Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

winupd.exe


  • This topic is locked This topic is locked

#1
Sonoya

Sonoya

    New Member

  • Member
  • Pip
  • 7 posts
Every time i turn on my computer, i get that permission from administrator thing about allowing winupd(random 4 digit number here).exe asking to cancel it or allow it. when i go to the task manager it says the process is in the temp folder, but really it's not there. I need some help.
  • 0

Advertisements


#2
Sonoya

Sonoya

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Bumped because i really need help. I'm worried about this program doing something that can harm my computer so dearly. I've tried using some security programs to remove it, but it wont go away. I tried searching it on google, but no results related enough seems to help. Please help me.
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there first I must have a look at your system

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#4
Sonoya

Sonoya

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Well after a few more dozens of folders looking for the intruder and spying in the new to me regedit thing, it seems i might have rid all of what seems to be related to the monster, but i guess it helps to make sure it really is gone.
(and i guess a helpful scan from kaspersky helped.)
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-23 13:56:57
-----------------------------
13:56:57.749 OS Version: Windows 6.0.6001 Service Pack 1
13:56:57.749 Number of processors: 2 586 0x4B02
13:56:57.750 ComputerName: HPPC UserName:
13:57:42.493 Initialize success
13:57:59.996 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
13:57:59.999 Disk 0 Vendor: ST310005 CC38 Size: 953869MB BusType: 6
13:58:02.008 Disk 0 MBR read successfully
13:58:02.014 Disk 0 MBR scan
13:58:02.020 Disk 0 unknown MBR code
13:58:02.031 Disk 0 scanning sectors +1953520065
13:58:02.101 Disk 0 scanning C:\Windows\system32\drivers
13:58:08.515 Service scanning
13:58:09.425 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
13:58:09.431 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
13:58:09.438 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
13:58:09.445 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
13:58:10.202 Modules scanning
13:58:13.660 Disk 0 trace - called modules:
13:58:14.035 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
13:58:14.041 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8699c030]
13:58:14.048 3 CLASSPNP.SYS[88565745] -> nt!IofCallDriver -> [0x84581f08]
13:58:14.055 5 acpi.sys[8060e6a0] -> nt!IofCallDriver -> \Device\00000057[0x851c1af0]
13:58:14.062 Scan finished successfully
13:58:27.676 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
13:58:27.690 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

OTL logfile created on: 10/23/2011 2:02:45 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 50.89% Memory free
3.99 Gb Paging File | 2.48 Gb Available in Paging File | 62.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 922.66 Gb Total Space | 788.18 Gb Free Space | 85.43% Space Free | Partition Type: NTFS
Drive D: | 8.86 Gb Total Space | 1.21 Gb Free Space | 13.62% Space Free | Partition Type: NTFS

