Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow internet, freezing applications - possible malware? [Sol


  • This topic is locked This topic is locked

#1
boots789

boots789

    Member

  • Member
  • PipPip
  • 50 posts
Hello,

I recently acquired a Compaq Presario C700 that is running Windows 7 Extreme Edition R1 from a friend. I've found that it has been exhibiting some strange behavior, such as:

- Various applications will stop responding and freeze occasionally.
- Sometimes when I attempt to open an application, I will make multiple attempts to run it, but it will never open until I reboot.
- Network connectivity is extremely slow. I'm currently using a hard-wired LAN connection and I find it almost impossible to use the internet because most web pages stall or won't load at all. I will often have to refresh the page several times to even get all the graphics to load. This isn't a problem with our home network because all of the other computers connected to the network work perfectly.
- It appears that the computer has a wireless card, but the drivers or any trace of it have disappeared.
- I run Webroot Windows Washer on all of my computers and every time I attempt to run it, it fails to even start scanning.

McAfee hasn't detected any viruses and I'm always very careful to avoid malware.

Any help you could offer would be very much appreciated.

Here is an OTL log:

OTL logfile created on: 4/8/2012 10:08:55 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\TheGreatAndyGrady\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.02 Mb Total Physical Memory | 195.25 Mb Available Physical Memory | 19.26% Memory free
2.51 Gb Paging File | 0.96 Gb Available in Paging File | 38.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 199.35 Gb Free Space | 66.90% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 326.98 Gb Free Space | 70.20% Space Free | Partition Type: NTFS

Computer Name: SEANLAPTOP2 | User Name: TheGreatAndyGrady | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/08 22:08:27 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\TheGreatAndyGrady\Downloads\OTL.exe
PRC - [2012/03/20 01:17:51 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/18 08:59:28 | 000,282,648 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\saUI.exe
PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/12/06 18:25:42 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011/12/06 18:21:24 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/12/06 18:21:08 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/11/22 18:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/04/20 10:12:18 | 000,618,896 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2011/04/20 10:12:12 | 001,633,680 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\wwDisp.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/19 16:58:01 | 000,125,424 | ---- | M] (AnalogX, LLC) -- C:\Program Files\AnalogX\MaxMem\maxmem.exe
PRC - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/12 18:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 18:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/10/12 17:44:00 | 000,071,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\ssonsvr.exe
PRC - [2010/06/24 15:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 15:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009/09/06 03:08:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2007/09/28 02:34:58 | 000,790,651 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/20 01:17:50 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/18 14:05:36 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/20 10:12:16 | 000,040,848 | ---- | M] () -- C:\Program Files\Webroot\Washer\Languages\English.dll
MOD - [2011/04/20 10:11:50 | 000,559,244 | ---- | M] () -- C:\Program Files\Webroot\Washer\sqlite3.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\TEMP\030691~1.EXE -- (0306911329963561mcinstcleanup) McAfee Application Installer Cleanup (0306911329963561)
SRV - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/12/06 18:25:42 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/12/06 18:21:24 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/12/06 18:21:08 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/10/18 17:59:54 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/20 10:12:18 | 000,618,896 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/06/24 15:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/05/18 19:07:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/09/06 03:08:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmci.sys -- (vmci)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\vmaudio.sys -- (VMAUDIO) VMware VMaudio (VMAUDIO) (WDM)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Adapter | Unavailable | Unknown] -- -- (PnSson)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - [2011/10/15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/10/15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/15 13:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/10/15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/15 13:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/10/15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/10/15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/06/01 08:17:14 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\appliand.sys -- (appliandMP)
DRV - [2011/06/01 08:17:14 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appliand.sys -- (appliand)
DRV - [2011/05/18 09:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/11/20 08:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 08:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 06:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/14 13:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/05/18 18:37:03 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/10/26 03:33:39 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/10/21 16:47:48 | 000,011,440 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmmouse.sys -- (vmmouse)
DRV - [2009/10/21 16:46:54 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vm3dmp.sys -- (vm3dmp)
DRV - [2009/10/09 03:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/10/07 09:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Notebooks Deluxe(UVC)
DRV - [2009/10/07 09:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 09:46:14 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/09/28 11:27:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/09/22 11:40:48 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/08/21 08:48:12 | 000,027,136 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV - [2009/08/04 06:49:08 | 000,106,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iSSetup.sys -- (iSSetup)
DRV - [2009/07/26 18:00:00 | 000,047,448 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2009/07/26 18:00:00 | 000,044,064 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2009/07/13 18:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/07/04 12:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/07/02 02:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/06/30 13:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/06/25 10:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 10:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 10:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/04/20 14:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/11/27 15:10:24 | 000,013,440 | ---- | M] (NoteBurn Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ntcdrdrv.sys -- (ntcdrdrv)
DRV - [2008/01/18 00:14:20 | 000,037,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qd26032.sys -- (ioatdma) Intel®
DRV - [2008/01/18 00:14:14 | 000,036,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qd16032.sys -- (ioatdma1)
DRV - [2007/09/27 04:53:00 | 000,062,464 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sxuptp.sys -- (sxuptp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3B6B16B8-B530-42C5-8527-4589C4BDE69B}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/18 20:31:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/28 19:11:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/03/15 03:30:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/20 01:17:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/06 19:32:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/18 20:31:15 | 000,000,000 | ---D | M]

[2011/01/08 23:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TheGreatAndyGrady\AppData\Roaming\mozilla\Extensions
[2011/01/08 23:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TheGreatAndyGrady\AppData\Roaming\mozilla\Extensions\[email protected]
[2010/05/19 18:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TheGreatAndyGrady\AppData\Roaming\mozilla\Firefox\Profiles\l390k2bb.default\extensions
[2012/04/08 21:46:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/08 21:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/15 03:30:12 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
[2012/02/28 19:11:27 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2012/03/20 01:17:51 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/13 23:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2010/10/12 17:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 17:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 17:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/10/12 17:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2012/04/08 21:45:43 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/08 18:40:56 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010/10/12 19:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010/10/12 17:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/02/12 20:30:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/15 13:50:51 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/02/12 20:30:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/02/17 02:13:06 | 000,430,078 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14802 more lines...
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120218123111.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11f_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\TheGreatAndyGrady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Network USB Hub Control Center.lnk = C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe (Belkin International, Inc.)
O4 - Startup: C:\Users\TheGreatAndyGrady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\V CAST Media Monitor.lnk = C:\Program Files\V CAST Media Manager\MEMonitor.exe (Smith Micro, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49DC1599-79A3-411B-BDD4-2ED60B3759D2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{773DDC8F-DD42-49A2-87A9-3EE75FBA3F2A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/06/23 02:57:12 | 000,000,000 | ---D | M] - H:\autorun -- [ NTFS ]
O32 - AutoRun File - [2005/11/17 18:15:24 | 000,000,069 | -H-- | M] () - H:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{a91ee59e-ca9b-11df-bbf2-001b38f28199}\Shell - "" = AutoRun
O33 - MountPoints2\{a91ee59e-ca9b-11df-bbf2-001b38f28199}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/08 21:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/08 21:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/08 21:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/08 21:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/08 20:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/03/29 22:28:55 | 000,000,000 | ---D | C] -- C:\Users\TheGreatAndyGrady\AppData\Local\Apple
[2012/03/29 22:28:16 | 000,000,000 | ---D | C] -- C:\Users\TheGreatAndyGrady\AppData\Local\Apple Computer
[2012/03/28 23:02:13 | 000,000,000 | ---D | C] -- C:\Windows\LastGood

========== Files - Modified Within 30 Days ==========

[2012/04/08 22:13:17 | 000,017,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/08 22:13:17 | 000,017,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/08 21:10:03 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/08 20:02:28 | 000,001,788 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/03/29 23:09:01 | 000,634,538 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/29 23:09:01 | 000,111,130 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/29 23:06:43 | 000,039,936 | ---- | M] () -- C:\Users\TheGreatAndyGrady\Documents\DJ Mix KK.zdl
[2012/03/15 03:25:37 | 000,560,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/15 03:25:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

========== Files Created - No Company Name ==========

[2012/04/08 21:10:03 | 000,001,713 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/29 23:06:43 | 000,039,936 | ---- | C] () -- C:\Users\TheGreatAndyGrady\Documents\DJ Mix KK.zdl
[2011/11/08 22:59:48 | 000,268,568 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/09/13 22:47:36 | 000,007,650 | ---- | C] () -- C:\Users\TheGreatAndyGrady\AppData\Local\Resmon.ResmonCfg
[2011/06/23 00:11:40 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/23 00:10:09 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/06 23:14:39 | 000,005,120 | ---- | C] () -- C:\Users\TheGreatAndyGrady\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/18 20:21:47 | 000,202,420 | ---- | C] () -- C:\Windows\hpoins18.dat
[2011/02/18 20:21:47 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2010/11/30 17:37:48 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2010/05/18 18:37:55 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll

========== LOP Check ==========

[2010/05/19 19:35:32 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\acccore
[2011/02/18 17:56:08 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\ACD Systems
[2011/03/17 21:51:50 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\Avery
[2010/09/17 17:03:42 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\enchant
[2010/05/18 18:40:14 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\ESET
[2010/11/09 18:58:17 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\Foxit Software
[2010/12/28 23:48:54 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\ICAClient
[2011/09/12 21:42:26 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\NetMedia Providers
[2011/01/30 22:26:18 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\OpenOffice.org
[2010/07/29 21:56:01 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\Opera
[2011/09/12 21:42:26 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\Publish Providers
[2011/06/30 18:48:07 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\Replay Media Catcher 4
[2011/06/24 17:24:55 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\Smith Micro
[2011/11/05 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\Sony
[2011/01/08 23:18:16 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\TomTom
[2010/07/16 16:07:27 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\uTorrent
[2011/11/10 00:28:25 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Users\TheGreatAndyGrady\Desktop\2011BoutselisW2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\TheGreatAndyGrady\Desktop\2011Boutselis1098E.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >


Thank you!

Edited by boots789, 08 April 2012 - 08:40 PM.

  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi, boots789! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Since it has been awhile we need an updated OTL plus Extras and aswMBR logs :)


Step 1.

Download OTL to your Desktop
or
If you still have OTL on your desktop go immediately to the following steps:

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Under File Scans File Age: Select 90 days from the drop down box.
  • Select Lop Check and Purity Check
  • Under Extra Registry: Select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt and Extras.txt .
  • Post both logs


Step 2.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
If it does not run rename aswMBR.exe to Iexplore.exe and try it again.

Step 3.

Please post:

OTL.txt
Extras.txt
aswMBR log





Give me any updates on issues with your computer
  • 0

#3
boots789

boots789

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
The aswMBR scan seems to have stalled on the last step while scanning C:\Users\TheGreatAndyGrady\Downloads\SkypeSetup.exe.

In the meantime, here are the other logs you requested. I'll try the aswMBR one again and will post it once it completes.

