[Ballerhappygirl]

My computer got the smart scan virus. I ran Rkill and malwarebytes. After the scan finds the threat it prompts for a reboot but my computer freezes with the HP logo. I don't know what to do. Do I have to wipe out my whole computer?

[Advertisements]

Hello, Ballerhappygirl!

I'm Nedklaw and I'll be glad to help you with your malware issues.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for Ballerhappygirl only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:

• Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
• Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
• Be patient with me, logs can take some time to research and my life can mean that I'm busy.
• Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
• NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
• Refrain from running any other tools apart from the ones I tell you to.

Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


Can you access Normal Mode or Safe Mode? (Safe Mode can be accessed by continuously pressing F8 whilst the computer boots up).
Do you have access to any blank CDs or a USB drive?

[Nedklaw]

Hello, Ballerhappygirl!

I'm Nedklaw and I'll be glad to help you with your malware issues.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for Ballerhappygirl only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:

• Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
• Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
• Be patient with me, logs can take some time to research and my life can mean that I'm busy.
• Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
• NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
• Refrain from running any other tools apart from the ones I tell you to.

Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


Can you access Normal Mode or Safe Mode? (Safe Mode can be accessed by continuously pressing F8 whilst the computer boots up).
Do you have access to any blank CDs or a USB drive?

[Ballerhappygirl]

Yes I can boot in safe mode and I have a USB but I've connected it to my infect computer. Is that bad? Also the malwarebytes is currently running on my computer. Should I stop it?

[Ballerhappygirl]

I can also boot in normal mode

[Nedklaw]

Hi.
Lets do some initial scans to see what malware is on your system.


Step 1

Download OTL to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  
  • Select Scan All Users.
  • Under the Custom Scan box paste this in:

  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  consrv.dll
  explorer.exe
  winlogon.exe
  userinit.exe
  svchost.exe
  /md5stop
  C:\Windows\assembly\tmp\U\*.* /s
  %Temp%\smtmp\1\*.*
  %Temp%\smtmp\2\*.*
  %Temp%\smtmp\3\*.*
  %Temp%\smtmp\4\*.*
  >C:\commands.txt echo list vol /raw /hide /c
  /wait
  >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
  /wait
  type c:\diskreport.txt /c
  /wait
  erase c:\commands.txt /hide /c
  /wait
  erase c:\diskreport.txt /hide /c
  CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Step 2

Download aswMBR.exe (4.5MB) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.




On completion of the scan click save log, save it to your desktop and post it in your next reply.




Things I want to see in your next reply

• OTL.txt
• Extras.txt
• aswMBR.txt

[Ballerhappygirl]

Should I do this in normal or safe mode

[Ballerhappygirl]

OTL logfile created on: 5/3/2012 7:02:50 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\schaney\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 65.12% Memory free
7.60 Gb Paging File | 6.33 Gb Available in Paging File | 83.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.45 Gb Total Space | 372.27 Gb Free Space | 83.01% Space Free | Partition Type: NTFS
Drive D: | 17.01 Gb Total Space | 2.46 Gb Free Space | 14.46% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 7.42 Gb Free Space | 99.66% Space Free | Partition Type: FAT32

Computer Name: SCHANEY-HP | User Name: schaney | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/03 18:53:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\schaney\Desktop\OTL.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/06/24 16:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Stopped] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/03/25 21:07:00 | 000,079,504 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2012/02/15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/21 03:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/13 11:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/25 21:07:00 | 000,180,968 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe -- (McShield)
SRV - [2010/03/25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/03/25 21:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe -- (McAfeeEngineService)
SRV - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/25 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005/04/04 19:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Users\schaney\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/20 12:00:30 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/22 16:21:07 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/13 11:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/25 21:07:00 | 000,469,400 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/03/25 21:07:00 | 000,120,096 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/03/25 21:07:00 | 000,097,576 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/03/25 21:07:00 | 000,084,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2010/03/25 21:07:00 | 000,078,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/02/03 09:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/09/22 20:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 21:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/09/22 20:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0D015608-8A45-4844-B368-269D67AC5B35}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9CAA0926-39F4-4EBD-BC17-FDCD597C2F85}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{CFD47BC0-4560-4AC2-8030-DF8A00A2301F}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{F08CFD64-AA6F-4C8D-85B1-B71B0FC1C6FE}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0D015608-8A45-4844-B368-269D67AC5B35}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9CAA0926-39F4-4EBD-BC17-FDCD597C2F85}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{CFD47BC0-4560-4AC2-8030-DF8A00A2301F}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{F08CFD64-AA6F-4C8D-85B1-B71B0FC1C6FE}: "URL" = http://search.yahoo....psg&type=HPNTDF