Computer Name: HPPC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/23 13:55:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2011/10/12 18:08:39 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2011/10/07 19:28:43 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2011/09/28 16:15:43 | 000,646,232 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooCore.exe
PRC - [2011/09/11 19:54:36 | 000,077,824 | ---- | M] () -- C:\SRN Micro\SOLOSENT.EXE
PRC - [2011/09/11 19:52:54 | 000,303,104 | ---- | M] (SRN Micro Systems) -- C:\SRN Micro\SOLOCFG.EXE
PRC - [2011/09/01 09:29:04 | 001,408,872 | ---- | M] (Garmin) -- C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011/08/27 15:52:54 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/08/18 05:48:31 | 000,025,472 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2011/08/03 07:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/03 07:50:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/08/03 07:50:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/07/27 07:06:44 | 000,267,488 | ---- | M] () -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2010/08/13 15:11:34 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/23 20:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009/11/23 20:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009/11/23 20:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2009/11/23 20:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 03:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2008/01/19 03:33:04 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007/07/06 07:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/05/07 13:35:56 | 001,273,856 | ---- | M] () -- C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 07:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 18:08:39 | 014,410,024 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2011/10/12 18:08:30 | 000,194,344 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2011/10/12 18:08:30 | 000,091,432 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-50.dll
MOD - [2011/10/12 18:08:29 | 000,914,216 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-52.dll
MOD - [2011/10/12 18:08:29 | 000,155,432 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-52.dll
MOD - [2011/09/28 16:15:43 | 000,646,232 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooCore.exe
MOD - [2011/09/11 19:54:36 | 000,077,824 | ---- | M] () -- C:\SRN Micro\SOLOSENT.EXE
MOD - [2011/08/27 15:52:54 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/06/18 13:23:44 | 000,187,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8837c17e16a1ebba04a1f625977bc907\UIAutomationTypes.ni.dll
MOD - [2011/06/18 13:23:34 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2011/06/18 13:22:15 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011/06/18 13:22:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011/06/18 13:21:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011/06/18 13:16:22 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/06/18 13:16:08 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/06/18 13:15:59 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/06/18 13:15:47 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll
MOD - [2011/06/18 13:15:37 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll
MOD - [2011/06/18 13:15:36 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll
MOD - [2011/06/18 13:15:15 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll
MOD - [2011/06/18 13:14:57 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll
MOD - [2011/06/18 13:14:52 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/06/18 13:14:13 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/06/18 12:35:35 | 000,391,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\ff20e15edfa14ce628b0502173347062\System.Xml.Linq.ni.dll
MOD - [2011/06/18 12:35:34 | 001,781,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\19f85a4f6faaeb87a9055ccf23a9f8b7\System.Xaml.ni.dll
MOD - [2011/06/18 12:03:18 | 013,137,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3e016a2e799cfe233b13d88e90c0e0b\System.Windows.Forms.ni.dll
MOD - [2011/06/18 12:03:06 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\53591520988a6ee49924e1efc911df30\System.Drawing.ni.dll
MOD - [2011/06/18 12:03:03 | 017,671,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\2250ddb1626087da27fb00f46a679ff5\PresentationFramework.ni.dll
MOD - [2011/06/18 12:02:47 | 000,980,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\618e6d3cd8824d6d72ae1767acaa1078\System.Configuration.ni.dll
MOD - [2011/06/18 12:02:43 | 011,106,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\ca8307311e87b234b2faa5ee08332722\PresentationCore.ni.dll
MOD - [2011/06/18 12:02:43 | 005,618,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7cc17b90932adaad5651ceb526cade44\System.Xml.ni.dll
MOD - [2011/06/18 12:02:38 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b61b31d1f518e9663fc204e7de21215a\PresentationFramework.Aero.ni.dll
MOD - [2011/06/18 12:02:36 | 007,054,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\0d4cdd1b911d6e28b4fd5c43ab39f7ea\System.Core.ni.dll
MOD - [2011/06/18 12:02:31 | 003,798,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\3154b66d01dcd674b256e03d5f359fac\WindowsBase.ni.dll
MOD - [2011/06/18 12:02:27 | 009,085,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5a8bf6ab1a6ba60e7355fa4cc61fd0c5\System.ni.dll
MOD - [2011/06/18 11:58:39 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\74353039393f68f4c068cc37f759e5be\mscorlib.ni.dll
MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2010/08/18 18:09:36 | 001,736,528 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
MOD - [2010/08/13 14:29:52 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2010/08/13 13:41:55 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/08/05 11:26:14 | 000,061,440 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/08/05 11:26:12 | 000,131,072 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/08/05 11:26:06 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/08/05 11:26:06 | 000,007,680 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/08/05 11:26:04 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/08/05 11:26:04 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/08/05 11:26:00 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/08/05 11:25:50 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/07/13 17:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 17:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2007/05/07 13:35:56 | 001,273,856 | ---- | M] () -- C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/10/12 18:08:39 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/09/17 23:35:44 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/03 07:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/07/27 07:06:44 | 000,267,488 | ---- | M] () [Auto | Running] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/23 20:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/11/23 20:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/10/23 00:35:33 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011/08/03 07:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/03/10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011/03/04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2009/11/02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/08/27 19:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/07/09 13:16:24 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVTHid.sys -- (WacomVTHid)
DRV - [2009/07/07 14:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/05/20 15:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/02 13:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/05/03 14:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/04/20 13:21:18 | 000,265,216 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2007/02/16 15:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-716517509-209390361-264628391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...l_date=20110827
IE - HKU\S-1-5-21-716517509-209390361-264628391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-716517509-209390361-264628391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-716517509-209390361-264628391-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-716517509-209390361-264628391-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-716517509-209390361-264628391-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?..._date=20110827"
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.87
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..extensions.enabledItems: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.3.0
FF - prefs.js..extensions.enabledItems: [email protected]:12.0.0.441
FF - prefs.js..extensions.enabledItems: [email protected]:12.0.0.441
FF - prefs.js..extensions.enabledItems: [email protected]:12.0.0.441