OTL logfile created on: 4/11/2012 10:01:10 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\TheGreatAndyGrady\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.02 Mb Total Physical Memory | 263.80 Mb Available Physical Memory | 26.02% Memory free
2.51 Gb Paging File | 0.76 Gb Available in Paging File | 30.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 199.07 Gb Free Space | 66.80% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 326.98 Gb Free Space | 70.20% Space Free | Partition Type: NTFS

Computer Name: SEANLAPTOP2 | User Name: TheGreatAndyGrady | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/04/11 21:58:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\TheGreatAndyGrady\Desktop\OTL(1).exe
PRC - [2012/03/20 01:17:51 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/18 08:59:28 | 000,282,648 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\saUI.exe
PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/12/06 18:25:42 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011/12/06 18:21:24 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/12/06 18:21:08 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/11/22 18:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/04/20 10:12:18 | 000,618,896 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2011/04/20 10:12:12 | 001,633,680 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\wwDisp.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/19 16:58:01 | 000,125,424 | ---- | M] (AnalogX, LLC) -- C:\Program Files\AnalogX\MaxMem\maxmem.exe
PRC - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/09/06 03:08:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/09/28 02:34:58 | 000,790,651 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/20 01:17:50 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/18 14:05:36 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/20 10:12:16 | 000,040,848 | ---- | M] () -- C:\Program Files\Webroot\Washer\Languages\English.dll
MOD - [2011/04/20 10:11:50 | 000,559,244 | ---- | M] () -- C:\Program Files\Webroot\Washer\sqlite3.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Windows\TEMP\030691~1.EXE -- (0306911329963561mcinstcleanup) McAfee Application Installer Cleanup (0306911329963561)
SRV - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/12/06 18:25:42 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/12/06 18:21:24 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/12/06 18:21:08 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/10/18 17:59:54 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/20 10:12:18 | 000,618,896 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/05/18 19:07:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/09/06 03:08:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmci.sys -- (vmci)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\vmaudio.sys -- (VMAUDIO) VMware VMaudio (VMAUDIO) (WDM)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\ntcdrdrv.sys -- (ntcdrdrv)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - [2011/10/15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/10/15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/15 13:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/10/15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/15 13:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/10/15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/10/15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/06/01 08:17:14 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\appliand.sys -- (appliandMP)
DRV - [2011/06/01 08:17:14 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appliand.sys -- (appliand)
DRV - [2011/05/18 09:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/11/20 08:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 08:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 06:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/18 18:37:03 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/10/26 03:33:39 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/10/21 16:47:48 | 000,011,440 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmmouse.sys -- (vmmouse)
DRV - [2009/10/21 16:46:54 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vm3dmp.sys -- (vm3dmp)
DRV - [2009/10/09 03:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/10/07 09:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Notebooks Deluxe(UVC)
DRV - [2009/10/07 09:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 09:46:14 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/09/28 11:27:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/09/22 11:40:48 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/08/21 08:48:12 | 000,027,136 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV - [2009/08/04 06:49:08 | 000,106,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iSSetup.sys -- (iSSetup)
DRV - [2009/07/26 18:00:00 | 000,047,448 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2009/07/26 18:00:00 | 000,044,064 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2009/07/13 18:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/07/04 12:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/07/02 02:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/06/30 13:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/06/25 10:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 10:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 10:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/04/20 14:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/01/18 00:14:20 | 000,037,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qd26032.sys -- (ioatdma) Intel®
DRV - [2008/01/18 00:14:14 | 000,036,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qd16032.sys -- (ioatdma1)
DRV - [2007/09/27 04:53:00 | 000,062,464 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sxuptp.sys -- (sxuptp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.win7extreme.project-os.org
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.win7extreme.project-os.org
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-3412074288-2600070759-2522700596-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3412074288-2600070759-2522700596-1005\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3412074288-2600070759-2522700596-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3412074288-2600070759-2522700596-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3412074288-2600070759-2522700596-1005\..\SearchScopes\{3B6B16B8-B530-42C5-8527-4589C4BDE69B}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKU\S-1-5-21-3412074288-2600070759-2522700596-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3412074288-2600070759-2522700596-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/18 20:31:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/28 19:11:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/03/15 03:30:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/10 21:44:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/10 21:44:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/18 20:31:15 | 000,000,000 | ---D | M]

[2011/01/08 23:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TheGreatAndyGrady\AppData\Roaming\mozilla\Extensions
[2011/01/08 23:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TheGreatAndyGrady\AppData\Roaming\mozilla\Extensions\[email protected]
[2010/05/19 18:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TheGreatAndyGrady\AppData\Roaming\mozilla\Firefox\Profiles\l390k2bb.default\extensions
[2012/04/08 21:46:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/08 21:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/15 03:30:12 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
[2012/02/28 19:11:27 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2012/03/20 01:17:51 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/13 23:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012/04/08 21:45:43 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/08 18:40:56 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012/02/12 20:30:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/15 13:50:51 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/02/12 20:30:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/10 22:12:21 | 000,442,124 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15190 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120218123111.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKU\S-1-5-21-3412074288-2600070759-2522700596-1005..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3412074288-2600070759-2522700596-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3412074288-2600070759-2522700596-1005..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-3412074288-2600070759-2522700596-1005..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3412074288-2600070759-2522700596-1005..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11f_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\TheGreatAndyGrady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Network USB Hub Control Center.lnk = C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe (Belkin International, Inc.)
O4 - Startup: C:\Users\TheGreatAndyGrady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\V CAST Media Monitor.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKU\S-1-5-21-3412074288-2600070759-2522700596-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3412074288-2600070759-2522700596-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49DC1599-79A3-411B-BDD4-2ED60B3759D2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{773DDC8F-DD42-49A2-87A9-3EE75FBA3F2A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/06/23 02:57:12 | 000,000,000 | ---D | M] - H:\autorun -- [ NTFS ]
O32 - AutoRun File - [2005/11/17 18:15:24 | 000,000,069 | -H-- | M] () - H:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{a91ee59e-ca9b-11df-bbf2-001b38f28199}\Shell - "" = AutoRun
O33 - MountPoints2\{a91ee59e-ca9b-11df-bbf2-001b38f28199}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2012/04/11 21:57:50 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\TheGreatAndyGrady\Desktop\OTL(1).exe
[2012/04/11 20:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/04/10 22:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/04/10 21:41:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/04/08 21:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/08 21:46:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/04/08 21:46:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/04/08 21:46:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/04/08 21:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/08 21:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/08 21:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/15 03:01:14 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/03/15 03:01:12 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/03/14 21:04:35 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/14 21:04:31 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/14 21:04:00 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/03/14 21:03:59 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/03/14 21:03:58 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/03/14 21:03:53 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012/03/14 21:03:53 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012/02/20 22:28:35 | 000,000,000 | ---D | C] -- C:\Users\TheGreatAndyGrady\AppData\Local\ElevatedDiagnostics
[2012/02/20 01:34:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/02/20 01:29:49 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\TheGreatAndyGrady\Desktop\ATF-Cleaner.exe
[2012/02/15 11:01:50 | 004,547,944 | ---- | C] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll
[2012/02/14 17:55:41 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/02/14 17:54:59 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/14 17:54:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/14 17:54:56 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/14 17:54:56 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/14 17:54:55 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/01/30 17:40:14 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/01/30 17:40:13 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/01/29 18:39:15 | 000,000,000 | ---D | C] -- C:\Users\TheGreatAndyGrady\Desktop\New folder
[2012/01/25 21:37:48 | 000,000,000 | R--D | C] -- C:\Users\TheGreatAndyGrady\Documents\Scanned Documents
[2012/01/25 21:37:47 | 000,000,000 | ---D | C] -- C:\Users\TheGreatAndyGrady\Documents\Fax

========== Files - Modified Within 90 Days ==========

[2012/04/11 21:58:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\TheGreatAndyGrady\Desktop\OTL(1).exe
[2012/04/11 20:02:28 | 000,001,788 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/04/10 22:12:21 | 000,442,124 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/08 22:13:17 | 000,017,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/08 22:13:17 | 000,017,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/08 21:45:40 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/04/08 21:45:40 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/04/08 21:45:39 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/04/08 21:45:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/04/08 21:10:03 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/29 23:09:01 | 000,634,538 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/29 23:09:01 | 000,111,130 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/29 23:06:43 | 000,039,936 | ---- | M] () -- C:\Users\TheGreatAndyGrady\Documents\DJ Mix KK.zdl
[2012/03/15 03:25:37 | 000,560,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/15 03:25:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/20 01:41:15 | 000,000,470 | ---- | M] () -- C:\Users\TheGreatAndyGrady\Documents\cc_20120220_004112.reg
[2012/02/20 01:40:43 | 000,086,406 | ---- | M] () -- C:\Users\TheGreatAndyGrady\Documents\cc_20120220_004022.reg
[2012/02/20 01:34:55 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/20 01:29:55 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\TheGreatAndyGrady\Desktop\ATF-Cleaner.exe
[2012/02/18 14:05:36 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/17 15:50:44 | 000,038,912 | ---- | M] () -- C:\Users\TheGreatAndyGrady\Documents\DJ Mix JJ.zdl
[2012/02/17 01:34:22 | 000,919,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012/02/17 01:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012/02/15 11:01:50 | 004,547,944 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll
[2012/02/10 01:38:43 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/02/02 23:54:27 | 002,343,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/01/28 17:16:44 | 000,052,404 | ---- | M] () -- C:\Users\TheGreatAndyGrady\Desktop\32209_118448178197901_103087936400592_98736_7970168_n.jpg
[2012/01/25 21:43:04 | 000,659,844 | ---- | M] () -- C:\Users\TheGreatAndyGrady\Desktop\2011BoutselisW2.jpeg
[2012/01/25 21:41:50 | 000,734,837 | ---- | M] () -- C:\Users\TheGreatAndyGrady\Desktop\2011Boutselis1098E.jpeg
[2012/01/25 01:32:35 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/01/25 01:32:34 | 000,129,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/01/25 01:27:51 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/01/20 00:35:52 | 000,039,424 | ---- | M] () -- C:\Users\TheGreatAndyGrady\Documents\DJ Mix II(Temp).zdl
[2012/01/19 23:37:23 | 000,268,568 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat

========== Files Created - No Company Name ==========

[2012/04/08 21:10:03 | 000,001,713 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/29 23:06:43 | 000,039,936 | ---- | C] () -- C:\Users\TheGreatAndyGrady\Documents\DJ Mix KK.zdl
[2012/03/05 19:24:29 | 000,002,029 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/03/05 19:24:29 | 000,001,052 | ---- | C] () -- C:\Users\TheGreatAndyGrady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\V CAST Media Monitor.lnk.disabled
[2012/02/20 01:41:14 | 000,000,470 | ---- | C] () -- C:\Users\TheGreatAndyGrady\Documents\cc_20120220_004112.reg
[2012/02/20 01:40:32 | 000,086,406 | ---- | C] () -- C:\Users\TheGreatAndyGrady\Documents\cc_20120220_004022.reg
[2012/02/18 14:06:23 | 000,001,227 | ---- | C] () -- C:\Users\TheGreatAndyGrady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Network USB Hub Control Center.lnk
[2012/02/17 15:50:43 | 000,038,912 | ---- | C] () -- C:\Users\TheGreatAndyGrady\Documents\DJ Mix JJ.zdl
[2012/01/28 17:16:34 | 000,052,404 | ---- | C] () -- C:\Users\TheGreatAndyGrady\Desktop\32209_118448178197901_103087936400592_98736_7970168_n.jpg
[2012/01/25 21:43:23 | 000,659,844 | ---- | C] () -- C:\Users\TheGreatAndyGrady\Desktop\2011BoutselisW2.jpeg
[2012/01/25 21:40:06 | 000,734,837 | ---- | C] () -- C:\Users\TheGreatAndyGrady\Desktop\2011Boutselis1098E.jpeg
[2012/01/20 00:35:52 | 000,039,424 | ---- | C] () -- C:\Users\TheGreatAndyGrady\Documents\DJ Mix II(Temp).zdl
[2011/11/08 22:59:48 | 000,268,568 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/09/13 22:47:36 | 000,007,650 | ---- | C] () -- C:\Users\TheGreatAndyGrady\AppData\Local\Resmon.ResmonCfg
[2011/06/23 00:11:40 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/23 00:10:09 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/06 23:14:39 | 000,005,120 | ---- | C] () -- C:\Users\TheGreatAndyGrady\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/18 20:21:47 | 000,202,420 | ---- | C] () -- C:\Windows\hpoins18.dat
[2011/02/18 20:21:47 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2010/11/30 17:37:48 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2010/05/18 18:37:55 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll