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\SearchScopes,DefaultScope = {B856020B-2409-4015-B2B1-D092DFC7D22C}
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\SearchScopes\{0D015608-8A45-4844-B368-269D67AC5B35}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\SearchScopes\{9CAA0926-39F4-4EBD-BC17-FDCD597C2F85}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\SearchScopes\{B856020B-2409-4015-B2B1-D092DFC7D22C}: "URL" = http://www.google.co...1I7ADRA_enUS416
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\SearchScopes\{CFD47BC0-4560-4AC2-8030-DF8A00A2301F}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\SearchScopes\{F08CFD64-AA6F-4C8D-85B1-B71B0FC1C6FE}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://g.msn.com/HPNOT/1"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\schaney\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\schaney\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/20 15:13:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/09/22 10:45:36 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\schaney\AppData\Roaming\Mozilla\Extensions
[2011/11/11 14:18:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\schaney\AppData\Roaming\Mozilla\Firefox\Profiles\b421o4f1.default\extensions
[2011/11/11 14:18:39 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\schaney\AppData\Roaming\Mozilla\Firefox\Profiles\b421o4f1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/12/19 12:32:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/19 12:32:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/10/14 13:11:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/14 13:11:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2012/04/26 04:08:54 | 000,000,882 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Users\schaney\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LHWmcRqHquM.exe] C:\ProgramData\LHWmcRqHquM.exe File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [uEhBAYCSUUPOwa.exe] C:\ProgramData\uEhBAYCSUUPOwa.exe ()
O4 - HKU\.DEFAULT..\Run: [afdbeacfbcadct] "C:\ProgramData\afdbeacfbcadct.exe" File not found
O4 - HKU\.DEFAULT..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found
O4 - HKU\S-1-5-18..\Run: [afdbeacfbcadct] "C:\ProgramData\afdbeacfbcadct.exe" File not found
O4 - HKU\S-1-5-18..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000..\Run: [afdbeacfbcadct] "C:\ProgramData\afdbeacfbcadct.exe" File not found
O4 - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000..\Run: [ChromeFrameHelper] C:\Users\schaney\AppData\Local\Google\Chrome\Application\18.0.1025.162\chrome_frame_helper.exe (Google Inc.)
O4 - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://aim-hqevents...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.7.224.200 129.7.235.45 172.21.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23D51591-C4EE-469F-9AF0-E4BFEA3D2CBB}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA67CC1E-E2E3-40CE-A725-5CB301336AE2}: DhcpNameServer = 129.7.224.200 129.7.235.45 172.21.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=utf-8 - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml; charset=iso-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml; charset=utf-8 - No CLSID value found
O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2012/05/03 18:53:41 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\schaney\Desktop\OTL.exe
[2012/05/03 16:18:35 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{C2884B8A-FF65-48D1-839A-323ECAF3EED2}
[2012/04/27 12:15:42 | 000,000,000 | -H-D | C] -- C:\Users\schaney\AppData\Local\{9971BED2-0A63-4F63-A0ED-BA73019EB8FB}
[2012/04/27 12:15:23 | 000,000,000 | -H-D | C] -- C:\Users\schaney\AppData\Local\{1498B0E8-114C-4A6B-83C4-F61A22154700}
[2012/04/27 11:52:58 | 000,000,000 | -H-D | C] -- C:\Users\schaney\AppData\Local\{415263AC-8841-47DA-BFB0-D19121FA111E}
[2012/04/26 17:31:13 | 000,000,000 | -H-D | C] -- C:\Users\schaney\AppData\Local\{D0C28078-58C2-4679-8D0B-D78449C9709F}
[2012/04/26 17:31:03 | 000,000,000 | -H-D | C] -- C:\Users\schaney\AppData\Local\{58E325EE-7FA5-4055-8DB0-EE7F764F293B}
[2012/04/26 13:27:31 | 000,000,000 | -H-D | C] -- C:\Users\schaney\AppData\Roaming\Malwarebytes
[2012/04/26 13:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/26 13:27:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2012/04/26 13:27:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/26 13:27:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/26 13:26:13 | 000,000,000 | -H-D | C] -- C:\Users\schaney\AppData\Local\{3E90931D-3B4D-44B6-ADBF-EC7E979460EC}
[2012/04/26 12:00:35 | 000,000,000 | -H-D | C] -- C:\Users\schaney\AppData\Local\{E8743892-DCD6-4430-8719-ADAF2B63BBCC}
[2012/04/26 11:22:50 | 000,000,000 | -H-D | C] -- C:\Users\schaney\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/26 11:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/26 11:22:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/04/26 11:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/26 00:04:34 | 000,000,000 | -H-D | C] -- C:\Users\schaney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012/04/25 23:59:59 | 000,000,000 | -H-D | C] -- C:\Users\schaney\AppData\Local\{D4369161-1175-4952-8939-162E30DCB5DA}
[2012/04/25 23:59:12 | 000,000,000 | -H-D | C] -- C:\Users\schaney\AppData\Local\{58702679-D48A-4120-9929-582D5ACAB06C}