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Owner\AppData\Local\Roblox\Versions\version-684ac714abb74f38\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2011/10/23 01:13:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2011/10/23 01:13:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2011/10/23 01:13:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/17 16:17:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/30 21:16:44 | 000,000,000 | ---D | M]

[2010/08/16 17:23:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/10/23 00:43:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ekvcbexh.default\extensions
[2011/09/02 17:22:32 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ekvcbexh.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/03/21 17:46:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ekvcbexh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/27 17:59:11 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ekvcbexh.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/06/11 21:01:05 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ekvcbexh.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010/08/16 17:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/23 01:13:54 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2011/10/23 01:13:54 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2011/10/23 01:13:54 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SoloScan] C:\SRN Micro\SOLOSCAN.EXE (SRN Micro Systems)
O4 - HKLM..\Run: [SoloSchedule] C:\SRN Micro\SOLOCFG.EXE (SRN Micro Systems)
O4 - HKLM..\Run: [SoloSentry] C:\SRN Micro\SOLOSENT.EXE ()
O4 - HKLM..\Run: [SoloSysCheck] C:\SRN Micro\SYSCHECK.COM ()
O4 - HKLM..\Run: [StartNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-716517509-209390361-264628391-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-716517509-209390361-264628391-1000..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-21-716517509-209390361-264628391-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-716517509-209390361-264628391-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-716517509-209390361-264628391-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-716517509-209390361-264628391-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-716517509-209390361-264628391-1001\..Trusted Ranges: Range1 ([http] in )
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 97.81.22.195 71.92.29.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80D847F1-3B7B-41E5-8FB2-5A9E4BA26EFF}: DhcpNameServer = 192.168.1.1 97.81.22.195 71.92.29.130
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/22 13:22:47 | 000,000,120 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/13 14:41:20 | 000,000,074 | ---- | M] () - C:\AUTOEXEC.SOL -- [ NTFS ]
O33 - MountPoints2\{3eb96c8f-a6fc-11df-b8fb-001bb9d711bf}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{60d0a606-f34e-11e0-adf1-001bb9d711bf}\Shell - "" = AutoRun
O33 - MountPoints2\{60d0a606-f34e-11e0-adf1-001bb9d711bf}\Shell\AutoRun\command - "" = J:\TL_Bootstrap.exe
O33 - MountPoints2\{ae9e2072-c34e-11df-bf78-001bb9d711bf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.garmin.com/agent
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/23 10:50:24 | 000,000,000 | -HSD | C] -- C:\found.001
[2011/10/23 00:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011/10/23 00:58:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Yahoo!
[2011/10/23 00:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2011/10/23 00:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/10/23 00:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011/10/23 00:35:33 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011/10/23 00:34:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/22 23:37:20 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/10/22 14:03:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Uniblue
[2011/10/22 14:03:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/10/22 14:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011/10/22 14:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/10/22 14:03:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\PackageAware
[2011/10/22 13:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solo Antivirus
[2011/10/22 13:22:41 | 000,000,000 | ---D | C] -- C:\SRN Micro
[2011/10/22 13:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure
[2011/10/22 13:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegCure
[2011/10/22 13:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2011/10/10 14:08:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\.minecraft
[2011/10/08 22:54:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2011/10/08 22:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2011/10/08 22:53:51 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\rewire.dll
[2011/10/08 22:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2011/10/08 22:53:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Image-Line