========== LOP Check ==========

[2010/05/19 19:35:32 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\acccore
[2011/02/18 17:56:08 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\ACD Systems
[2011/03/17 21:51:50 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\Avery
[2010/09/17 17:03:42 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\enchant
[2010/05/18 18:40:14 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\ESET
[2010/11/09 18:58:17 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\Foxit Software
[2010/12/28 23:48:54 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\ICAClient
[2011/09/12 21:42:26 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\NetMedia Providers
[2011/01/30 22:26:18 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\OpenOffice.org
[2010/07/29 21:56:01 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\Opera
[2011/09/12 21:42:26 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\Publish Providers
[2011/06/30 18:48:07 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\Replay Media Catcher 4
[2011/06/24 17:24:55 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\Smith Micro
[2011/11/05 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\Sony
[2011/01/08 23:18:16 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\TomTom
[2010/07/16 16:07:27 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\uTorrent
[2011/11/10 00:28:25 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2009/11/02 14:19:00 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2009/09/23 08:34:51 | 002,579,456 | ---- | M] (Microsoft Corporation) MD5=0C81EA51AEB0E47BBC749257EAC179C4 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/11/02 14:15:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/11/02 14:15:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009/11/02 14:22:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=AB59486E41610AB13B1555D7D585AE8F -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20548_none_705136794f3f8a98\winlogon.exe
[2009/11/02 14:22:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=B151128D1FEBF745BC7EFDE9FACB165A -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16440_none_6fbf975e36292016\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2010/11/20 04:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 10
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{49DC1599-79A3-411B-BDD4-2ED60B3759D2}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{773DDC8F-DD42-49A2-87A9-3EE75FBA3F2A}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2009/07/13 19:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 04 01 00 01 07 01 06 01 02 01 05 01 01 01 03 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2009/07/13 21:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/20 01:17:48 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/20 01:17:48 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/20 01:17:48 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/20 01:17:51 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/20 01:17:51 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/20 01:17:51 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2009/10/19 06:20:14 | 000,832,296 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2009/10/19 06:20:14 | 000,832,296 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2009/10/19 06:20:14 | 000,832,296 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2009/10/19 06:20:14 | 000,832,296 | ---- | M] (Opera Software)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/20 01:17:48 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/20 01:17:48 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/20 01:17:48 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/20 01:17:51 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/20 01:17:51 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/20 01:17:51 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2009/10/19 06:20:14 | 000,832,296 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2009/10/19 06:20:14 | 000,832,296 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2009/10/19 06:20:14 | 000,832,296 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2009/10/19 06:20:14 | 000,832,296 | ---- | M] (Opera Software)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: SEANLAPTOP2
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 System Rese NTFS Partition 100 MB Healthy System
Volume 2 C NTFS Partition 297 GB Healthy Boot
Volume 3 H My Book NTFS Partition 465 GB Healthy

========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Users\TheGreatAndyGrady\Desktop\2011BoutselisW2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\TheGreatAndyGrady\Desktop\2011Boutselis1098E.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >

OTL Extras logfile created on: 4/11/2012 10:01:10 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\TheGreatAndyGrady\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.02 Mb Total Physical Memory | 263.80 Mb Available Physical Memory | 26.02% Memory free
2.51 Gb Paging File | 0.76 Gb Available in Paging File | 30.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 199.07 Gb Free Space | 66.80% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 326.98 Gb Free Space | 70.20% Space Free | Partition Type: NTFS

Computer Name: SEANLAPTOP2 | User Name: TheGreatAndyGrady | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3412074288-2600070759-2522700596-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02FB3E48-4459-4986-BBE5-945B063B1E58}" = Help 2.0
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}" = Visual Studio C++ 9.0 Runtime
"{08DEC21F-F7E5-46F9-81D1-3ED30BD3AEC9}" = CASIO USB Driver V1.2.2474.0623
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{12F9942A-E85D-44A6-B054-0B3BC9009625}" = Opera 10.01
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Service Pack 1 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help
"{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6BF04C63-EAC0-4F19-9E88-9A745493E7BF}" = IconPackager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{B2460671-BD25-4C1C-ACB7-FBD4967365FE}" = Samsung_I500 1.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6916E4B-FD07-47E7-B906-B3F734F08E29}" = C4100
"{BB51F026-06AC-4F5D-B18C-4E99ED18E477}" = BlackBerry_9330 1.0
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C7D86D8E-8C33-4A42-B401-3BABDB4E91C7}" = VCAST Media Manager Update 1.0.0.1
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D86B6C32-49BD-4A02-9C43-14E497018498}" = Windows 7 Manager
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE47ADD1-B82B-4B52-AF29-76AE7EF4E19D}_is1" = Hard Disk Scrubber 3.3 (Remove Only)
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E7269FD6-34EA-4617-8752-6739AA384080}" = V CAST Media Manager
"{E97C937C-AE21-453D-86A0-A231507543D1}" = ACID Music Studio 8.0
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.22beta
"AbiWord2" = AbiWord 2.8.6
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AnalogX MaxMem" = AnalogX MaxMem
"Belkin Network USB Hub Control Center" = Belkin Network USB Hub Control Center
"CCleaner" = CCleaner
"CPU-Z" = CPU-Z
"Foxit Reader" = Foxit Reader
"Gpuz" = GPU-Z
"HDMI" = Intel® Graphics Media Accelerator Driver
"HDTune" = HDTune
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HPOCR" = OCR Software by I.R.I.S. 13.0
"HWMonitor" = HWMonitor
"IconPackager" = IconPackager
"InstallShield_{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.4.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSC" = McAfee SecurityCenter
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Ogg Codecs" = Ogg Codecs 0.81.15562
"PC Wizard" = PC Wizard
"Replay Media Catcher 4" = Replay Media Catcher 4 (4.2.8)
"Replay Media Catcher4" = Applian Director
"Replay Music3.98" = Replay Music
"Startup Control Panel" = Startup Control Panel
"Tansee iPhone Transfer_is1" = Tansee iPhone Transfer
"TomTom HOME" = TomTom HOME 2.8.3.2499
"TVWiz" = Intel® TV Wizard
"UltraISO_is1" = UltraISO Premium V9.35
"Unlocker" = Unlocker 1.8.8
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"Window Washer" = Window Washer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3412074288-2600070759-2522700596-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#4
boots789

boots789

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Here's the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-11 22:41:49
-----------------------------
22:41:49.381 OS Version: Windows 6.1.7601 Service Pack 1
22:41:49.381 Number of processors: 2 586 0xF0D
22:41:49.385 ComputerName: SEANLAPTOP2 UserName:
22:41:53.415 Initialize success
22:43:49.437 AVAST engine defs: 12041101
22:44:10.132 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
22:44:10.136 Disk 0 Vendor: ST9320423AS 0002SDM1 Size: 305245MB BusType: 11
22:44:10.190 Disk 0 MBR read successfully
22:44:10.194 Disk 0 MBR scan
22:44:10.355 Disk 0 Windows 7 default MBR code
22:44:10.379 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:44:10.393 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
22:44:10.403 Disk 0 scanning sectors +625139712
22:44:10.608 Disk 0 scanning C:\Windows\system32\drivers
22:44:32.607 Service scanning
22:45:02.687 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
22:45:12.276 Modules scanning
22:45:36.763 Disk 0 trace - called modules:
22:45:36.792 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x84d671f8]<<
22:45:36.801 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85bc2030]
22:45:36.810 3 CLASSPNP.SYS[87fb259e] -> nt!IofCallDriver -> [0x85ad8918]
22:45:36.819 5 ACPI.sys[877993d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x85ab8030]
22:45:36.829 \Driver\atapi[0x85aab8e8] -> IRP_MJ_CREATE -> 0x84d671f8
22:45:38.530 AVAST engine scan C:\Windows
22:45:41.898 AVAST engine scan C:\Windows\system32
22:51:44.705 AVAST engine scan C:\Windows\system32\drivers
22:52:25.662 AVAST engine scan C:\Users\TheGreatAndyGrady
23:10:45.358 AVAST engine scan C:\ProgramData
23:13:27.256 Scan finished successfully
23:14:31.180 Disk 0 MBR has been saved successfully to "C:\Users\TheGreatAndyGrady\Desktop\MBR.dat"
23:14:31.294 The log file has been saved successfully to "C:\Users\TheGreatAndyGrady\Desktop\aswMBR.txt"

Edited by boots789, 11 April 2012 - 09:14 PM.

  • 0

#5
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
P2P Warning!:

IMPORTANT I have noticed that there are signs of uTorrent P2P (Peer to Peer) File Sharing Program on your computer.

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
infoworld

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove this program, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep them, please do not use either of them until your computer is cleaned.


Step 1.

Please uninstall Viewpoint Media Player it is foistware and has several adware characteristics.

Please uninstall Webroot Washer it is confiicting with other tools.


Step 2.

We need to disable Spybot S&D's "TeaTimer".

TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can re-enable it when we're done if you like.

  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Mode and then on "Advanced Mode".
    Posted Image
  • You may be presented with a warning dialog. If so, press Yes.
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck these checkboxes:
    Posted Image
  • Close/Exit Spybot Search and Destroy.


Step 3.


We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    SRV - File not found [Auto | Stopped] -- C:\Windows\TEMP\030691~1.EXE -- (0306911329963561mcinstcleanup) McAfee Application Installer Cleanup (0306911329963561)
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.win7extreme.project-os.org
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.win7extreme.project-os.org
    FF - prefs.js..browser.search.defaultenginename: "Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "Secure Search"
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    [2010/07/16 16:07:27 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\uTorrent
    [2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
    
    @Alternate Data Stream - 168 bytes -> C:\Users\TheGreatAndyGrady\Desktop\2011BoutselisW2.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @Alternate Data Stream - 168 bytes -> C:\Users\TheGreatAndyGrady\Desktop\2011Boutselis1098E.jpeg:3or4kl4x13tuuug3Byamue2s4b
    
    
    
    :files
    ipconfig /flushdns /c
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 4.

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply


Step 5.

Clear Event Logs

  • Click the Start Orb
  • Right click on Computer and click on Manage
  • Click (Continue) on the UAC screen. The Computer Management window will come up.
    Posted Image
  • In the left side column of the window click the arrow beside Event Viewer. .
  • Click the arrow beside Windows Logs
  • Right click on Application and click Clear Log
  • Right click on System and click Clear Log
  • Close the Computer Management window and Reboot.


Step 6.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under Extra Registry select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    C:\windows\*. /RP /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 7.