[2012/04/25 23:53:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/04/25 23:09:24 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/25 23:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/04/25 22:52:11 | 000,000,000 | -H-D | C] -- C:\Users\schaney\AppData\Local\{76E6C1F0-BB54-4444-B789-3B0721FC7DB9}
[2012/04/25 22:52:00 | 000,000,000 | -H-D | C] -- C:\Users\schaney\AppData\Local\{2E7AB63C-CE61-4C40-80E8-228079E707E6}
[2012/04/22 11:13:47 | 000,000,000 | -H-D | C] -- C:\Users\schaney\AppData\Local\{139C2302-8595-4DB0-838B-6E41127DCE3A}
[2012/04/22 10:07:58 | 000,000,000 | -H-D | C] -- C:\Users\schaney\AppData\Local\{2F2E990A-EAA0-4CB6-8965-ACE8F888EBA3}
[2012/04/22 10:07:47 | 000,000,000 | -H-D | C] -- C:\Users\schaney\AppData\Local\{291B2AC0-A21F-4667-A59C-0735A85E03E6}
[2012/04/19 23:49:46 | 000,000,000 | -H-D | C] -- C:\Users\schaney\Desktop\ARVO 2012 computer work
[2012/04/15 15:31:59 | 000,000,000 | -H-D | C] -- C:\Users\schaney\AppData\Local\{EAC88ABB-0A8A-4EFC-8501-8197901CCCB1}
[2012/04/15 15:31:37 | 000,000,000 | -H-D | C] -- C:\Users\schaney\AppData\Local\{17A1511B-8860-4341-B19A-3C7F2514A513}
[2012/04/15 11:44:44 | 000,000,000 | -H-D | C] -- C:\Users\schaney\AppData\Local\{0F1D8ABF-FF45-4B54-9965-439C8C80277D}
[2012/04/05 23:32:46 | 000,000,000 | -H-D | C] -- C:\Users\schaney\AppData\Local\{7CF495C5-9DC0-4ABA-9CB8-D3BB77928630}
[2012/04/04 16:00:54 | 000,000,000 | -H-D | C] -- C:\Users\schaney\AppData\Local\{DC5414AC-9638-4D07-8740-2B257E0C0ACF}
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/03 18:57:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/03 18:57:13 | 326,533,315 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/03 18:57:09 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/03 18:53:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\schaney\Desktop\OTL.exe
[2012/05/03 16:33:26 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/03 16:19:11 | 000,008,212 | ---- | M] () -- C:\Windows\mfebcdata
[2012/05/03 16:17:12 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/27 17:12:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/27 17:10:01 | 000,000,916 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1451402489-2950640726-3651343478-1000UA.job
[2012/04/27 13:17:56 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/27 13:17:56 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/27 13:12:41 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-QbbpZOqa9tVeme
[2012/04/27 13:12:34 | 000,000,256 | -H-- | M] () -- C:\ProgramData\QbbpZOqa9tVeme
[2012/04/27 12:17:23 | 000,300,032 | ---- | M] () -- C:\ProgramData\uEhBAYCSUUPOwa.exe
[2012/04/26 12:10:08 | 000,000,864 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1451402489-2950640726-3651343478-1000Core.job
[2012/04/26 11:26:23 | 000,730,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/26 11:26:23 | 000,627,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/26 11:26:23 | 000,107,638 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/26 00:04:35 | 000,000,679 | -H-- | M] () -- C:\Users\schaney\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/04/26 00:04:35 | 000,000,655 | -H-- | M] () -- C:\Users\schaney\Desktop\Data_Recovery.lnk
[2012/04/22 10:04:46 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForschaney.job
[2012/04/19 22:30:45 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/04/15 16:23:54 | 000,744,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/03 16:19:11 | 000,008,212 | ---- | C] () -- C:\Windows\mfebcdata
[2012/04/27 14:29:11 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/27 12:19:38 | 000,300,032 | ---- | C] () -- C:\ProgramData\uEhBAYCSUUPOwa.exe
[2012/04/26 15:20:18 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-QbbpZOqa9tVeme
[2012/04/26 00:04:35 | 000,000,679 | -H-- | C] () -- C:\Users\schaney\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/04/26 00:04:35 | 000,000,655 | -H-- | C] () -- C:\Users\schaney\Desktop\Data_Recovery.lnk
[2012/04/26 00:04:31 | 000,000,256 | -H-- | C] () -- C:\ProgramData\QbbpZOqa9tVeme
[2012/04/22 09:59:45 | 326,533,315 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/04/19 22:30:45 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/04/15 16:23:54 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/06 15:52:53 | 000,000,088 | -H-- | C] () -- C:\Users\schaney\AppData\Roaming\usb.inf
[2011/07/18 11:49:05 | 000,004,096 | -H-- | C] () -- C:\Users\schaney\AppData\Local\keyfile3.drm
[2011/03/23 11:36:35 | 000,001,854 | -H-- | C] () -- C:\Users\schaney\AppData\Roaming\GhostObjGAFix.xml
[2010/12/20 18:31:52 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/11/30 20:20:12 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2010/10/22 16:20:30 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/10/22 16:20:30 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/09/28 15:00:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/08/25 20:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 20:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/07/15 17:11:45 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/07/15 14:42:24 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini
[2010/05/14 13:27:50 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/05/14 12:16:12 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/05/14 12:16:12 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