[2011/10/08 22:53:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011/10/08 22:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011/10/08 22:53:15 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim
[2011/10/08 22:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2011/10/08 22:48:39 | 000,819,729 | ---- | C] ( ) -- C:\Windows\System32\mrvcl32.exe
[2011/10/08 22:44:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\FL Studio 10
[2011/10/07 20:50:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/10/07 20:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/10/07 20:47:58 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/10/07 20:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/10/07 20:47:16 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/10/07 19:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/10/07 19:27:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/10/07 19:27:22 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/09/30 21:20:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Macromedia
[2011/09/30 21:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia
[2011/09/30 21:07:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\QuickTime
[2011/09/30 21:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
[2011/09/30 21:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Macromedia
[2011/09/30 21:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macromedia
[2011/09/30 21:05:59 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2011/09/30 21:04:52 | 113,060,248 | ---- | C] (Macromedia ) -- C:\Users\Owner\Desktop\Flash8-en.exe
[2011/09/24 12:57:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
[2011/09/24 12:56:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Roblox
[2011/09/23 18:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trickster Online
[2011/09/23 18:46:55 | 000,000,000 | ---D | C] -- C:\Ntreev USA
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/23 13:58:27 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat
[2011/10/23 13:56:20 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/23 13:56:20 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/23 13:49:54 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011/10/23 13:49:52 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/23 13:49:52 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/23 13:49:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/23 01:13:52 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011/10/23 01:13:52 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2011/10/23 00:45:45 | 000,017,408 | ---- | M] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
[2011/10/23 00:35:33 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011/10/23 00:34:47 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/10/22 16:26:52 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/10/22 14:03:51 | 000,001,593 | ---- | M] () -- C:\Users\Owner\Desktop\Uniblue RegistryBooster.lnk
[2011/10/22 14:03:51 | 000,001,583 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2011/10/22 13:23:15 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2011/10/22 13:23:15 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\RegCure.job
[2011/10/22 13:22:47 | 000,000,120 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/10/22 13:22:47 | 000,000,038 | ---- | M] () -- C:\Windows\SOLOSCAN.BAT
[2011/10/22 13:22:43 | 000,000,541 | ---- | M] () -- C:\Users\Owner\Desktop\Solo Antivirus Scanner.lnk
[2011/10/22 13:12:28 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\RegCure.lnk
[2011/10/09 21:20:20 | 000,001,083 | ---- | M] () -- C:\Users\Owner\Desktop\Play Roblox.lnk
[2011/10/08 22:54:15 | 000,000,937 | ---- | M] () -- C:\Users\Owner\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2011/10/08 22:53:50 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2011/10/08 22:48:41 | 000,819,729 | ---- | M] ( ) -- C:\Windows\System32\mrvcl32.exe
[2011/10/08 18:21:09 | 000,091,260 | ---- | M] () -- C:\Users\Owner\Documents\asdfe.swf
[2011/10/07 19:34:43 | 000,000,213 | ---- | M] () -- C:\Users\Owner\Desktop\Team Fortress 2.url
[2011/10/07 19:27:29 | 000,000,788 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/10/01 15:33:36 | 001,464,320 | ---- | M] () -- C:\Users\Owner\Documents\asdfe.fla
[2011/09/30 21:56:44 | 000,032,226 | ---- | M] () -- C:\Users\Owner\Documents\comboonedesktop.swf
[2011/09/30 21:48:46 | 000,472,064 | ---- | M] () -- C:\Users\Owner\Documents\comboonedesktop.fla
[2011/09/30 21:16:43 | 000,001,801 | ---- | M] () -- C:\Users\Public\Desktop\Macromedia Flash 8.lnk
[2011/09/28 16:18:49 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Bamboo Dock.lnk
[2011/09/27 18:20:20 | 000,085,210 | ---- | M] () -- C:\Users\Owner\Desktop\Me naked.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/23 13:58:27 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat
[2011/10/23 00:45:40 | 000,017,408 | ---- | C] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