Please Post:

OTL fix log
FSS.txt
OTL.txt
Extras.txt


Give me an update on how the computer is running
  • 0

#6
boots789

boots789

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Thanks for the help so far! I uninstalled the applications you listed and ran all scans. Here at the log files:

OTL logfile created on: 4/12/2012 8:43:51 PM - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\TheGreatAndyGrady\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.02 Mb Total Physical Memory | 434.04 Mb Available Physical Memory | 42.80% Memory free
1.99 Gb Paging File | 1.09 Gb Available in Paging File | 54.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 198.50 Gb Free Space | 66.61% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 326.98 Gb Free Space | 70.20% Space Free | Partition Type: NTFS

Computer Name: SEANLAPTOP2 | User Name: TheGreatAndyGrady | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/11 21:58:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\TheGreatAndyGrady\Desktop\OTL(1).exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/23 00:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/12/06 18:25:42 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011/12/06 18:21:24 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/12/06 18:21:08 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/11/22 18:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/09/06 03:08:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/07/13 21:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/09/28 02:34:58 | 000,790,651 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Windows\TEMP\030691~1.EXE -- (0306911329963561mcinstcleanup) McAfee Application Installer Cleanup (0306911329963561)
SRV - [2012/04/12 18:36:13 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/12/06 18:25:42 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/12/06 18:21:24 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/12/06 18:21:08 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/10/18 17:59:54 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/05/18 19:07:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/09/06 03:08:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmci.sys -- (vmci)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\vmaudio.sys -- (VMAUDIO) VMware VMaudio (VMAUDIO) (WDM)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\ntcdrdrv.sys -- (ntcdrdrv)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - [2011/10/15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/10/15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/15 13:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/10/15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/15 13:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/10/15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/10/15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/06/01 08:17:14 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\appliand.sys -- (appliandMP)
DRV - [2011/06/01 08:17:14 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appliand.sys -- (appliand)
DRV - [2011/05/18 09:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/11/20 08:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 08:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 06:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/18 18:37:03 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/10/26 03:33:39 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/10/21 16:47:48 | 000,011,440 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmmouse.sys -- (vmmouse)
DRV - [2009/10/21 16:46:54 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vm3dmp.sys -- (vm3dmp)
DRV - [2009/10/09 03:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/10/07 09:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Notebooks Deluxe(UVC)
DRV - [2009/10/07 09:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 09:46:14 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/09/28 11:27:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/09/22 11:40:48 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/08/21 08:48:12 | 000,027,136 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV - [2009/08/04 06:49:08 | 000,106,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iSSetup.sys -- (iSSetup)
DRV - [2009/07/26 18:00:00 | 000,047,448 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2009/07/26 18:00:00 | 000,044,064 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2009/07/13 18:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/07/04 12:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/07/02 02:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/06/30 13:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/06/25 10:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 10:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 10:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/04/20 14:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/01/18 00:14:20 | 000,037,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qd26032.sys -- (ioatdma) Intel®
DRV - [2008/01/18 00:14:14 | 000,036,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qd16032.sys -- (ioatdma1)
DRV - [2007/09/27 04:53:00 | 000,062,464 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sxuptp.sys -- (sxuptp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-3412074288-2600070759-2522700596-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3412074288-2600070759-2522700596-1005\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3412074288-2600070759-2522700596-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3412074288-2600070759-2522700596-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3412074288-2600070759-2522700596-1005\..\SearchScopes\{3B6B16B8-B530-42C5-8527-4589C4BDE69B}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKU\S-1-5-21-3412074288-2600070759-2522700596-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3412074288-2600070759-2522700596-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/18 20:31:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/28 19:11:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/04/12 20:42:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/10 21:44:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/10 21:44:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/18 20:31:15 | 000,000,000 | ---D | M]

[2011/01/08 23:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TheGreatAndyGrady\AppData\Roaming\mozilla\Extensions
[2011/01/08 23:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TheGreatAndyGrady\AppData\Roaming\mozilla\Extensions\[email protected]
[2010/05/19 18:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TheGreatAndyGrady\AppData\Roaming\mozilla\Firefox\Profiles\l390k2bb.default\extensions
[2012/04/08 21:46:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/08 21:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/04/12 20:42:45 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
[2012/02/28 19:11:27 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2012/03/20 01:17:51 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/13 23:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012/04/08 21:45:43 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/08 18:40:56 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012/02/12 20:30:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/12 20:31:28 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/02/12 20:30:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/12 20:24:47 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120218123111.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKU\S-1-5-21-3412074288-2600070759-2522700596-1005..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3412074288-2600070759-2522700596-1005..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\TheGreatAndyGrady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Network USB Hub Control Center.lnk = C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe (Belkin International, Inc.)
O4 - Startup: C:\Users\TheGreatAndyGrady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\V CAST Media Monitor.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKU\S-1-5-21-3412074288-2600070759-2522700596-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3412074288-2600070759-2522700596-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49DC1599-79A3-411B-BDD4-2ED60B3759D2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{773DDC8F-DD42-49A2-87A9-3EE75FBA3F2A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/06/23 02:57:12 | 000,000,000 | ---D | M] - H:\autorun -- [ NTFS ]
O32 - AutoRun File - [2005/11/17 18:15:24 | 000,000,069 | -H-- | M] () - H:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{a91ee59e-ca9b-11df-bbf2-001b38f28199}\Shell - "" = AutoRun
O33 - MountPoints2\{a91ee59e-ca9b-11df-bbf2-001b38f28199}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/12 20:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/04/12 20:28:54 | 000,000,000 | ---D | C] -- C:\Users\TheGreatAndyGrady\Desktop\Logs
[2012/04/12 20:24:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/12 18:11:50 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/12 03:02:51 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/12 03:02:50 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/11 21:57:50 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\TheGreatAndyGrady\Desktop\OTL(1).exe
[2012/04/11 05:21:39 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/04/11 05:21:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/11 05:21:32 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/11 05:21:32 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/11 05:21:30 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/10 22:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/04/08 21:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/08 21:46:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/04/08 21:46:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/04/08 21:46:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/04/08 21:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/08 21:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/08 21:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/14 21:04:35 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/14 21:04:31 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/14 21:04:00 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/03/14 21:03:59 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/03/14 21:03:58 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/03/14 21:03:53 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012/03/14 21:03:53 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll

========== Files - Modified Within 30 Days ==========

[2012/04/12 20:46:25 | 000,017,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/12 20:46:25 | 000,017,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/12 20:45:58 | 000,001,788 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/04/12 20:44:06 | 000,634,792 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/12 20:44:06 | 000,111,384 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/12 20:39:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/12 20:38:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/12 20:24:47 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/04/12 18:36:13 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/12 18:36:13 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/11 23:14:31 | 000,000,512 | ---- | M] () -- C:\Users\TheGreatAndyGrady\Desktop\MBR.dat
[2012/04/11 21:58:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\TheGreatAndyGrady\Desktop\OTL(1).exe
[2012/04/08 21:45:40 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/04/08 21:45:40 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/04/08 21:45:39 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/04/08 21:45:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/04/08 21:10:03 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/29 23:06:43 | 000,039,936 | ---- | M] () -- C:\Users\TheGreatAndyGrady\Documents\DJ Mix KK.zdl
[2012/03/15 03:25:37 | 000,560,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/04/12 18:11:54 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/11 23:14:31 | 000,000,512 | ---- | C] () -- C:\Users\TheGreatAndyGrady\Desktop\MBR.dat
[2012/04/08 21:10:03 | 000,001,713 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/29 23:06:43 | 000,039,936 | ---- | C] () -- C:\Users\TheGreatAndyGrady\Documents\DJ Mix KK.zdl
[2011/11/08 22:59:48 | 000,268,568 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/09/13 22:47:36 | 000,007,650 | ---- | C] () -- C:\Users\TheGreatAndyGrady\AppData\Local\Resmon.ResmonCfg
[2011/06/23 00:11:40 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/23 00:10:09 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/06 23:14:39 | 000,005,120 | ---- | C] () -- C:\Users\TheGreatAndyGrady\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/18 20:21:47 | 000,202,420 | ---- | C] () -- C:\Windows\hpoins18.dat
[2011/02/18 20:21:47 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2010/11/30 17:37:48 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2010/05/18 18:37:55 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll

========== LOP Check ==========

[2010/05/19 19:35:32 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\acccore
[2011/02/18 17:56:08 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\ACD Systems
[2011/03/17 21:51:50 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\Avery
[2010/09/17 17:03:42 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\enchant
[2010/05/18 18:40:14 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\ESET
[2010/11/09 18:58:17 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\Foxit Software
[2010/12/28 23:48:54 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\ICAClient
[2011/09/12 21:42:26 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\NetMedia Providers
[2011/01/30 22:26:18 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\OpenOffice.org
[2010/07/29 21:56:01 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\Opera
[2011/09/12 21:42:26 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\Publish Providers
[2011/06/30 18:48:07 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\Replay Media Catcher 4
[2011/06/24 17:24:55 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\Smith Micro
[2011/11/05 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\Sony
[2011/01/08 23:18:16 | 000,000,000 | ---D | M] -- C:\Users\TheGreatAndyGrady\AppData\Roaming\TomTom
[2011/11/10 00:28:25 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009/11/02 14:19:00 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2009/09/23 08:34:51 | 002,579,456 | ---- | M] (Microsoft Corporation) MD5=0C81EA51AEB0E47BBC749257EAC179C4 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/11/02 14:15:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/11/02 14:15:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009/11/02 14:22:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=AB59486E41610AB13B1555D7D585AE8F -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20548_none_705136794f3f8a98\winlogon.exe
[2009/11/02 14:22:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=B151128D1FEBF745BC7EFDE9FACB165A -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16440_none_6fbf975e36292016\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2010/11/20 04:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 10
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{49DC1599-79A3-411B-BDD4-2ED60B3759D2}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{773DDC8F-DD42-49A2-87A9-3EE75FBA3F2A}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2009/07/13 19:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 04 01 00 01 07 01 06 01 02 01 05 01 01 01 03 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2009/07/13 21:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/20 01:17:48 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/20 01:17:48 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/20 01:17:48 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/20 01:17:51 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/20 01:17:51 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/20 01:17:51 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2009/10/19 06:20:14 | 000,832,296 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2009/10/19 06:20:14 | 000,832,296 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2009/10/19 06:20:14 | 000,832,296 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2009/10/19 06:20:14 | 000,832,296 | ---- | M] (Opera Software)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/20 01:17:48 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/20 01:17:48 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/20 01:17:48 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/20 01:17:51 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/20 01:17:51 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/20 01:17:51 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2009/10/19 06:20:14 | 000,832,296 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2009/10/19 06:20:14 | 000,832,296 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2009/10/19 06:20:14 | 000,832,296 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2009/10/19 06:20:14 | 000,832,296 | ---- | M] (Opera Software)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< C:\windows\*. /RP /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: SEANLAPTOP2
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 System Rese NTFS Partition 100 MB Healthy System
Volume 2 C NTFS Partition 297 GB Healthy Boot
Volume 3 H My Book NTFS Partition 465 GB Healthy

< End of report >


OTL Extras logfile created on: 4/12/2012 8:43:51 PM - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\TheGreatAndyGrady\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.02 Mb Total Physical Memory | 434.04 Mb Available Physical Memory | 42.80% Memory free
1.99 Gb Paging File | 1.09 Gb Available in Paging File | 54.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 198.50 Gb Free Space | 66.61% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 326.98 Gb Free Space | 70.20% Space Free | Partition Type: NTFS