========== LOP Check ==========

[2010/12/20 15:09:19 | 000,000,000 | -H-D | M] -- C:\Users\schaney\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/20 15:12:20 | 000,000,000 | -H-D | M] -- C:\Users\schaney\AppData\Roaming\Opera
[2011/01/27 14:33:25 | 000,000,000 | -H-D | M] -- C:\Users\schaney\AppData\Roaming\Synergy Software
[2011/01/17 22:21:39 | 000,000,000 | -H-D | M] -- C:\Users\schaney\AppData\Roaming\Watchtower
[2011/02/10 11:41:13 | 000,000,000 | -H-D | M] -- C:\Users\schaney\AppData\Roaming\webex
[2011/07/01 10:12:26 | 000,000,000 | -H-D | M] -- C:\Users\schaney\AppData\Roaming\Windows Live Writer
[2012/02/14 00:25:00 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/07/15 14:58:05 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | -H-- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\schaney\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\schaney\AppData\Local\Temp\RarSFX1\procs\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/07/15 14:55:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/07/15 14:58:05 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/07/15 14:55:37 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | -H-- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\schaney\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\schaney\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/07/15 14:58:05 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/07/15 14:55:37 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/07/15 14:58:05 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/07/15 14:55:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:14:45 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=2CEFF13ACE25A40BD8D97654944297CD -- C:\Windows\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\schaney\AppData\Local\Temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\schaney\AppData\Local\Temp\RarSFX1\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/07/15 14:58:05 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\schaney\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\schaney\AppData\Local\Temp\RarSFX1\winlogon.exe
[2010/07/15 14:58:05 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >
[2012/04/26 13:27:21 | 000,001,113 | ---- | M] () -- C:\Users\schaney\AppData\Local\Temp\smtmp\4\Malwarebytes Anti-Malware.lnk
[2012/04/26 11:22:40 | 000,001,808 | ---- | M] () -- C:\Users\schaney\AppData\Local\Temp\smtmp\4\SUPERAntiSpyware Free Edition.lnk

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: SCHANEY-HP
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 SYSTEM NTFS Partition 199 MB Healthy System
Volume 2 C NTFS Partition 448 GB Healthy Boot
Volume 3 D RECOVERY NTFS Partition 17 GB Healthy
Volume 4 HP_TOOLS FAT32 Partition 103 MB Healthy
Volume 5 F FAT32 Removable 7629 MB Healthy

< End of report >

OTL Extras logfile created on: 5/3/2012 7:02:51 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\schaney\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 65.12% Memory free
7.60 Gb Paging File | 6.33 Gb Available in Paging File | 83.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.45 Gb Total Space | 372.27 Gb Free Space | 83.01% Space Free | Partition Type: NTFS
Drive D: | 17.01 Gb Total Space | 2.46 Gb Free Space | 14.46% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 7.42 Gb Free Space | 99.66% Space Free | Partition Type: FAT32