[2011/10/23 00:37:28 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/10/23 00:37:28 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011/10/22 14:03:59 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2011/10/22 14:03:51 | 000,001,593 | ---- | C] () -- C:\Users\Owner\Desktop\Uniblue RegistryBooster.lnk
[2011/10/22 14:03:51 | 000,001,583 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2011/10/22 13:22:47 | 000,000,038 | ---- | C] () -- C:\Windows\SOLOSCAN.BAT
[2011/10/22 13:22:43 | 000,000,541 | ---- | C] () -- C:\Users\Owner\Desktop\Solo Antivirus Scanner.lnk
[2011/10/22 13:12:30 | 000,000,390 | ---- | C] () -- C:\Windows\tasks\RegCure Program Check.job
[2011/10/22 13:12:30 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\RegCure.job
[2011/10/22 13:12:28 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\RegCure.lnk
[2011/10/08 22:54:15 | 000,000,937 | ---- | C] () -- C:\Users\Owner\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2011/10/08 22:53:51 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2011/10/07 20:47:58 | 000,004,358 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2011/10/07 19:34:43 | 000,000,213 | ---- | C] () -- C:\Users\Owner\Desktop\Team Fortress 2.url
[2011/10/07 19:27:29 | 000,000,788 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/10/01 10:07:34 | 000,091,260 | ---- | C] () -- C:\Users\Owner\Documents\asdfe.swf
[2011/10/01 00:07:32 | 001,464,320 | ---- | C] () -- C:\Users\Owner\Documents\asdfe.fla
[2011/09/30 21:41:53 | 000,032,226 | ---- | C] () -- C:\Users\Owner\Documents\comboonedesktop.swf
[2011/09/30 21:37:55 | 000,472,064 | ---- | C] () -- C:\Users\Owner\Documents\comboonedesktop.fla
[2011/09/30 21:16:43 | 000,001,801 | ---- | C] () -- C:\Users\Public\Desktop\Macromedia Flash 8.lnk
[2011/09/28 16:18:49 | 000,000,920 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo Dock.lnk
[2011/09/27 18:20:15 | 000,085,210 | ---- | C] () -- C:\Users\Owner\Desktop\Me naked.jpg
[2011/09/24 12:57:06 | 000,001,083 | ---- | C] () -- C:\Users\Owner\Desktop\Play Roblox.lnk
[2011/09/06 15:28:00 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/05/15 10:59:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/03/21 17:49:21 | 000,003,582 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2011/03/11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2010/10/13 21:12:05 | 000,003,584 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/11 18:22:58 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/09/11 18:22:58 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/09/08 17:41:48 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2010/08/13 14:33:47 | 000,107,026 | ---- | C] () -- C:\Windows\hpqins13.dat
[2010/08/13 14:22:27 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2010/08/13 14:20:11 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2010/08/13 14:20:11 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/05/14 08:28:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 02:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 02:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,396,160 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/10/02 13:47:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.minecraft
[2011/09/02 17:25:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GARMIN
[2011/08/21 16:47:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LolClient
[2010/10/13 21:25:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\muvee Technologies
[2010/08/13 12:46:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Snapfish
[2011/03/21 17:49:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2010/08/18 18:07:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\UB
[2011/10/22 14:03:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Uniblue
[2011/09/17 22:03:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Wacom
[2011/09/17 22:03:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2011/07/12 10:17:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
[2011/09/17 18:08:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WTouch
[2011/10/22 13:23:15 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\RegCure Program Check.job
[2011/10/22 13:23:15 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\RegCure.job
[2011/10/23 13:49:54 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2011/10/23 13:48:26 | 000,032,528 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2010/08/13 15:11:35 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010/08/13 15:11:34 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2010/08/13 15:11:34 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010/08/13 15:11:34 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010/08/13 15:34:35 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2010/08/13 15:34:34 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2010/08/13 15:11:34 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< End of report >