Computer Name: SEANLAPTOP2 | User Name: TheGreatAndyGrady | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3412074288-2600070759-2522700596-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02FB3E48-4459-4986-BBE5-945B063B1E58}" = Help 2.0
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}" = Visual Studio C++ 9.0 Runtime
"{08DEC21F-F7E5-46F9-81D1-3ED30BD3AEC9}" = CASIO USB Driver V1.2.2474.0623
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{12F9942A-E85D-44A6-B054-0B3BC9009625}" = Opera 10.01
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Service Pack 1 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help
"{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6BF04C63-EAC0-4F19-9E88-9A745493E7BF}" = IconPackager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{B2460671-BD25-4C1C-ACB7-FBD4967365FE}" = Samsung_I500 1.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6916E4B-FD07-47E7-B906-B3F734F08E29}" = C4100
"{BB51F026-06AC-4F5D-B18C-4E99ED18E477}" = BlackBerry_9330 1.0
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C7D86D8E-8C33-4A42-B401-3BABDB4E91C7}" = VCAST Media Manager Update 1.0.0.1
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D86B6C32-49BD-4A02-9C43-14E497018498}" = Windows 7 Manager
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE47ADD1-B82B-4B52-AF29-76AE7EF4E19D}_is1" = Hard Disk Scrubber 3.3 (Remove Only)
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E7269FD6-34EA-4617-8752-6739AA384080}" = V CAST Media Manager
"{E97C937C-AE21-453D-86A0-A231507543D1}" = ACID Music Studio 8.0
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.22beta
"AbiWord2" = AbiWord 2.8.6
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AnalogX MaxMem" = AnalogX MaxMem
"Belkin Network USB Hub Control Center" = Belkin Network USB Hub Control Center
"CCleaner" = CCleaner
"CPU-Z" = CPU-Z
"Foxit Reader" = Foxit Reader
"Gpuz" = GPU-Z
"HDMI" = Intel® Graphics Media Accelerator Driver
"HDTune" = HDTune
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HPOCR" = OCR Software by I.R.I.S. 13.0
"HWMonitor" = HWMonitor
"IconPackager" = IconPackager
"InstallShield_{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.4.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSC" = McAfee SecurityCenter
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Ogg Codecs" = Ogg Codecs 0.81.15562
"PC Wizard" = PC Wizard
"Replay Media Catcher 4" = Replay Media Catcher 4 (4.2.8)
"Replay Media Catcher4" = Applian Director
"Replay Music3.98" = Replay Music
"Startup Control Panel" = Startup Control Panel
"Tansee iPhone Transfer_is1" = Tansee iPhone Transfer
"TomTom HOME" = TomTom HOME 2.8.3.2499
"TVWiz" = Intel® TV Wizard
"UltraISO_is1" = UltraISO Premium V9.35
"Unlocker" = Unlocker 1.8.8

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3412074288-2600070759-2522700596-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Media Center Events ]
Error - 12/14/2011 7:19:11 PM | Computer Name = SeanLaptop2 | Source = MCUpdate | ID = 0
Description = 6:19:07 PM - Error connecting to the internet. 6:19:07 PM - Unable
to contact server..

Error - 12/15/2011 7:07:24 AM | Computer Name = SeanLaptop2 | Source = MCUpdate | ID = 0
Description = 6:07:24 AM - Error connecting to the internet. 6:07:24 AM - Unable
to contact server..

Error - 12/15/2011 7:07:34 AM | Computer Name = SeanLaptop2 | Source = MCUpdate | ID = 0
Description = 6:07:29 AM - Error connecting to the internet. 6:07:29 AM - Unable
to contact server..

Error - 12/15/2011 7:47:23 PM | Computer Name = SeanLaptop2 | Source = MCUpdate | ID = 0
Description = 6:47:22 PM - Error connecting to the internet. 6:47:23 PM - Unable
to contact server..

Error - 12/15/2011 7:47:33 PM | Computer Name = SeanLaptop2 | Source = MCUpdate | ID = 0
Description = 6:47:28 PM - Error connecting to the internet. 6:47:28 PM - Unable
to contact server..

Error - 12/16/2011 7:16:21 AM | Computer Name = SeanLaptop2 | Source = MCUpdate | ID = 0
Description = 6:16:21 AM - Error connecting to the internet. 6:16:21 AM - Unable
to contact server..

Error - 12/16/2011 7:16:31 AM | Computer Name = SeanLaptop2 | Source = MCUpdate | ID = 0
Description = 6:16:26 AM - Error connecting to the internet. 6:16:26 AM - Unable
to contact server..

Error - 12/16/2011 7:26:04 PM | Computer Name = SeanLaptop2 | Source = MCUpdate | ID = 0
Description = 6:26:04 PM - Error connecting to the internet. 6:26:04 PM - Unable
to contact server..

Error - 12/16/2011 7:26:14 PM | Computer Name = SeanLaptop2 | Source = MCUpdate | ID = 0
Description = 6:26:09 PM - Error connecting to the internet. 6:26:09 PM - Unable
to contact server..

Error - 12/17/2011 7:17:00 AM | Computer Name = SeanLaptop2 | Source = MCUpdate | ID = 0
Description = 6:16:55 AM - Error connecting to the internet. 6:16:55 AM - Unable
to contact server..

[ System Events ]
Error - 4/12/2012 8:39:18 PM | Computer Name = SeanLaptop2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ntcdrdrv


< End of report >


All processes killed
========== OTL ==========
Error: No service named 0306911329963561mcinstcleanup) McAfee Application Installer Cleanup (0306911329963561 was found to stop!
Service\Driver key 0306911329963561mcinstcleanup) McAfee Application Installer Cleanup (0306911329963561 not found.
File C:\Windows\TEMP\030691~1.EXE not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Secure Search" removed from browser.search.defaultenginename
Prefs.js: "Secure Search" removed from browser.search.selectedEngine
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ not found.
File C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll not found.
Folder C:\Users\TheGreatAndyGrady\AppData\Roaming\uTorrent\ not found.
C:\install.exe moved successfully.
ADS C:\Users\TheGreatAndyGrady\Desktop\2011BoutselisW2.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\TheGreatAndyGrady\Desktop\2011Boutselis1098E.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\TheGreatAndyGrady\Desktop\cmd.bat deleted successfully.
C:\Users\TheGreatAndyGrady\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: TheGreatAndyGrady
->Temp folder emptied: 54660520 bytes
->Temporary Internet Files folder emptied: 12673739 bytes
->Java cache emptied: 4756754 bytes
->FireFox cache emptied: 44200065 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 3850866 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10622434 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 125.00 mb



OTL by OldTimer - Version 3.2.39.2 log created on 04122012_202433

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Farbar Service Scanner Version: 01-03-2012
Ran by TheGreatAndyGrady (administrator) on 12-04-2012 at 20:33:59
Running from "C:\Users\TheGreatAndyGrady\Downloads"
Microsoft Windows 7 Extreme Edition R1 Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#7
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Give me an update on how the computer is running
  • 0

#8
boots789

boots789

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Applications are not freezing, but internet connection still seems problematic, especially when trying to stream video or download files. Per usual, if I access the internet from other computers on our network, I don't have any issues. I'm also using a hard-wired LAN connection for this computer, while all of the others are accessing the network via wireless, so I would expect the connection speed on this computer to be significantly faster...

System also gets bogged down pretty easily - seems like physical memory usage is pretty high, although I'm sure that could be attributed to McAfee.

Thanks!
  • 0

#9
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Thanks will prepare fix accordingly.

CompCav
  • 0

#10
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    SRV - File not found [Auto | Stopped] -- C:\Windows\TEMP\030691~1.EXE -- (0306911329963561mcinstcleanup) McAfee Application Installer Cleanup (0306911329963561)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{a91ee59e-ca9b-11df-bbf2-001b38f28199}\Shell - "" = AutoRun
    O33 - MountPoints2\{a91ee59e-ca9b-11df-bbf2-001b38f28199}\Shell\AutoRun\command - "" = E:\setup.exe -a
    
    
    :files
    ipconfig /flushdns /c
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 2.

1. Open the Start Menu.

2. Click on All Programs and Accessories, then right click on Command Prompt and click on Run as administrator. (See screenshot below)
Posted Image

3. In the elevated command prompt, type sfc /scannow and press Enter. (see screenshot below)
NOTE: This may take a little bit to finish.
Posted Image

4. When the scan is complete, copy the line below and paste it at the command prompt. Then press Enter

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >%userprofile%\Desktop\sfcdetails.txt


5. The file sfcdetails.txt will now be on your desktop. Please open it , Edit | select all | copy and paste it in your next reply.


Step 3.

Please post:

OTL.txt
safcdetails.txt


Give me an update on the computer issues, especially internet issues
  • 0

Advertisements


#11
boots789

boots789

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
All processes killed
========== OTL ==========
Error: No service named 0306911329963561mcinstcleanup) McAfee Application Installer Cleanup (0306911329963561 was found to stop!
Service\Driver key 0306911329963561mcinstcleanup) McAfee Application Installer Cleanup (0306911329963561 not found.
File C:\Windows\TEMP\030691~1.EXE not found.
Error: No service named mfeavfk01 was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mfeavfk01 deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a91ee59e-ca9b-11df-bbf2-001b38f28199}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a91ee59e-ca9b-11df-bbf2-001b38f28199}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a91ee59e-ca9b-11df-bbf2-001b38f28199}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a91ee59e-ca9b-11df-bbf2-001b38f28199}\ not found.
File E:\setup.exe -a not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\TheGreatAndyGrady\Desktop\cmd.bat deleted successfully.
C:\Users\TheGreatAndyGrady\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: TheGreatAndyGrady
->Temp folder emptied: 1592 bytes
->Temporary Internet Files folder emptied: 238036 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49181721 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 790 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16229 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 47.00 mb