Computer Name: SCHANEY-HP | User Name: schaney | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014B69EB-7869-4449-8B09-71279A29E860}" = lport=2869 | protocol=6 | dir=in | app=system |
"{021CBF06-457D-4DC3-9143-043A06A20AE5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{040BF3C9-7E9F-4B39-B914-50BDBFC24EF7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0F78675A-7C65-42E1-8FCC-8BE643131813}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1CF8C402-5334-4FF2-B31B-A05674E0138F}" = lport=138 | protocol=17 | dir=in | app=system |
"{2131ACEA-2CAB-4860-A5BE-A756B79DB080}" = lport=139 | protocol=6 | dir=in | app=system |
"{29516590-2CF5-423D-9E77-D464C286B763}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3CCEA059-711E-4070-854F-24575DC79A7B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5AF0DBCF-17BE-4E59-8805-B8B7038E5762}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6B0B7E11-AD9F-4650-8BEF-1D2018655F4E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{82E5E0F0-57B7-47FF-A311-52DD06551D3D}" = rport=139 | protocol=6 | dir=out | app=system |
"{92AD72FC-8AF7-4415-AE5C-3BFE177AD661}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{980342F3-D15D-48FF-A1E7-493837C95DFD}" = rport=445 | protocol=6 | dir=out | app=system |
"{9FDA7625-0344-416D-8E55-948699B9F67F}" = lport=137 | protocol=17 | dir=in | app=system |
"{AE5264F7-8830-46BF-8180-FCB139CACDBD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B1A4CF37-48DA-40F2-86A1-5DE7C321F8AF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C32FB134-66A7-43AA-894F-903A339FABE3}" = rport=137 | protocol=17 | dir=out | app=system |
"{C628767A-6C82-46ED-915E-F3C5953346A8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C7D63BBB-CD83-40F3-9FAD-8A54E733187C}" = rport=138 | protocol=17 | dir=out | app=system |
"{D5243E1D-7B59-46DE-BCB7-EF3221D98741}" = lport=445 | protocol=6 | dir=in | app=system |
"{DC60897D-9FAA-476D-B90C-265ECCB1E3D3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E8BFF0F7-0F01-408E-9340-E8E0B1C6A4F8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FBFB6BBC-5A0D-4F4D-A28D-1D4199D04721}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{283F0F28-12DF-4972-8007-9CF31669E791}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2BCC2C8D-83E8-45C9-A811-9B7B81FC77C8}" = protocol=1 | dir=out | [email protected],-28544 |
"{2E9DB1DB-F7E4-4A29-B426-6D338F079AFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{312E9C05-6F94-4C2C-9635-7DD857D6697B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37BD8F3A-9FB5-4B4D-8E1C-F8E7592C07D0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe |
"{38869F90-E40B-46D9-92EC-F5D8F737645A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3E0FBD87-D64C-4C22-8E10-102DD0F59FF2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{42C0DA55-3C5F-4A5D-9006-0B2739694D23}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{43DC32B0-BCAA-434D-955E-0337A97E3CD6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48AA45D0-C9EE-4661-AC22-DA34BBA10A3F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4C1E1E53-8E64-4A84-A448-8873F0DD57A3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{577F4671-173F-45C5-9E09-1C198E9DAA7F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{658DC16F-FE23-43AA-A3B8-7EC9B6CB1AED}" = protocol=6 | dir=out | app=system |
"{6DA13DA9-A4BA-4795-8AAB-96DCF2B909F3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{71A8ACF2-1724-4572-9488-B99EFB7B7356}" = protocol=58 | dir=in | [email protected],-28545 |
"{89444446-F8EC-4C32-96C8-8C57003414FA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8AE8933B-D5C5-49BC-B747-8C2C1AC99D11}" = dir=in | app=%programfiles% (x86)\itunes\itunes.exe |
"{8EB8BE8A-5544-4EC3-94EA-D24E70606BD9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8EE2C973-4AF8-4224-886D-A98B99BD32CF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{919F811F-7A43-436A-BCEC-018B4D500F2B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{960C0595-570C-48A6-9489-202F4AD662FC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{999D5185-A05F-4D23-8B53-024CEB1BD713}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe |
"{9BE88906-6C94-40EC-A766-6EA7A25BCBD7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9F852F14-F489-4EC2-9FCC-F5798ABDB339}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe |
"{A8E8140A-E568-4EA4-ADDB-A962B19F58A1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe |
"{C3455933-E1E8-414D-B022-D9C9AAF0797D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C5BE5146-1C6A-4BCB-A0BC-01FBB37AB0B0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CC60974A-668C-4E1F-AD4A-81B6F8EE2B79}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CF96BEEA-85E9-43A9-9C54-96684CE9C7D2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DAB358DB-947A-4F66-81B4-258D6E9F51EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E1AB6361-8DDE-4A24-B57A-5C139AA9B1B1}" = protocol=1 | dir=in | [email protected],-28543 |
"{F3DCF72D-9A0B-459D-AD84-FBF50119E0AE}" = protocol=58 | dir=out | [email protected],-28546 |
"{F5759F37-3D85-4679-9F5E-DBC6184B637F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FC38D391-A4E4-4E53-B36F-8AA779CB0D6F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{B6B54EC5-6F9C-4877-AA36-C26A155156C6}C:\program files (x86)\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"TCP Query User{EE514AFC-0A55-46E0-8687-C7FDFE9074BB}C:\windows\system32\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"TCP Query User{EF385BBD-DBD6-4039-BC49-07C511D6A841}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{A44404BE-121D-43B3-9BCB-FF8702CBCD2B}C:\program files (x86)\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"UDP Query User{A8F18E10-300A-471F-B673-3ABAF6934227}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{B021817D-2679-49A7-A3C8-8347F032ADDB}C:\windows\system32\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5737101A-27C4-408A-8A57-D1DC78DF84B4}" = 64 Bit HP CIO Components Installer
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00A42832-B21A-4296-B5F4-D296D0BC4A3E}" = HP Quick Launch
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 30
"{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69ABD67D-5C2E-4724-B519-695DEF3EC23B}" = HP Documentation
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA951B10-7089-4D60-B288-516E641F48E6}" = McAfee Agent
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EED1EFD7-2703-4f7e-9820-EAA3C4723EA3}" = Watchtower Library 2011 - English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"KaleidaGraph 4.0" = KaleidaGraph 4.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"My HP Game Console" = HP Game Console
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087335" = Build-a-lot 2
"WT087342" = Dora's Carnival Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087373" = Jewel Quest 3
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087513" = Virtual Villagers - The Secret City
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1451402489-2950640726-3651343478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome Frame" = Google Chrome Frame

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/6/2012 11:56:08 AM | Computer Name = schaney-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 41002897

Error - 4/6/2012 11:56:09 AM | Computer Name = schaney-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/6/2012 11:56:09 AM | Computer Name = schaney-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 41003896

Error - 4/6/2012 11:56:09 AM | Computer Name = schaney-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 41003896

Error - 4/15/2012 12:44:16 PM | Computer Name = schaney-HP | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.102:5353 20 102.1.168.192.in-addr.arpa.
PTR schaney-HP-2.local.

Error - 4/15/2012 12:44:16 PM | Computer Name = schaney-HP | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 18 102.1.168.192.in-addr.arpa.
PTR schaney-HP.local.

Error - 4/15/2012 12:55:47 PM | Computer Name = schaney-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: SHLWAPI.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7b9e2 Exception code: 0xc0000005 Fault offset: 0x0000d225 Faulting process
id: 0x8d4 Faulting application start time: 0x01cd1b26f7b1738a Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\syswow64\SHLWAPI.dll
Report
Id: d8913816-871b-11e1-bcbf-eafef9ad9fff

Error - 4/15/2012 1:08:05 PM | Computer Name = schaney-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16441, time
stamp: 0x4ee81830 Exception code: 0xc0000005 Fault offset: 0x001d9686 Faulting process
id: 0x1424 Faulting application start time: 0x01cd1b28e3612093 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: 9087c66e-871d-11e1-bcbf-eafef9ad9fff

Error - 4/15/2012 4:30:18 PM | Computer Name = schaney-HP | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.102:5353 20 102.1.168.192.in-addr.arpa.
PTR schaney-HP-2.local.