OTL Extras logfile created on: 10/23/2011 2:02:45 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 50.89% Memory free
3.99 Gb Paging File | 2.48 Gb Available in Paging File | 62.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 922.66 Gb Total Space | 788.18 Gb Free Space | 85.43% Space Free | Partition Type: NTFS
Drive D: | 8.86 Gb Total Space | 1.21 Gb Free Space | 13.62% Space Free | Partition Type: NTFS

Computer Name: HPPC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-716517509-209390361-264628391-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04BDD04A-343A-4BCF-B397-7C0FFF9B7D50}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{0D13877E-9DAF-43FD-87B6-C2298C3BF9F9}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{1E3F2DD9-1A05-4BAA-ADFF-BF158A99807C}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3CBE643F-6C14-4B08-A3F6-24287FB59B4D}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{3D33A93A-DFE7-4E55-92DD-A433C97D63B2}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4EDD18A4-7F7F-48DF-A0CA-95B0026AB822}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5A075991-3441-42C7-AD81-BD273E29870F}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5A7E728E-D3E0-423A-B353-552FBACADAE1}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{5F698A40-EA0F-46FC-AEEA-E95D97430543}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{7385B91B-E2C9-411E-B9C0-CED20E509925}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8C7B73CA-B053-4E36-9FB5-D00F5161043E}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{99A165E0-AF59-413D-8C4F-685FF451D8D7}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{9B6E8B2E-27F2-40D2-9658-D220264E7457}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9CA8507D-7BA9-49CC-8EA5-6715023FF213}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{A850703B-43F7-49DE-864B-0621CA8BF35A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D1421A79-C557-46CB-A731-31AA694758DF}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{DFBC2E6F-86B7-4877-9049-00BFB1222F8C}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{EFEB0A7D-E47D-4F60-92F4-1616466DC478}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{F494FFF2-C064-4C6C-B118-CD417CC1AC89}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"TCP Query User{0F071F5E-7E7F-4E6B-B9CB-2700C45DBB25}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{908198D1-C9F8-465E-845D-9A9A1451007B}C:\program files\steam\steamapps\unkown17\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\unkown17\team fortress 2\hl2.exe |
"TCP Query User{A44777E9-C14B-48CA-B94E-6F76DE2DB735}C:\srn micro\solocfg.exe" = protocol=6 | dir=in | app=c:\srn micro\solocfg.exe |
"UDP Query User{12ED5EF5-94F4-47F3-9BD1-5BEB55B98063}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"UDP Query User{D09CF3CC-B202-41D4-A3B4-060A01637E30}C:\srn micro\solocfg.exe" = protocol=17 | dir=in | app=c:\srn micro\solocfg.exe |
"UDP Query User{D20140A7-1431-4D8D-8605-3650E4CF712C}C:\program files\steam\steamapps\unkown17\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\unkown17\team fortress 2\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}" = HP Active Support Library
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{14AF024E-2E3B-49D0-A175-D1C1A06B155A}" = muvee autoProducer 6.0
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EBFAB00-674D-27E3-91B0-3BAA73FC6FA6}" = Bamboo Dock
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{73F01EB9-1682-4678-B856-F672D09F1E32}" = Garmin Lifetime Updater
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}" = LightScribe 1.6.45.1
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"ASIO4ALL" = ASIO4ALL
"Bamboo Dock" = Bamboo Dock
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"FL Studio 10" = FL Studio 10
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"IL Download Manager" = IL Download Manager
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"Network MagicUninstall" = Network Magic
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Pen Tablet Driver" = Bamboo
"RegCure" = RegCure
"Rhapsody" = Rhapsody
"SoloAV_is1" = Solo Antivirus 11.0
"StartNow Toolbar" = StartNow Toolbar
"Steam App 440" = Team Fortress 2
"The Rise of Atlantis_is1" = The Rise of Atlantis
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WildTangent hp Master Uninstall" = My HP Games
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-716517509-209390361-264628391-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Owner
"UB" = UB

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/19/2011 7:12:34 PM | Computer Name = HPPC | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4e989cd3,
faulting module client.dll, version 0.0.0.0, time stamp 0x4e9e29d7, exception code
0xc0000005, fault offset 0x004019b4, process id 0x127c, application start time 0x01cc8eb311f4bb4b.

Error - 10/19/2011 7:35:24 PM | Computer Name = HPPC | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4e989cd3,
faulting module client.dll, version 0.0.0.0, time stamp 0x4e9e29d7, exception code
0xc0000005, fault offset 0x004019b4, process id 0xfd4, application start time 0x01cc8eb4c655783b.

Error - 10/19/2011 8:29:29 PM | Computer Name = HPPC | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4e989cd3,
faulting module client.dll, version 0.0.0.0, time stamp 0x4e9e29d7, exception code
0xc0000005, fault offset 0x004019b4, process id 0x750, application start time 0x01cc8eb7d36c743b.

Error - 10/19/2011 8:58:01 PM | Computer Name = HPPC | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4e989cd3,
faulting module client.dll, version 0.0.0.0, time stamp 0x4e9e29d7, exception code
0xc0000005, fault offset 0x004019b4, process id 0x1460, application start time 0x01cc8ebf66f0049b.

Error - 10/19/2011 9:40:39 PM | Computer Name = HPPC | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4e989cd3,
faulting module engine.dll, version 0.0.0.0, time stamp 0x4e9cd905, exception code
0xc0000005, fault offset 0x0006b05a, process id 0x450, application start time 0x01cc8ec67df80f0b.

Error - 10/19/2011 9:40:44 PM | Computer Name = HPPC | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4e989cd3,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x0079006c, process id 0x450, application start time 0x01cc8ec67df80f0b.