OTL by OldTimer - Version 3.2.39.2 log created on 04132012_194130

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


2012-04-13 19:46:50, Info CSI 00000009 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:46:50, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2012-04-13 19:46:58, Info CSI 0000000c [SR] Verify complete
2012-04-13 19:46:58, Info CSI 0000000d [SR] Verifying 100 (0x00000064) components
2012-04-13 19:46:58, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2012-04-13 19:47:04, Info CSI 00000010 [SR] Verify complete
2012-04-13 19:47:05, Info CSI 00000011 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:47:05, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2012-04-13 19:47:13, Info CSI 00000014 [SR] Verify complete
2012-04-13 19:47:14, Info CSI 00000015 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:47:14, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2012-04-13 19:47:18, Info CSI 00000018 [SR] Verify complete
2012-04-13 19:47:19, Info CSI 00000019 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:47:19, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2012-04-13 19:47:23, Info CSI 0000001c [SR] Verify complete
2012-04-13 19:47:24, Info CSI 0000001d [SR] Verifying 100 (0x00000064) components
2012-04-13 19:47:24, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2012-04-13 19:47:29, Info CSI 00000020 [SR] Verify complete
2012-04-13 19:47:30, Info CSI 00000021 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:47:30, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2012-04-13 19:47:39, Info CSI 00000024 [SR] Verify complete
2012-04-13 19:47:40, Info CSI 00000025 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:47:40, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2012-04-13 19:47:44, Info CSI 00000028 [SR] Verify complete
2012-04-13 19:47:44, Info CSI 00000029 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:47:44, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2012-04-13 19:47:52, Info CSI 0000002c [SR] Verify complete
2012-04-13 19:47:53, Info CSI 0000002d [SR] Verifying 100 (0x00000064) components
2012-04-13 19:47:53, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2012-04-13 19:47:55, Info CSI 00000030 [SR] Verify complete
2012-04-13 19:47:56, Info CSI 00000031 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:47:56, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2012-04-13 19:47:57, Info CSI 00000034 [SR] Verify complete
2012-04-13 19:47:58, Info CSI 00000035 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:47:58, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2012-04-13 19:48:06, Info CSI 00000038 [SR] Verify complete
2012-04-13 19:48:06, Info CSI 00000039 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:48:06, Info CSI 0000003a [SR] Beginning Verify and Repair transaction
2012-04-13 19:48:19, Info CSI 0000003d [SR] Repairing corrupted file [ml:520{260},l:74{37}]"\??\C:\Windows\Branding\Basebrd\en-US"\[l:30{15}]"basebrd.dll.mui" from store
2012-04-13 19:48:20, Info CSI 00000040 [SR] Verify complete
2012-04-13 19:48:20, Info CSI 00000041 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:48:20, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2012-04-13 19:48:30, Info CSI 00000044 [SR] Repairing corrupted file [ml:520{260},l:62{31}]"\??\C:\Windows\Branding\Basebrd"\[l:22{11}]"basebrd.dll" from store
2012-04-13 19:48:33, Info CSI 00000047 [SR] Verify complete
2012-04-13 19:48:33, Info CSI 00000048 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:48:33, Info CSI 00000049 [SR] Beginning Verify and Repair transaction
2012-04-13 19:48:40, Info CSI 0000004c [SR] Verify complete
2012-04-13 19:48:40, Info CSI 0000004d [SR] Verifying 100 (0x00000064) components
2012-04-13 19:48:40, Info CSI 0000004e [SR] Beginning Verify and Repair transaction
2012-04-13 19:48:48, Info CSI 00000052 [SR] Verify complete
2012-04-13 19:48:48, Info CSI 00000053 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:48:48, Info CSI 00000054 [SR] Beginning Verify and Repair transaction
2012-04-13 19:48:59, Info CSI 0000005e [SR] Verify complete
2012-04-13 19:48:59, Info CSI 0000005f [SR] Verifying 100 (0x00000064) components
2012-04-13 19:48:59, Info CSI 00000060 [SR] Beginning Verify and Repair transaction
2012-04-13 19:49:09, Info CSI 00000062 [SR] Verify complete
2012-04-13 19:49:10, Info CSI 00000063 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:49:10, Info CSI 00000064 [SR] Beginning Verify and Repair transaction
2012-04-13 19:49:17, Info CSI 00000066 [SR] Verify complete
2012-04-13 19:49:18, Info CSI 00000067 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:49:18, Info CSI 00000068 [SR] Beginning Verify and Repair transaction
2012-04-13 19:49:24, Info CSI 0000006a [SR] Verify complete
2012-04-13 19:49:25, Info CSI 0000006b [SR] Verifying 100 (0x00000064) components
2012-04-13 19:49:25, Info CSI 0000006c [SR] Beginning Verify and Repair transaction
2012-04-13 19:49:31, Info CSI 0000006e [SR] Verify complete
2012-04-13 19:49:32, Info CSI 0000006f [SR] Verifying 100 (0x00000064) components
2012-04-13 19:49:32, Info CSI 00000070 [SR] Beginning Verify and Repair transaction
2012-04-13 19:49:38, Info CSI 00000072 [SR] Verify complete
2012-04-13 19:49:39, Info CSI 00000073 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:49:39, Info CSI 00000074 [SR] Beginning Verify and Repair transaction
2012-04-13 19:49:55, Info CSI 00000078 [SR] Verify complete
2012-04-13 19:49:56, Info CSI 00000079 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:49:56, Info CSI 0000007a [SR] Beginning Verify and Repair transaction
2012-04-13 19:50:08, Info CSI 0000007c [SR] Verify complete
2012-04-13 19:50:09, Info CSI 0000007d [SR] Verifying 100 (0x00000064) components
2012-04-13 19:50:09, Info CSI 0000007e [SR] Beginning Verify and Repair transaction
2012-04-13 19:50:42, Info CSI 00000080 [SR] Verify complete
2012-04-13 19:50:43, Info CSI 00000081 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:50:43, Info CSI 00000082 [SR] Beginning Verify and Repair transaction
2012-04-13 19:51:01, Info CSI 00000084 [SR] Verify complete
2012-04-13 19:51:02, Info CSI 00000085 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:51:02, Info CSI 00000086 [SR] Beginning Verify and Repair transaction
2012-04-13 19:51:06, Info CSI 00000088 [SR] Verify complete
2012-04-13 19:51:06, Info CSI 00000089 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:51:06, Info CSI 0000008a [SR] Beginning Verify and Repair transaction
2012-04-13 19:51:09, Info CSI 0000008c [SR] Verify complete
2012-04-13 19:51:10, Info CSI 0000008d [SR] Verifying 100 (0x00000064) components
2012-04-13 19:51:10, Info CSI 0000008e [SR] Beginning Verify and Repair transaction
2012-04-13 19:51:11, Info CSI 00000090 [SR] Verify complete
2012-04-13 19:51:12, Info CSI 00000091 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:51:12, Info CSI 00000092 [SR] Beginning Verify and Repair transaction
2012-04-13 19:51:23, Info CSI 0000009b [SR] Verify complete
2012-04-13 19:51:24, Info CSI 0000009c [SR] Verifying 100 (0x00000064) components
2012-04-13 19:51:24, Info CSI 0000009d [SR] Beginning Verify and Repair transaction
2012-04-13 19:51:33, Info CSI 000000b4 [SR] Verify complete
2012-04-13 19:51:33, Info CSI 000000b5 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:51:33, Info CSI 000000b6 [SR] Beginning Verify and Repair transaction
2012-04-13 19:51:36, Info CSI 000000b8 [SR] Verify complete
2012-04-13 19:51:36, Info CSI 000000b9 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:51:36, Info CSI 000000ba [SR] Beginning Verify and Repair transaction
2012-04-13 19:51:41, Info CSI 000000bc [SR] Verify complete
2012-04-13 19:51:41, Info CSI 000000bd [SR] Verifying 100 (0x00000064) components
2012-04-13 19:51:41, Info CSI 000000be [SR] Beginning Verify and Repair transaction
2012-04-13 19:51:45, Info CSI 000000c0 [SR] Verify complete
2012-04-13 19:51:46, Info CSI 000000c1 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:51:46, Info CSI 000000c2 [SR] Beginning Verify and Repair transaction
2012-04-13 19:51:55, Info CSI 000000c4 [SR] Verify complete
2012-04-13 19:51:56, Info CSI 000000c5 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:51:56, Info CSI 000000c6 [SR] Beginning Verify and Repair transaction
2012-04-13 19:52:04, Info CSI 000000c8 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"imageres.dll" from store
2012-04-13 19:52:06, Info CSI 000000ca [SR] Verify complete
2012-04-13 19:52:07, Info CSI 000000cb [SR] Verifying 100 (0x00000064) components
2012-04-13 19:52:07, Info CSI 000000cc [SR] Beginning Verify and Repair transaction
2012-04-13 19:52:11, Info CSI 000000ce [SR] Verify complete
2012-04-13 19:52:11, Info CSI 000000cf [SR] Verifying 100 (0x00000064) components
2012-04-13 19:52:11, Info CSI 000000d0 [SR] Beginning Verify and Repair transaction
2012-04-13 19:52:14, Info CSI 000000d2 [SR] Verify complete
2012-04-13 19:52:15, Info CSI 000000d3 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:52:15, Info CSI 000000d4 [SR] Beginning Verify and Repair transaction
2012-04-13 19:52:23, Info CSI 000000d6 [SR] Verify complete
2012-04-13 19:52:23, Info CSI 000000d7 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:52:23, Info CSI 000000d8 [SR] Beginning Verify and Repair transaction
2012-04-13 19:52:33, Info CSI 000000da [SR] Verify complete
2012-04-13 19:52:34, Info CSI 000000db [SR] Verifying 100 (0x00000064) components
2012-04-13 19:52:34, Info CSI 000000dc [SR] Beginning Verify and Repair transaction
2012-04-13 19:52:41, Info CSI 000000de [SR] Verify complete
2012-04-13 19:52:42, Info CSI 000000df [SR] Verifying 100 (0x00000064) components
2012-04-13 19:52:42, Info CSI 000000e0 [SR] Beginning Verify and Repair transaction
2012-04-13 19:52:56, Info CSI 000000f5 [SR] Verify complete
2012-04-13 19:52:57, Info CSI 000000f6 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:52:57, Info CSI 000000f7 [SR] Beginning Verify and Repair transaction
2012-04-13 19:53:06, Info CSI 0000010a [SR] Verify complete
2012-04-13 19:53:07, Info CSI 0000010b [SR] Verifying 100 (0x00000064) components
2012-04-13 19:53:07, Info CSI 0000010c [SR] Beginning Verify and Repair transaction
2012-04-13 19:53:17, Info CSI 0000010e [SR] Verify complete
2012-04-13 19:53:18, Info CSI 0000010f [SR] Verifying 100 (0x00000064) components
2012-04-13 19:53:18, Info CSI 00000110 [SR] Beginning Verify and Repair transaction
2012-04-13 19:53:52, Info CSI 00000112 [SR] Verify complete
2012-04-13 19:53:53, Info CSI 00000113 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:53:53, Info CSI 00000114 [SR] Beginning Verify and Repair transaction
2012-04-13 19:54:11, Info CSI 00000117 [SR] Verify complete
2012-04-13 19:54:12, Info CSI 00000118 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:54:12, Info CSI 00000119 [SR] Beginning Verify and Repair transaction
2012-04-13 19:54:28, Info CSI 0000011b [SR] Verify complete
2012-04-13 19:54:28, Info CSI 0000011c [SR] Verifying 100 (0x00000064) components
2012-04-13 19:54:28, Info CSI 0000011d [SR] Beginning Verify and Repair transaction
2012-04-13 19:54:34, Info CSI 0000011f [SR] Verify complete
2012-04-13 19:54:34, Info CSI 00000120 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:54:34, Info CSI 00000121 [SR] Beginning Verify and Repair transaction
2012-04-13 19:54:42, Info CSI 00000123 [SR] Verify complete
2012-04-13 19:54:42, Info CSI 00000124 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:54:42, Info CSI 00000125 [SR] Beginning Verify and Repair transaction
2012-04-13 19:54:47, Info CSI 00000127 [SR] Verify complete
2012-04-13 19:54:48, Info CSI 00000128 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:54:48, Info CSI 00000129 [SR] Beginning Verify and Repair transaction
2012-04-13 19:54:53, Info CSI 0000012c [SR] Verify complete
2012-04-13 19:54:53, Info CSI 0000012d [SR] Verifying 100 (0x00000064) components
2012-04-13 19:54:53, Info CSI 0000012e [SR] Beginning Verify and Repair transaction
2012-04-13 19:55:11, Info CSI 00000130 [SR] Verify complete
2012-04-13 19:55:12, Info CSI 00000131 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:55:12, Info CSI 00000132 [SR] Beginning Verify and Repair transaction
2012-04-13 19:55:12, Info CSI 00000134 [SR] Cannot repair member file [l:32{16}]"W32UIRes.dll.mui" of Microsoft-Windows-Setup-Component.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:55:15, Info CSI 00000136 [SR] Cannot repair member file [l:32{16}]"spwizres.dll.mui" of Microsoft-Windows-Setup-Navigation-Wizard-Framework.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:55:18, Info CSI 00000138 [SR] Cannot repair member file [l:32{16}]"W32UIRes.dll.mui" of Microsoft-Windows-Setup-Component.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:55:18, Info CSI 00000139 [SR] This component was referenced by [l:262{131}]"Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.1.7601.17514.Windows Foundation Language Pack"
2012-04-13 19:55:18, Info CSI 0000013c [SR] Could not reproject corrupted file [ml:520{260},l:68{34}]"\??\C:\Windows\System32\oobe\en-US"\[l:32{16}]"W32UIRes.dll.mui"; source file in store is also corrupted
2012-04-13 19:55:21, Info CSI 0000013e [SR] Cannot repair member file [l:32{16}]"spwizres.dll.mui" of Microsoft-Windows-Setup-Navigation-Wizard-Framework.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:55:21, Info CSI 0000013f [SR] This component was referenced by [l:262{131}]"Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.1.7601.17514.Windows Foundation Language Pack"
2012-04-13 19:55:21, Info CSI 00000142 [SR] Could not reproject corrupted file [ml:520{260},l:58{29}]"\??\C:\Windows\System32\en-US"\[l:32{16}]"spwizres.dll.mui"; source file in store is also corrupted
2012-04-13 19:55:24, Info CSI 00000144 [SR] Verify complete
2012-04-13 19:55:25, Info CSI 00000145 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:55:25, Info CSI 00000146 [SR] Beginning Verify and Repair transaction
2012-04-13 19:55:27, Info CSI 00000148 [SR] Cannot repair member file [l:24{12}]"spwizimg.dll" of Microsoft-Windows-Setup-Navigation-Wizard-Framework, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:55:34, Info CSI 0000014b [SR] Cannot repair member file [l:24{12}]"spwizimg.dll" of Microsoft-Windows-Setup-Navigation-Wizard-Framework, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:55:34, Info CSI 0000014c [SR] This component was referenced by [l:198{99}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.WindowsFoundationDelivery"
2012-04-13 19:55:34, Info CSI 0000014f [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"spwizimg.dll"; source file in store is also corrupted
2012-04-13 19:55:35, Info CSI 00000151 [SR] Verify complete
2012-04-13 19:55:36, Info CSI 00000152 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:55:36, Info CSI 00000153 [SR] Beginning Verify and Repair transaction
2012-04-13 19:55:41, Info CSI 00000155 [SR] Verify complete
2012-04-13 19:55:42, Info CSI 00000156 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:55:42, Info CSI 00000157 [SR] Beginning Verify and Repair transaction
2012-04-13 19:55:47, Info CSI 00000159 [SR] Cannot repair member file [l:24{12}]"W32UIRes.dll" of Microsoft-Windows-Setup-Component, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:55:49, Info CSI 0000015b [SR] Cannot repair member file [l:24{12}]"W32UIRes.dll" of Microsoft-Windows-Setup-Component, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:55:49, Info CSI 0000015c [SR] This component was referenced by [l:198{99}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.WindowsFoundationDelivery"
2012-04-13 19:55:49, Info CSI 0000015f [SR] Could not reproject corrupted file [ml:520{260},l:56{28}]"\??\C:\Windows\System32\oobe"\[l:24{12}]"W32UIRes.dll"; source file in store is also corrupted
2012-04-13 19:55:50, Info CSI 00000161 [SR] Verify complete
2012-04-13 19:55:50, Info CSI 00000162 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:55:50, Info CSI 00000163 [SR] Beginning Verify and Repair transaction
2012-04-13 19:56:01, Info CSI 00000166 [SR] Verify complete
2012-04-13 19:56:02, Info CSI 00000167 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:56:02, Info CSI 00000168 [SR] Beginning Verify and Repair transaction
2012-04-13 19:56:08, Info CSI 0000016a [SR] Verify complete
2012-04-13 19:56:08, Info CSI 0000016b [SR] Verifying 100 (0x00000064) components
2012-04-13 19:56:08, Info CSI 0000016c [SR] Beginning Verify and Repair transaction
2012-04-13 19:56:15, Info CSI 0000016e [SR] Verify complete
2012-04-13 19:56:16, Info CSI 0000016f [SR] Verifying 100 (0x00000064) components
2012-04-13 19:56:16, Info CSI 00000170 [SR] Beginning Verify and Repair transaction
2012-04-13 19:56:24, Info CSI 00000172 [SR] Verify complete