Error - 4/15/2012 4:30:18 PM | Computer Name = schaney-HP | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 18 102.1.168.192.in-addr.arpa.
PTR schaney-HP.local.

[ Hewlett-Packard Events ]
Error - 1/3/2012 3:19:55 PM | Computer Name = schaney-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 1/3/2012 3:20:36 PM | Computer Name = schaney-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 1/3/2012 3:21:30 PM | Computer Name = schaney-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 1/3/2012 3:24:00 PM | Computer Name = schaney-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 2/6/2012 4:46:52 PM | Computer Name = schaney-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 3/28/2012 8:00:43 PM | Computer Name = schaney-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/bfe7d3e7_9b60_4e87_853b_ecf3ec6b0fef/cb9fjkus9w7nrxpaevazfecf_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3893 Ram Utilization: 50 TargetSite: Void UpdateDetail(System.String)

Error - 4/15/2012 12:59:07 PM | Computer Name = schaney-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 4/15/2012 12:59:07 PM | Computer Name = schaney-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 4/15/2012 12:59:07 PM | Computer Name = schaney-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 4/19/2012 11:38:54 PM | Computer Name = schaney-HP | Source = HPSF.exe | ID = 4000
Description =

[ HP Software Framework Events ]
Error - 3/21/2012 5:34:32 PM | Computer Name = schaney-HP | Source = CaslWmi | ID = 5
Description = 2012/03/21 16:34:32.897|00001E88|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 3/21/2012 5:34:33 PM | Computer Name = schaney-HP | Source = hpCasl | ID = 5
Description = 2012/03/21 16:34:33.733|00001E88|Error |[hpcasl]Global::CheckforValidSignature{bool()}|Calling
process C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Warranty\CASLExec.exe
does not have a valid signature. HP CASL loading aborted

Error - 3/28/2012 8:00:48 PM | Computer Name = schaney-HP | Source = CaslWmi | ID = 5
Description = 2012/03/28 19:00:48.527|00001E78|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 4/4/2012 10:46:08 PM | Computer Name = schaney-HP | Source = CaslWmi | ID = 5
Description = 2012/04/04 21:46:08.355|0000069C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 4/15/2012 1:00:14 PM | Computer Name = schaney-HP | Source = CaslWmi | ID = 5
Description = 2012/04/15 12:00:14.072|00001928|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 4/19/2012 11:39:47 PM | Computer Name = schaney-HP | Source = CaslWmi | ID = 5
Description = 2012/04/19 22:39:47.554|000022E4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 4/19/2012 11:42:09 PM | Computer Name = schaney-HP | Source = CaslWmi | ID = 5
Description = 2012/04/19 22:42:09.361|000004B4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 4/19/2012 11:42:15 PM | Computer Name = schaney-HP | Source = CaslWmi | ID = 5
Description = 2012/04/19 22:42:15.141|0000224C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 4/19/2012 11:42:33 PM | Computer Name = schaney-HP | Source = CaslWmi | ID = 5
Description = 2012/04/19 22:42:33.165|00001968|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 4/19/2012 11:42:34 PM | Computer Name = schaney-HP | Source = hpCasl | ID = 5
Description = 2012/04/19 22:42:34.289|00001968|Error |[hpcasl]Global::CheckforValidSignature{bool()}|Calling
process C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Warranty\CASLExec.exe
does not have a valid signature. HP CASL loading aborted

[ HP Wireless Assistant Events ]
Error - 12/1/2010 12:30:34 AM | Computer Name = schaney-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/1/2010 12:30:39 AM | Computer Name = schaney-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/1/2010 12:30:44 AM | Computer Name = schaney-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/1/2010 12:30:49 AM | Computer Name = schaney-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/1/2010 12:30:54 AM | Computer Name = schaney-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/1/2010 12:31:54 AM | Computer Name = schaney-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/1/2010 12:32:54 AM | Computer Name = schaney-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/1/2010 12:33:54 AM | Computer Name = schaney-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/1/2010 12:34:54 AM | Computer Name = schaney-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 3/4/2011 11:29:15 AM | Computer Name = schaney-HP | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.
at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

[ Media Center Events ]
Error - 8/4/2011 12:17:00 PM | Computer Name = schaney-HP | Source = MCUpdate | ID = 0
Description = 11:16:55 AM - Error connecting to the internet. 11:16:55 AM - Unable
to contact server..

Error - 8/16/2011 10:46:29 AM | Computer Name = schaney-HP | Source = MCUpdate | ID = 0
Description = 9:46:27 AM - Error connecting to the internet. 9:46:27 AM - Unable
to contact server..

Error - 8/22/2011 10:58:14 AM | Computer Name = schaney-HP | Source = MCUpdate | ID = 0
Description = 9:58:14 AM - Error connecting to the internet. 9:58:14 AM - Unable
to contact server..

Error - 8/22/2011 10:58:24 AM | Computer Name = schaney-HP | Source = MCUpdate | ID = 0
Description = 9:58:20 AM - Error connecting to the internet. 9:58:20 AM - Unable
to contact server..

Error - 8/23/2011 11:33:36 AM | Computer Name = schaney-HP | Source = MCUpdate | ID = 0
Description = 10:33:36 AM - Error connecting to the internet. 10:33:36 AM - Unable
to contact server..

Error - 8/23/2011 11:33:45 AM | Computer Name = schaney-HP | Source = MCUpdate | ID = 0
Description = 10:33:41 AM - Error connecting to the internet. 10:33:41 AM - Unable
to contact server..

Error - 9/14/2011 10:34:39 AM | Computer Name = schaney-HP | Source = MCUpdate | ID = 0
Description = 9:34:39 AM - Error connecting to the internet. 9:34:39 AM - Unable
to contact server..

Error - 9/14/2011 10:34:49 AM | Computer Name = schaney-HP | Source = MCUpdate | ID = 0
Description = 9:34:44 AM - Error connecting to the internet. 9:34:44 AM - Unable
to contact server..

Error - 9/14/2011 12:14:47 PM | Computer Name = schaney-HP | Source = MCUpdate | ID = 0
Description = 11:14:47 AM - Error connecting to the internet. 11:14:47 AM - Unable
to contact server..

Error - 9/14/2011 12:14:58 PM | Computer Name = schaney-HP | Source = MCUpdate | ID = 0
Description = 11:14:52 AM - Error connecting to the internet. 11:14:52 AM - Unable
to contact server..

[ System Events ]
Error - 5/3/2012 7:57:34 PM | Computer Name = schaney-HP | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 5/3/2012 7:57:34 PM | Computer Name = schaney-HP | Source = Service Control Manager | ID = 7001
Description = The McAfee Validation Trust Protection Service service depends on
the McAfee Inc. mfehidk service which failed to start because of the following error:
%%31

Error - 5/3/2012 7:57:34 PM | Computer Name = schaney-HP | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 5/3/2012 7:57:34 PM | Computer Name = schaney-HP | Source = Service Control Manager | ID = 7001
Description = The McAfee McShield service depends on the McAfee Validation Trust
Protection Service service which failed to start because of the following error:
%%1068

Error - 5/3/2012 7:57:35 PM | Computer Name = schaney-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
discache mfehidk SASDIFSV SASKUTIL spldr Wanarpv6

Error - 5/3/2012 7:57:49 PM | Computer Name = schaney-HP | Source = DCOM | ID = 10005
Description =

Error - 5/3/2012 7:57:53 PM | Computer Name = schaney-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error
Code: 21

Error - 5/3/2012 7:57:55 PM | Computer Name = schaney-HP | Source = DCOM | ID = 10005
Description =

Error - 5/3/2012 7:58:00 PM | Computer Name = schaney-HP | Source = DCOM | ID = 10005
Description =

Error - 5/3/2012 7:58:00 PM | Computer Name = schaney-HP | Source = DCOM | ID = 10005
Description =


< End of report >

[Nedklaw]

Hi.
Run tools in Normal Mode unless told otherwise.

Do you have the aswMBR report?

[Ballerhappygirl]

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-03 19:17:39
-----------------------------
19:17:39.567 OS Version: Windows x64 6.1.7601 Service Pack 1
19:17:39.567 Number of processors: 4 586 0x2505
19:17:39.568 ComputerName: SCHANEY-HP UserName: schaney
19:17:48.053 Initialize success
19:18:21.150 AVAST engine defs: 12050301
19:18:24.289 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:18:24.291 Disk 0 Vendor: ST950032 0005 Size: 476940MB BusType: 3
19:18:24.295 Device \Driver\iaStor -> MajorFunction fffffa80065f95c4
19:18:24.298 Disk 0 MBR read successfully
19:18:24.303 Disk 0 MBR scan
19:18:24.308 Disk 0 unknown MBR code
19:18:24.587 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
19:18:24.656 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459213 MB offset 409600
19:18:24.735 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17423 MB offset 940877824
19:18:24.793 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
19:18:24.867 Disk 0 scanning C:\Windows\system32\drivers
19:18:53.761 Service scanning
19:19:32.396 Modules scanning
19:19:32.751 Disk 0 trace - called modules:
19:19:32.757 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80065f95c4]<<
19:19:32.762 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f10060]
19:19:32.766 3 CLASSPNP.SYS[fffff88001dc943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f24050]
19:19:32.772 \Driver\iaStor[0xfffffa8005f5bb00] -> IRP_MJ_CREATE -> 0xfffffa80065f95c4
19:19:35.959 AVAST engine scan C:\Windows
19:19:38.654 AVAST engine scan C:\Windows\system32
19:23:51.257 AVAST engine scan C:\Windows\system32\drivers
19:24:07.172 AVAST engine scan C:\Users\schaney
19:29:45.474 Disk 0 MBR has been saved successfully to "C:\Users\schaney\Desktop\MBR.dat"
19:29:45.481 The log file has been saved successfully to "C:\Users\schaney\Desktop\aswMBR.txt"

[Ballerhappygirl]

Ooops... I've been running in safe mode. do I have to start over. Sorry I feel like an idiot

[Nedklaw]

Hi.
No you don't have to start over. I'll review your logs and I shall have a reply for you tomorrow.

[Ballerhappygirl]

Thank you very much. I REALLY appreciate your help.