Error - 10/19/2011 10:17:23 PM | Computer Name = HPPC | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4e989cd3,
faulting module filesystem_steam.dll_unloaded, version 0.0.0.0, time stamp 0x4e9cd861,
exception code 0xc0000005, fault offset 0x6c35f1e9, process id 0x70c, application
start time 0x01cc8ec95dcb55eb.

Error - 10/20/2011 4:16:42 PM | Computer Name = HPPC | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4e989cd3,
faulting module client.dll, version 0.0.0.0, time stamp 0x4e9f7307, exception code
0xc0000005, fault offset 0x004016a4, process id 0x11cc, application start time 0x01cc8f5eb1e24494.

Error - 10/20/2011 4:27:13 PM | Computer Name = HPPC | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4e989cd3,
faulting module client.dll, version 0.0.0.0, time stamp 0x4e9f7307, exception code
0xc0000005, fault offset 0x004016a4, process id 0x1110, application start time 0x01cc8f65450db784.

Error - 10/20/2011 9:05:40 PM | Computer Name = HPPC | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4e989cd3,
faulting module filesystem_steam.dll_unloaded, version 0.0.0.0, time stamp 0x4e9f441f,
exception code 0xc0000005, fault offset 0x6a8ef1e9, process id 0x11f8, application
start time 0x01cc8f796a37b1b6.

[ System Events ]
Error - 10/23/2011 12:42:11 AM | Computer Name = HPPC | Source = HTTP | ID = 15016
Description =

Error - 10/23/2011 1:03:52 AM | Computer Name = HPPC | Source = Service Control Manager | ID = 7032
Description =

Error - 10/23/2011 1:03:52 AM | Computer Name = HPPC | Source = Service Control Manager | ID = 7032
Description =

Error - 10/23/2011 1:15:56 AM | Computer Name = HPPC | Source = Service Control Manager | ID = 7032
Description =

Error - 10/23/2011 1:15:56 AM | Computer Name = HPPC | Source = Service Control Manager | ID = 7032
Description =

Error - 10/23/2011 1:24:46 AM | Computer Name = HPPC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume HP.

Error - 10/23/2011 10:52:22 AM | Computer Name = HPPC | Source = HTTP | ID = 15016
Description =

Error - 10/23/2011 11:22:53 AM | Computer Name = HPPC | Source = DCOM | ID = 10000
Description =

Error - 10/23/2011 11:28:35 AM | Computer Name = HPPC | Source = HTTP | ID = 15016
Description =

Error - 10/23/2011 1:49:58 PM | Computer Name = HPPC | Source = HTTP | ID = 15016
Description =


< End of report >

Edited by Sonoya, 23 October 2011 - 12:18 PM.

  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You look to have done a good job :)

I would recommend that you uninstall start now toolbar as it has a bit of an iffy reputation

Lets have a quick sweep for orphans

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#6
Sonoya

Sonoya

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Why thank you. :)
The start now bar you say? Well, if its one thing, its the bing bar i should uninstall. When opening new tabs it's pretty annoying how it interrupts the address bar. And i've actually been looking for how to getting rid of that(found it).


Database version: 8007

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

10/23/2011 4:24:32 PM
mbam-log-2011-10-23 (16-24-32).txt

Scan type: Quick scan
Objects scanned: 182164
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Temp\wpbt0.dll (Exploit.Drop) -> Quarantined and deleted successfully.
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Any further problems apparent ?

I hate toolbars :)
  • 0

#8
Sonoya

Sonoya

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Not at all. It's back to being as though its brand new again. Although, I do have questions. Do you know where or how i could have gotten this stubborn spy? Winupd.exe i should restate. Winupd1273.exe winupd4556.exe winupd8699.exe and other variations of it with 4 digit numbers that it keeps recreating. And also, searching up on what kind of penetrating ware this is, it's pretty lame how such an old thing could have gotten in my computer.
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Unfortunately there is no sure fire way - it could have been an infected website, an infected codec or picture. There are so many avenues now it is hard to keep track

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :yes:
  • 0

#10
Sonoya

Sonoya

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
My my, this OTL is taking quite a bit of time. Few hours and it's still trying to reset host files. Typing this on a different computer by the way.
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Stop OTL your host file is obviously protected by your AV
  • 0

#12
Sonoya

Sonoya

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ah. I'll be back here next weekend to resolve the rest of the clean up, just for now i will use my other computer.
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A reboot will stop OTL and allow you to proceed with no problems
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP