build.sh (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\chrome.manifest (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\config_build.sh (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\files (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\install.rdf (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\readme.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\content\.DS_Store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\content\firefoxOverlay.xul (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\content\installid.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\content\overlay.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\content\sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\defaults\.DS_Store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\defaults\preferences\.DS_Store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\defaults\preferences\._sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\defaults\preferences\sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\locale\.DS_Store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\locale\en-US\.DS_Store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\locale\en-US\sudoku.dtd (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\locale\en-US\sudoku.properties (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\firefoxaddon\skin\overlay.css (PUP.FCTPlugin) -> Quarantined and deleted successfully.

(end)
--------------------
this is the one (below) that had 43 objects & then froze. itís not showing anything; why is that?
----------------------
Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.18.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
peckent :: PKE [administrator]

Protection: Enabled

7/18/2012 12:14:08 PM
mbam-log-2012-07-18 (12-14-08).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 354839
Time elapsed: 1 hour(s), 59 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