[Nedklaw]

Hi.


Step 1

Please uninstall the following program via Control Panel > Uninstall a program (if present):

• Java™ 6 Update 20 (64-bit)

Step 2

• Download RogueKiller and save it on your desktop.
• Quit all programs.
• Start RogueKiller.exe.
• Note: If RogueKiller has been blocked, do not hesitate to try several times. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again.
• Wait until the Prescan has finished.
• Click on Scan.
  
  
  
• Wait for the end of the scan.
• The report has been created on the desktop.
  
• Click on the Delete button.
• The report has been created on the desktop.
  
• Next click on ShortcutsFix.
• The report has been created on the desktop.

Step 3

If you have the paid version of Malwarebytes 1.6 or later installed, please disable it for the duration of this run.

To disable MBAM

Open the scanner and select the Protection tab.
Remove the tick from Start protection module with Windows.
Reboot and then run OTL.




Run OTL.

• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  
  

  :OTL 
  PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
  IE:64bit: - HKLM\..\SearchScopes\{9CAA0926-39F4-4EBD-BC17-FDCD597C2F85}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
  IE - HKLM\..\SearchScopes\{9CAA0926-39F4-4EBD-BC17-FDCD597C2F85}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
  IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\SearchScopes\{9CAA0926-39F4-4EBD-BC17-FDCD597C2F85}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
  O4 - HKLM..\Run: [LHWmcRqHquM.exe] C:\ProgramData\LHWmcRqHquM.exe File not found
  O4 - HKLM..\Run: [uEhBAYCSUUPOwa.exe] C:\ProgramData\uEhBAYCSUUPOwa.exe ()
  O4 - HKU\.DEFAULT..\Run: [afdbeacfbcadct] "C:\ProgramData\afdbeacfbcadct.exe" File not found
  O4 - HKU\.DEFAULT..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found
  O4 - HKU\S-1-5-18..\Run: [afdbeacfbcadct] "C:\ProgramData\afdbeacfbcadct.exe" File not found
  O4 - HKU\S-1-5-18..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found
  O4 - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000..\Run: [afdbeacfbcadct] "C:\ProgramData\afdbeacfbcadct.exe" File not found
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
  O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
  O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
  O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
  [2012/04/26 00:04:34 | 000,000,000 | -H-D | C] -- C:\Users\schaney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
  [2012/04/27 13:12:41 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-QbbpZOqa9tVeme
  [2012/04/27 13:12:34 | 000,000,256 | -H-- | M] () -- C:\ProgramData\QbbpZOqa9tVeme
  [2012/04/27 12:17:23 | 000,300,032 | ---- | M] () -- C:\ProgramData\uEhBAYCSUUPOwa.exe
  [2012/04/26 00:04:35 | 000,000,679 | -H-- | M] () -- C:\Users\schaney\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
  [2012/04/26 00:04:35 | 000,000,655 | -H-- | M] () -- C:\Users\schaney\Desktop\Data_Recovery.lnk
  [2011/01/16 15:55:21 | 000,255,488 | -H-- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\schaney\AppData\Local\Temp\RarSFX0\procs\explorer.exe
  [2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\schaney\AppData\Local\Temp\RarSFX1\procs\explorer.exe
  [2005/08/16 01:54:58 | 000,001,536 | -H-- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\schaney\AppData\Local\Temp\RarSFX0\h\explorer.exe
  [2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\schaney\AppData\Local\Temp\RarSFX1\h\explorer.exe
  [2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\schaney\AppData\Local\Temp\RarSFX0\userinit.exe
  [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\schaney\AppData\Local\Temp\RarSFX1\userinit.exe
  [2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\schaney\AppData\Local\Temp\RarSFX0\winlogon.exe
  [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\schaney\AppData\Local\Temp\RarSFX1\winlogon.exe
  [5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
  
  :Files
  ipconfig /flushdns /c
  xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
  
  :Commands
  [resethosts]
  [CREATERESTOREPOINT] 
  [Reboot]

• Then click the Run Fix button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post the log that appears upon reboot in your next reply.
• If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
• Open OTL again and select the "Scan All Users" box.
• Click the Quick Scan button. Post the log it produces in your next reply.

Step 4

Download ComboFix from one of these locations and set the Save as type to All Files before saving it.

Link 1
Link 2
Link 3


IMPORTANT !!! You need to Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here.
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log at C:\ComboFix.txt in your next reply.


Step 5

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Double-click on TDSSKiller.exe to run the application, then click on Change Parameters.
  
  
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
  
  
  
• Click the Start Scan button.
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
  
  
• If malicious objects are found, they will show in the Scan results and offer 3 options.
  
• Ensure Cure is selected, then click Continue --> Reboot Computer to finish the cleaning process.
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents in your next reply.


Things I want to see in your next reply

• All RKreport.txt files
• OTL Fix Log
• OTL.txt
• ComboFix.txt
• TDSSKiller.[Version]_[Date]_[Time]_log.txt

[Ballerhappygirl]

Whenever I try to run Roguekiller I get a message that says "Roguekiller has stopped working A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available" and then the program closes.

[Nedklaw]

Hi.
Try renaming RogueKiller.exe to Nedklaw.exe or abc123.com before running it.
If it still won't run then please move onto the other steps.