2012-04-13 19:56:24, Info CSI 00000173 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:56:24, Info CSI 00000174 [SR] Beginning Verify and Repair transaction
2012-04-13 19:56:32, Info CSI 00000177 [SR] Verify complete
2012-04-13 19:56:32, Info CSI 00000178 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:56:32, Info CSI 00000179 [SR] Beginning Verify and Repair transaction
2012-04-13 19:56:38, Info CSI 0000017b [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:32{16}]"themeservice.dll" from store
2012-04-13 19:56:38, Info CSI 0000017d [SR] Verify complete
2012-04-13 19:56:39, Info CSI 0000017e [SR] Verifying 100 (0x00000064) components
2012-04-13 19:56:39, Info CSI 0000017f [SR] Beginning Verify and Repair transaction
2012-04-13 19:56:43, Info CSI 00000181 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:22{11}]"uxtheme.dll" from store
2012-04-13 19:56:45, Info CSI 00000183 [SR] Verify complete
2012-04-13 19:56:45, Info CSI 00000184 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:56:45, Info CSI 00000185 [SR] Beginning Verify and Repair transaction
2012-04-13 19:56:50, Info CSI 00000187 [SR] Verify complete
2012-04-13 19:56:51, Info CSI 00000188 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:56:51, Info CSI 00000189 [SR] Beginning Verify and Repair transaction
2012-04-13 19:56:54, Info CSI 0000018b [SR] Verify complete
2012-04-13 19:56:54, Info CSI 0000018c [SR] Verifying 100 (0x00000064) components
2012-04-13 19:56:54, Info CSI 0000018d [SR] Beginning Verify and Repair transaction
2012-04-13 19:57:00, Info CSI 0000018f [SR] Verify complete
2012-04-13 19:57:01, Info CSI 00000190 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:57:01, Info CSI 00000191 [SR] Beginning Verify and Repair transaction
2012-04-13 19:57:08, Info CSI 00000194 [SR] Verify complete
2012-04-13 19:57:09, Info CSI 00000195 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:57:09, Info CSI 00000196 [SR] Beginning Verify and Repair transaction
2012-04-13 19:57:16, Info CSI 00000198 [SR] Verify complete
2012-04-13 19:57:16, Info CSI 00000199 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:57:16, Info CSI 0000019a [SR] Beginning Verify and Repair transaction
2012-04-13 19:57:24, Info CSI 0000019c [SR] Verify complete
2012-04-13 19:57:25, Info CSI 0000019d [SR] Verifying 100 (0x00000064) components
2012-04-13 19:57:25, Info CSI 0000019e [SR] Beginning Verify and Repair transaction
2012-04-13 19:57:33, Info CSI 000001a0 [SR] Verify complete
2012-04-13 19:57:33, Info CSI 000001a1 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:57:33, Info CSI 000001a2 [SR] Beginning Verify and Repair transaction
2012-04-13 19:57:41, Info CSI 000001a4 [SR] Verify complete
2012-04-13 19:57:41, Info CSI 000001a5 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:57:41, Info CSI 000001a6 [SR] Beginning Verify and Repair transaction
2012-04-13 19:57:45, Info CSI 000001a8 [SR] Verify complete
2012-04-13 19:57:45, Info CSI 000001a9 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:57:45, Info CSI 000001aa [SR] Beginning Verify and Repair transaction
2012-04-13 19:57:50, Info CSI 000001ac [SR] Verify complete
2012-04-13 19:57:50, Info CSI 000001ad [SR] Verifying 100 (0x00000064) components
2012-04-13 19:57:50, Info CSI 000001ae [SR] Beginning Verify and Repair transaction
2012-04-13 19:57:53, Info CSI 000001b0 [SR] Verify complete
2012-04-13 19:57:54, Info CSI 000001b1 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:57:54, Info CSI 000001b2 [SR] Beginning Verify and Repair transaction
2012-04-13 19:57:59, Info CSI 000001b4 [SR] Verify complete
2012-04-13 19:58:00, Info CSI 000001b5 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:58:00, Info CSI 000001b6 [SR] Beginning Verify and Repair transaction
2012-04-13 19:58:04, Info CSI 000001b8 [SR] Verify complete
2012-04-13 19:58:04, Info CSI 000001b9 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:58:04, Info CSI 000001ba [SR] Beginning Verify and Repair transaction
2012-04-13 19:58:08, Info CSI 000001bc [SR] Verify complete
2012-04-13 19:58:08, Info CSI 000001bd [SR] Verifying 100 (0x00000064) components
2012-04-13 19:58:08, Info CSI 000001be [SR] Beginning Verify and Repair transaction
2012-04-13 19:58:18, Info CSI 000001c0 [SR] Verify complete
2012-04-13 19:58:18, Info CSI 000001c1 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:58:18, Info CSI 000001c2 [SR] Beginning Verify and Repair transaction
2012-04-13 19:58:42, Info CSI 000001c4 [SR] Verify complete
2012-04-13 19:58:43, Info CSI 000001c5 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:58:43, Info CSI 000001c6 [SR] Beginning Verify and Repair transaction
2012-04-13 19:58:49, Info CSI 000001c8 [SR] Verify complete
2012-04-13 19:58:49, Info CSI 000001c9 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:58:49, Info CSI 000001ca [SR] Beginning Verify and Repair transaction
2012-04-13 19:58:55, Info CSI 000001cc [SR] Verify complete
2012-04-13 19:58:56, Info CSI 000001cd [SR] Verifying 100 (0x00000064) components
2012-04-13 19:58:56, Info CSI 000001ce [SR] Beginning Verify and Repair transaction
2012-04-13 19:58:58, Info CSI 000001d0 [SR] Verify complete
2012-04-13 19:58:59, Info CSI 000001d1 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:58:59, Info CSI 000001d2 [SR] Beginning Verify and Repair transaction
2012-04-13 19:58:59, Info CSI 000001d4 [SR] Cannot repair member file [l:28{14}]"background.bmp" of Setup-UXWizard-ClientImages, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:59:03, Info CSI 000001d6 [SR] Cannot repair member file [l:28{14}]"background.bmp" of Setup-UXWizard-ClientImages, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:59:03, Info CSI 000001d7 [SR] This component was referenced by [l:238{119}]"Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~x86~~6.1.7601.17514.Microsoft-Windows-Client-Features-Update"
2012-04-13 19:59:03, Info CSI 000001da [SR] Could not reproject corrupted file [ml:520{260},l:56{28}]"\??\C:\Windows\System32\oobe"\[l:28{14}]"background.bmp"; source file in store is also corrupted
2012-04-13 19:59:04, Info CSI 000001dc [SR] Verify complete
2012-04-13 19:59:05, Info CSI 000001dd [SR] Verifying 100 (0x00000064) components
2012-04-13 19:59:05, Info CSI 000001de [SR] Beginning Verify and Repair transaction
2012-04-13 19:59:08, Info CSI 000001e0 [SR] Verify complete
2012-04-13 19:59:08, Info CSI 000001e1 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:59:08, Info CSI 000001e2 [SR] Beginning Verify and Repair transaction
2012-04-13 19:59:12, Info CSI 000001e4 [SR] Verify complete
2012-04-13 19:59:13, Info CSI 000001e5 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:59:13, Info CSI 000001e6 [SR] Beginning Verify and Repair transaction
2012-04-13 19:59:20, Info CSI 000001e8 [SR] Verify complete
2012-04-13 19:59:20, Info CSI 000001e9 [SR] Verifying 100 (0x00000064) components
2012-04-13 19:59:20, Info CSI 000001ea [SR] Beginning Verify and Repair transaction
2012-04-13 19:59:25, Info CSI 000001ec [SR] Verify complete
2012-04-13 19:59:25, Info CSI 000001ed [SR] Verifying 14 (0x0000000e) components
2012-04-13 19:59:25, Info CSI 000001ee [SR] Beginning Verify and Repair transaction
2012-04-13 19:59:26, Info CSI 000001f0 [SR] Verify complete
2012-04-13 19:59:26, Info CSI 000001f1 [SR] Repairing 10 (0x0000000a) components
2012-04-13 19:59:26, Info CSI 000001f2 [SR] Beginning Verify and Repair transaction
2012-04-13 19:59:26, Info CSI 000001f4 [SR] Cannot repair member file [l:32{16}]"W32UIRes.dll.mui" of Microsoft-Windows-Setup-Component.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:59:27, Info CSI 000001f6 [SR] Cannot repair member file [l:32{16}]"spwizres.dll.mui" of Microsoft-Windows-Setup-Navigation-Wizard-Framework.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:59:27, Info CSI 000001f8 [SR] Cannot repair member file [l:24{12}]"spwizimg.dll" of Microsoft-Windows-Setup-Navigation-Wizard-Framework, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:59:27, Info CSI 000001fa [SR] Cannot repair member file [l:24{12}]"W32UIRes.dll" of Microsoft-Windows-Setup-Component, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:59:27, Info CSI 000001fc [SR] Cannot repair member file [l:28{14}]"background.bmp" of Setup-UXWizard-ClientImages, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:59:27, Info CSI 000001fe [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:32{16}]"themeservice.dll" from store
2012-04-13 19:59:28, Info CSI 00000200 [SR] Cannot repair member file [l:32{16}]"W32UIRes.dll.mui" of Microsoft-Windows-Setup-Component.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:59:28, Info CSI 00000201 [SR] This component was referenced by [l:262{131}]"Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.1.7601.17514.Windows Foundation Language Pack"
2012-04-13 19:59:28, Info CSI 00000204 [SR] Could not reproject corrupted file [ml:520{260},l:68{34}]"\??\C:\Windows\System32\oobe\en-US"\[l:32{16}]"W32UIRes.dll.mui"; source file in store is also corrupted
2012-04-13 19:59:28, Info CSI 00000206 [SR] Cannot repair member file [l:24{12}]"W32UIRes.dll" of Microsoft-Windows-Setup-Component, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:59:28, Info CSI 00000207 [SR] This component was referenced by [l:198{99}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.WindowsFoundationDelivery"
2012-04-13 19:59:28, Info CSI 0000020a [SR] Could not reproject corrupted file [ml:520{260},l:56{28}]"\??\C:\Windows\System32\oobe"\[l:24{12}]"W32UIRes.dll"; source file in store is also corrupted
2012-04-13 19:59:28, Info CSI 0000020c [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:22{11}]"uxtheme.dll" from store
2012-04-13 19:59:28, Info CSI 0000020e [SR] Repairing corrupted file [ml:520{260},l:62{31}]"\??\C:\Windows\Branding\Basebrd"\[l:22{11}]"basebrd.dll" from store
2012-04-13 19:59:29, Info CSI 00000211 [SR] Cannot repair member file [l:24{12}]"spwizimg.dll" of Microsoft-Windows-Setup-Navigation-Wizard-Framework, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:59:29, Info CSI 00000212 [SR] This component was referenced by [l:198{99}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.WindowsFoundationDelivery"
2012-04-13 19:59:30, Info CSI 00000215 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"spwizimg.dll"; source file in store is also corrupted
2012-04-13 19:59:30, Info CSI 00000217 [SR] Repairing corrupted file [ml:520{260},l:74{37}]"\??\C:\Windows\Branding\Basebrd\en-US"\[l:30{15}]"basebrd.dll.mui" from store
2012-04-13 19:59:30, Info CSI 0000021a [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"imageres.dll" from store
2012-04-13 19:59:31, Info CSI 0000021c [SR] Cannot repair member file [l:32{16}]"spwizres.dll.mui" of Microsoft-Windows-Setup-Navigation-Wizard-Framework.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:59:31, Info CSI 0000021d [SR] This component was referenced by [l:262{131}]"Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.1.7601.17514.Windows Foundation Language Pack"
2012-04-13 19:59:31, Info CSI 00000220 [SR] Could not reproject corrupted file [ml:520{260},l:58{29}]"\??\C:\Windows\System32\en-US"\[l:32{16}]"spwizres.dll.mui"; source file in store is also corrupted
2012-04-13 19:59:31, Info CSI 00000222 [SR] Cannot repair member file [l:28{14}]"background.bmp" of Setup-UXWizard-ClientImages, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:59:31, Info CSI 00000223 [SR] This component was referenced by [l:238{119}]"Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~x86~~6.1.7601.17514.Microsoft-Windows-Client-Features-Update"
2012-04-13 19:59:31, Info CSI 00000226 [SR] Could not reproject corrupted file [ml:520{260},l:56{28}]"\??\C:\Windows\System32\oobe"\[l:28{14}]"background.bmp"; source file in store is also corrupted
2012-04-13 19:59:31, Info CSI 00000228 [SR] Repair complete
2012-04-13 19:59:31, Info CSI 00000229 [SR] Committing transaction
2012-04-13 19:59:31, Info CSI 0000022d [SR] Unable to complete Verify and Repair transaction because some of the files that need to be repaired are in use. A reboot is required to complete this operation.
2012-04-13 19:59:31, Info CSI 0000022e [SR] Repairing 10 (0x0000000a) components
2012-04-13 19:59:31, Info CSI 0000022f [SR] Beginning Verify and Repair transaction
2012-04-13 19:59:32, Info CSI 00000231 [SR] Cannot repair member file [l:32{16}]"W32UIRes.dll.mui" of Microsoft-Windows-Setup-Component.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:59:32, Info CSI 00000233 [SR] Cannot repair member file [l:32{16}]"spwizres.dll.mui" of Microsoft-Windows-Setup-Navigation-Wizard-Framework.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:59:32, Info CSI 00000235 [SR] Cannot repair member file [l:24{12}]"spwizimg.dll" of Microsoft-Windows-Setup-Navigation-Wizard-Framework, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:59:32, Info CSI 00000237 [SR] Cannot repair member file [l:24{12}]"W32UIRes.dll" of Microsoft-Windows-Setup-Component, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:59:32, Info CSI 00000239 [SR] Cannot repair member file [l:28{14}]"background.bmp" of Setup-UXWizard-ClientImages, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:59:32, Info CSI 0000023b [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:32{16}]"themeservice.dll" from store
2012-04-13 19:59:32, Info CSI 0000023d [SR] Cannot repair member file [l:32{16}]"W32UIRes.dll.mui" of Microsoft-Windows-Setup-Component.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:59:32, Info CSI 0000023e [SR] This component was referenced by [l:262{131}]"Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.1.7601.17514.Windows Foundation Language Pack"
2012-04-13 19:59:33, Info CSI 00000241 [SR] Could not reproject corrupted file [ml:520{260},l:68{34}]"\??\C:\Windows\System32\oobe\en-US"\[l:32{16}]"W32UIRes.dll.mui"; source file in store is also corrupted
2012-04-13 19:59:33, Info CSI 00000243 [SR] Cannot repair member file [l:24{12}]"W32UIRes.dll" of Microsoft-Windows-Setup-Component, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:59:33, Info CSI 00000244 [SR] This component was referenced by [l:198{99}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.WindowsFoundationDelivery"
2012-04-13 19:59:33, Info CSI 00000247 [SR] Could not reproject corrupted file [ml:520{260},l:56{28}]"\??\C:\Windows\System32\oobe"\[l:24{12}]"W32UIRes.dll"; source file in store is also corrupted
2012-04-13 19:59:33, Info CSI 00000249 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:22{11}]"uxtheme.dll" from store
2012-04-13 19:59:33, Info CSI 0000024b [SR] Repairing corrupted file [ml:520{260},l:62{31}]"\??\C:\Windows\Branding\Basebrd"\[l:22{11}]"basebrd.dll" from store
2012-04-13 19:59:33, Info CSI 0000024e [SR] Cannot repair member file [l:24{12}]"spwizimg.dll" of Microsoft-Windows-Setup-Navigation-Wizard-Framework, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:59:33, Info CSI 0000024f [SR] This component was referenced by [l:198{99}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.WindowsFoundationDelivery"
2012-04-13 19:59:34, Info CSI 00000252 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"spwizimg.dll"; source file in store is also corrupted
2012-04-13 19:59:34, Info CSI 00000254 [SR] Repairing corrupted file [ml:520{260},l:74{37}]"\??\C:\Windows\Branding\Basebrd\en-US"\[l:30{15}]"basebrd.dll.mui" from store
2012-04-13 19:59:35, Info CSI 00000257 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"imageres.dll" from store
2012-04-13 19:59:35, Info CSI 00000259 [SR] Cannot repair member file [l:32{16}]"spwizres.dll.mui" of Microsoft-Windows-Setup-Navigation-Wizard-Framework.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:59:35, Info CSI 0000025a [SR] This component was referenced by [l:262{131}]"Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.1.7601.17514.Windows Foundation Language Pack"
2012-04-13 19:59:35, Info CSI 0000025d [SR] Could not reproject corrupted file [ml:520{260},l:58{29}]"\??\C:\Windows\System32\en-US"\[l:32{16}]"spwizres.dll.mui"; source file in store is also corrupted
2012-04-13 19:59:35, Info CSI 0000025f [SR] Cannot repair member file [l:28{14}]"background.bmp" of Setup-UXWizard-ClientImages, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-04-13 19:59:35, Info CSI 00000260 [SR] This component was referenced by [l:238{119}]"Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~x86~~6.1.7601.17514.Microsoft-Windows-Client-Features-Update"
2012-04-13 19:59:36, Info CSI 00000263 [SR] Could not reproject corrupted file [ml:520{260},l:56{28}]"\??\C:\Windows\System32\oobe"\[l:28{14}]"background.bmp"; source file in store is also corrupted
2012-04-13 19:59:36, Info CSI 00000265 [SR] Repair complete


I'm going to run the system through its paces for a little while this evening and will update you shortly on how well it is working.

Thanks!
  • 0

#12
boots789

boots789

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Sorry for the delay in response. I did some testing (streamed some video, downloaded some files, visited various websites with excessive graphics, etc.) and I really didn't notice any significant difference in speed. I still found that, for example, if I try to watch a video on a site like youtube, the video file will start to buffer and then will stop. In order to get it to buffer further, I need to refresh the page. This same thing happens with downloads. If I start downloading a file, it will stall part way through. In order to continue the download, I will need to pause/restart it several times. Same problem with loading web pages as well - maybe half the graphics will load, and the rest will just stall until I refresh the page several times.

As far as overall computer performance goes, it does seem somewhat improved, although HP Photo Essentials keeps trying to re-install itself every time I reboot - must have removed it at some point during the process. More of an annoyance at this point, though. It definitely seems like the physical memory is being taxed quite a bit, even when I'm not running any processes in the foreground. I'm assuming McAfee is a big part of this problem.

Anyways, hopefully that info is helpful to you. Let me know if you have any further questions that can help us get to the bottom of this.

Thanks again for your help.
  • 0

#13
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

Download Windows Repair (all in one) from this site

Install the program then run

Go to step 2 and allow it to run Disc check
Posted Image


Once that is done then go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab select advanced mode and click start
Posted Image

Select the items ticked (remove the ticks from the rest ) and tick restart system when finished
Posted Image



Please try the internet and give me an update on any issues
  • 0

#14
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Have you run the Windows repair tool?

CompCav
  • 0

#15
boots789

boots789

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Yes, followed all instructions, except "repair proxy settings" was greyed out and I was unable to select it. No noticeable difference with Internet performance unfortunately.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP