Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Installer (Virus?) [Solved]

Started by G_Woods , Aug 07 2012 07:35 PM

  • This topic is locked This topic is locked

#1
G_Woods
Posted 07 August 2012 - 07:35 PM

G_Woods

    Member

  • Member
  • PipPip
  • 87 posts
Okay, member "rockmilk" has been gracious enough to help me for the last two days try to fix my Windows 7 HP issue. We have been over here: Operating Systems. Today I downloaded and ran "Quick Scan" with OTL.exe and would like to post the results below in hopes that some knowledgeable forum members take a look to see if I may have a virus. Thank You in advance..

OTL Extras logfile created on: 8/7/2012 8:57:25 AM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\USERNAME\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 44.08% Memory free
6.00 Gb Paging File | 4.17 Gb Available in Paging File | 69.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.04 Gb Total Space | 212.55 Gb Free Space | 74.57% Space Free | Partition Type: NTFS
Drive D: | 13.05 Gb Total Space | 2.40 Gb Free Space | 18.41% Space Free | Partition Type: NTFS
Drive E: | 3.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 7.46 Gb Total Space | 0.10 Gb Free Space | 1.32% Space Free | Partition Type: FAT32

Computer Name: Pavilion-PC | User Name: ******* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10AD473B-7B27-48C9-A2AE-15E63A3339B7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{12B88EA6-807F-4ECB-8D1B-654DE1829A06}" = lport=138 | protocol=17 | dir=in | app=system |
"{13495EBD-28A9-4736-B2A1-4CF745C65687}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{20A4020A-485D-4DF3-9C92-28B944B76677}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21C6BA86-9E3C-4CD3-A739-1A33158E04D0}" = rport=138 | protocol=17 | dir=out | app=system |
"{26487151-F325-4F24-BF24-639C4DED916A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{26897C64-79ED-4CDB-AE06-40C111C2C52D}" = lport=137 | protocol=17 | dir=in | app=system |
"{2A0F3363-7551-4327-A593-10CDC8AC0716}" = rport=10243 | protocol=6 | dir=out | app=system |
"{303F1E84-2D90-4A30-BE09-B19BB99A4809}" = rport=445 | protocol=6 | dir=out | app=system |
"{33EDD3A8-5279-48EC-B6C0-133F8E87F0C3}" = rport=137 | protocol=17 | dir=out | app=system |
"{3CD96CC6-FA1C-4159-8E25-C8247EE105D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3EDCAE8B-D679-4849-B85A-CBE729F56EE0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3F643155-AA72-4CA0-8CFC-4795C8D2FC09}" = lport=2869 | protocol=6 | dir=in | app=system |
"{40D565B3-51AD-4879-9DD2-6ADD9872A4A4}" = lport=443 | protocol=6 | dir=in | app=system |
"{4295E7BC-5C7B-4E68-961E-80A7EF1EEAE9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A63903B-2597-4FB3-A959-A771F8BFC9A5}" = rport=1723 | protocol=6 | dir=out | app=system |
"{4B5C8447-DEA4-4A7F-B6D6-1E94FC3A486C}" = lport=139 | protocol=6 | dir=in | app=system |
"{4B831FE5-4E14-4BA5-ADA6-497EA5FA17BB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60B19CA2-0FBC-496F-8088-F7080401FAF7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6956AEBA-1D6B-4D15-BC7F-58377A20789E}" = rport=1701 | protocol=17 | dir=out | app=system |
"{6FF93E2B-8EBA-40B9-A433-7A2984185B93}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7955E3F2-914F-4DC9-BFA7-F10715E6EC57}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7F5AE0CE-33BC-426B-A199-92F7231B57BB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8503E59C-41EB-4DA2-B72B-26F4C08EBA90}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{888AC72D-DD6F-4B16-ADDE-61430B750CD7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{93912373-23A3-4298-A09E-8CDDE84ABB39}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{96233A6E-4D0F-4D07-B57A-47B45A3720C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9E2ADF43-6520-4998-9101-A19294DA14B1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A2C39CBD-ABB4-451A-94E0-ACF083A0E331}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BC60E013-A506-4012-A01C-B1489A42290D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C996AB34-CEF0-45C1-9DE4-9B93527F9D81}" = lport=1701 | protocol=17 | dir=in | app=system |
"{CD9AF854-DAFA-4036-A7F5-8FAD51A099F7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D5B686DA-DE97-482A-8729-2EC400425F92}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D829C5E4-1594-416E-8480-22415D7BC92D}" = lport=1723 | protocol=6 | dir=in | app=system |
"{D9F3D5DD-0C02-4688-91BC-9D0B93DB80E2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E3EE5053-241C-4223-998A-000FA490D589}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E4053F22-19A2-444A-AFA0-55D45053078C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E5E53117-3D44-44AC-A437-374D022E37C8}" = lport=445 | protocol=6 | dir=in | app=system |
"{EB262127-ED0B-4C43-AC32-3AA48E6124A9}" = rport=139 | protocol=6 | dir=out | app=system |
"{FBBFA109-3721-487D-B0F9-9251DB688642}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FBEF9658-5388-4B8D-AF25-C2F9B6EA8265}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FCE8C340-566E-481B-AA50-EE683610AA25}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09B54346-54A6-4C29-8CA7-8C17589AFE75}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0D55D27F-61DC-4E83-B0A9-72670DEBD46C}" = protocol=17 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe |
"{160FE47B-6E45-45D6-BA53-0719388E492F}" = protocol=6 | dir=in | app=c:\users\whitey\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{2285137F-16D0-4D82-9B34-7D4DD9534530}" = protocol=1 | dir=in | [email protected],-28543 |
"{2383EE6E-2C22-4936-B950-F355FCEA83B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2F0A68A5-F839-4428-91A6-3E324904D42B}" = protocol=47 | dir=in | app=system |
"{316EB2C5-40EB-4F32-8BFE-73442FF7577B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3AF852B1-F51D-416B-A986-E5A6E93F9210}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3B0995E8-CDC4-43D8-BA6F-0D29CDF6D4E0}" = protocol=58 | dir=out | [email protected],-28546 |
"{4492E34C-1C75-440F-BF64-1C53D2E7508E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{478377E3-2047-4ED6-B372-64836F16CA64}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{48730750-BE3D-49B4-9DE1-F76B36A24921}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{4BA2AC22-96C1-44F8-8BD8-B4A1BA12F667}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4E3E2F54-F700-4A7B-9680-7DFF0EEBE576}" = protocol=1 | dir=out | [email protected],-28544 |
"{4F0D7729-6EE9-47D6-8472-19E9DCAE0660}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{53C41206-4E05-4831-9A93-9D400FF31122}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{561475EE-A958-4AED-9321-44F31C4532FB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5CBC4ADC-D216-490E-B57F-A6156E0F6108}" = protocol=17 | dir=in | app=c:\users\whitey\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{5CE397B4-AD7D-4601-B437-AE5D34BD6CDB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5CE69BFE-1ADF-406D-885D-6CD15D0818FE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{68DC52EB-C474-4D88-A2CD-0B554CB82B9B}" = dir=in | app=airplay.exe |
"{6A814606-B772-45AE-AE20-F7D1E5EC1AA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8AEB2471-2B22-4FEF-B8DE-F0447DBF30F5}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{957F4C50-AFE4-481B-84FF-5E7A8E829346}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9C0372D2-089A-46D9-987B-7AE9CEB8613F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9C324CF9-C4CF-4401-B5F1-A4E65E673E45}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9CD65FB8-C384-4E82-90CB-57A4B9241777}" = protocol=17 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe |
"{A2975FDB-AA5F-4E3D-9F62-BA9E136588F0}" = protocol=17 | dir=in | app=c:\users\whitey\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{A376357B-214E-449A-8565-218738760CCF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A3825E04-ACEB-4255-8742-AB6C55FD0750}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B66CEDDC-24DE-4289-8F5B-76C559F41451}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{B8005BDA-651B-43DB-A879-8A8C44458288}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B8755428-F4EC-40AE-8408-B14A69F0AD89}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE561BEB-16DF-4C0C-B044-372FA7FC1B8A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{C57FDAE1-8537-46B3-AB73-24565C15E46F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C9B01B0B-3722-4A66-8505-DB87288C5908}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CAEB6544-9B49-403C-9F11-A36C292481DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D209FD9D-4940-4037-883F-5DF975252C45}" = protocol=47 | dir=out | app=system |
"{DB591D03-D945-41D5-8819-A6400ACF86B8}" = protocol=6 | dir=out | app=system |
"{EA6B0092-D6CE-43DA-9D4A-8183A8C9C815}" = protocol=6 | dir=in | app=c:\users\whitey\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{EAFDB09B-DAD1-4B11-A276-B801F894AB60}" = protocol=58 | dir=in | [email protected],-28545 |
"{EE7EBF16-3DA5-4D04-8965-C6B8A632EAAD}" = protocol=6 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe |
"{EFD434D3-01A0-4BA0-A9A7-FCF112D74F51}" = protocol=6 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe |
"{F024D6CF-BEF2-4E5D-B8B8-17EA4C6B0E84}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F5B8E1D8-2C58-45DE-A799-42FEE157D418}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{F61E096C-8EE6-421D-B8EF-E53770077AAF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{180731B8-7527-40E1-AF46-73482D1C3983}C:\airprint\airprint.exe" = protocol=6 | dir=in | app=c:\airprint\airprint.exe |
"TCP Query User{2732BF30-0A0C-4557-9B2E-615FC4155674}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{38EFE67B-A97A-46E0-9839-AE2B985BE748}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{463C0A30-BCB9-49B8-BE25-47871196CD1B}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"TCP Query User{52693CA9-B730-4F58-8A85-6F6C6D123F02}C:\program files\foxit software\pdf editor\pdfedit.exe" = protocol=6 | dir=in | app=c:\program files\foxit software\pdf editor\pdfedit.exe |
"TCP Query User{57DFC242-F233-4148-AA08-0A213A2917FE}C:\users\whitey\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\whitey\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{7E6DDD50-8FF5-4E92-8A14-E0F3727416A6}C:\program files (x86)\port detective\pbdclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\port detective\pbdclient.exe |
"TCP Query User{82E46A51-02FB-44FE-A038-8BE436CFD0FB}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{90276532-804F-49A9-B422-F6EDB9C4D77C}C:\program files (x86)\iomega\home storage manager\iomega discovery.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega discovery.exe |
"TCP Query User{9F6430E4-C80B-465E-AB52-430A76019D70}C:\program files\foxit software\pdf editor\pdfedit.exe" = protocol=6 | dir=in | app=c:\program files\foxit software\pdf editor\pdfedit.exe |
"TCP Query User{AB57A5B9-12A3-4E70-AF88-FFC99C1B53A3}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{B3900634-C2E2-4563-88B3-9DFD09FD3F5A}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{B7CE13EB-E08E-413E-AE04-904F7F6A836C}C:\program files (x86)\pfportchecker\pfportchecker.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |
"TCP Query User{D04E0287-886C-4970-ACE9-EC4B32714D0A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{D41C6F2F-414B-4C4C-8313-700D39014C07}C:\program files (x86)\iomega\home storage manager\iomega storage manager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega storage manager.exe |
"TCP Query User{F8C068EF-7C6D-4429-A0EE-1F36317D07E0}C:\program files (x86)\iomega\home storage manager\iomega discovery.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega discovery.exe |
"UDP Query User{2D33EE25-E386-4BF0-98EF-58FC1497D012}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{3D2C1B49-DE4F-4597-9DA0-1F307B124BD5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{41A9BADA-C564-409E-867B-B1B13B5325C4}C:\program files\foxit software\pdf editor\pdfedit.exe" = protocol=17 | dir=in | app=c:\program files\foxit software\pdf editor\pdfedit.exe |
"UDP Query User{4990A599-1720-4616-8422-18F770385A2D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{5484CC53-6FF2-4B08-9EA8-BB5DC84E75D5}C:\program files (x86)\iomega\home storage manager\iomega discovery.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega discovery.exe |
"UDP Query User{5BBE6BB5-D45D-46AE-AF98-5D742BB36295}C:\users\whitey\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\whitey\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{64E3117E-076A-4101-8E92-D1C7C621C542}C:\program files (x86)\pfportchecker\pfportchecker.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |
"UDP Query User{6BE6571A-78E2-446B-A658-1B6EFF05BDEB}C:\program files (x86)\iomega\home storage manager\iomega storage manager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega storage manager.exe |
"UDP Query User{727ABE32-5E89-4A6C-B2EA-4DCCF6DF941E}C:\program files\foxit software\pdf editor\pdfedit.exe" = protocol=17 | dir=in | app=c:\program files\foxit software\pdf editor\pdfedit.exe |
"UDP Query User{8FE7583C-22A5-4CF1-A310-C355F05CC1D8}C:\program files (x86)\iomega\home storage manager\iomega discovery.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega discovery.exe |
"UDP Query User{9A70C72F-99A9-4A87-A4E5-F7CE0FCC7F62}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{A18503C5-7E36-491A-8FF9-E7BCBFE10842}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{BE496BC4-9F7B-4937-88BD-D088F2F4A4B6}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{D235FE28-DEED-4107-B8A0-C59780404A9B}C:\program files (x86)\port detective\pbdclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\port detective\pbdclient.exe |
"UDP Query User{D6B55907-0524-40A0-B2BA-7CC77140F498}C:\airprint\airprint.exe" = protocol=17 | dir=in | app=c:\airprint\airprint.exe |
"UDP Query User{F48B1E4D-1FEA-4EA8-9746-3A285F66B998}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4E5AF674-C636-406B-B06A-5DCA2A4C85D7}" = Foxit PDF IFilter
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{578831A8-CB47-471F-A552-907EC3E9E040}" = Iomega Encryption
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{84452C2C-BDCC-36F3-A189-CE15F02A47FB}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF5E71B7-5351-45A1-A9E9-F3A8BB0E47D4}" = SCTDrivers64J10
"{FD66A549-5110-48C8-ACE6-3F52AB3BF100}" = Macrium Reflect - Free Edition
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1140
"CCleaner" = CCleaner
"NVIDIA Drivers" = NVIDIA Drivers
"RealVNC_is1" = VNC Enterprise Edition E4.5.3
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VNCMirror_is1" = VNC Mirror Driver 1.8.0
"VNCPrinter_is1" = VNC Printer Driver 1.6.0
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004098A1-0362-4C42-A1C3-CAD436CFF4A1}" = YouTube Downloader Toolbar v1.0
"{04FCD5DE-1662-4F99-BDA9-C57212113EF2}" = RemoteComms External Disk Access
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 29
"{2FB1052B-2F3D-48CE-A65D-006240516ECE}_is1" = Office Key Remover
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAB69C5-7763-4BB8-9D06-733292AA6E0C}" = Bing Bar
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.1.00.01A
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DBC79DA-87D2-376D-A65D-B14097C06C71}" = Google Talk Plugin
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6FE22909-D0D6-4111-ABCE-7F8D986C4A2A}" = Foxit PDF Preview Handler
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0BB1E68-1DD0-4acd-AD82-EDA0E49F0615}" = PMB Updater
"{A2AA1000-7C41-4BBB-A4DE-C728BC104106}" = IPSetup
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF52F5F2-047A-44F8-A58E-03265790771E}" = SCT Device Updater
"{B11D604E-1BB6-4FEE-B99A-F261CDFA267C}" = Fusion
"{B5150E33-33DC-48CE-A9DF-373C252B4BF1}" = AirPrint for Windows
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{C08E4323-261D-4B2F-8F24-CDB26E2AA081}" = Iomega Home Storage Manager
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{c6c214df-2922-4809-94aa-f4d67d4451ec}" = Music Oasis
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}" = LogMeIn
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}" = STK02N 2.3
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBE030DD-D404-4D92-85E9-8C3624820808}_is1" = Light Image Resizer 4.0.6.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F62C4101-51F7-4974-A315-9519B5ED9B01}_is1" = SecurView Pro version 2.0.0.0
"{FDC8065B-80DE-4466-B90B-2581F6D77DFF}" = Image Plugin
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"AVS Audio Converter 6.2_is1" = AVS Audio Converter version 6.2
"AVS Audio Converter 6.3_is1" = AVS Audio Converter version 6.3
"AVS Audio Editor_is1" = AVS Audio Editor version 6.1
"AVS DVD Authoring_is1" = AVS DVD Authoring
"AVS DVD Copy_is1" = AVS DVD Copy version 4.1.2
"AVS Image Converter_is1" = AVS Image Converter 1.3.2.141
"AVS Photo Editor_is1" = AVS Photo Editor
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 5
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS Video ReMaker_is1" = AVS Video ReMaker 4.0.8.140
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"Bejeweled Blitz" = Bejeweled Blitz
"BtcMaestro" = HP Wireless Keyboard Driver V1.7 (2.0.W-127AU MUL)
"Calendar 2000" = Calendar 2000
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DVDFab 7_is1" = DVDFab 7.0.6.7 (30/05/2010)
"Easy Street Draw" = Easy Street Draw
"Easy Street Draw ActiveX Control" = Easy Street Draw ActiveX Control 2.0
"Foxit Creator" = Foxit Creator
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader_is1" = Foxit Reader
"gmailbackup" = Gmail Backup
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"HandBrake" = HandBrake 0.9.5
"Inkscape" = Inkscape 0.48.1
"InstaCodecs_is1" = InstaCodecs
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Office14.SingleImage" = Microsoft Office Professional 2010
"PFPortChecker" = PFPortChecker 1.0.32
"Port_Detective_2.0" = Port Detective
"Revo Uninstaller" = Revo Uninstaller 1.94
"SugarSync" = SugarSync Manager
"System Explorer_is1" = System Explorer 3.9.1
"TeamViewer 6" = TeamViewer 6
"TomTom HOME" = TomTom HOME 2.8.3.2499
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"VLC media player" = VLC media player 2.0.1
"WinGimp-2.0_is1" = GIMP 2.6.11
"Zuma's Revenge!" = Zuma's Revenge!

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/27/2011 2:35:21 PM | Computer Name = Whitey-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 10/27/2011 2:35:21 PM | Computer Name = Whitey-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 10/27/2011 4:10:27 PM | Computer Name = Whitey-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 10/28/2011 7:13:12 AM | Computer Name = Whitey-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 10/28/2011 7:13:12 AM | Computer Name = Whitey-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 10/28/2011 9:01:24 AM | Computer Name = Whitey-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 10/30/2011 5:43:10 PM | Computer Name = Whitey-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 10/30/2011 5:43:10 PM | Computer Name = Whitey-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 10/30/2011 6:46:02 PM | Computer Name = Whitey-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 10/31/2011 11:15:15 AM | Computer Name = Whitey-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

[ System Events ]
Error - 8/7/2012 1:21:57 AM | Computer Name = Whitey-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 8/7/2012 1:21:58 AM | Computer Name = Whitey-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 8/7/2012 1:21:58 AM | Computer Name = Whitey-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 8/7/2012 1:21:59 AM | Computer Name = Whitey-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 8/7/2012 1:22:20 AM | Computer Name = Whitey-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 8/7/2012 1:22:20 AM | Computer Name = Whitey-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 8/7/2012 1:22:21 AM | Computer Name = Whitey-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 8/7/2012 1:22:21 AM | Computer Name = Whitey-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 8/7/2012 1:22:22 AM | Computer Name = Whitey-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 8/7/2012 1:31:09 AM | Computer Name = Whitey-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service
Pack 3 for x64-based Systems (KB2721691).


< End of report >
  • 0

Advertisements

#2
CompCav
Posted 09 August 2012 - 02:09 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Hi, G_Woods! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Step 1.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 2.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt
  • Post OTL.txt


Step 3.

Please post:

aswMBR log
OTL.txt


Give me an update on your computer's issues.
  • 1

#3
G_Woods
Posted 12 August 2012 - 04:58 PM

G_Woods

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
I will do as you suggest. I have been out of town since Thursday and do not have the computer with me. I will be back on Monday night. So I may not be able to try your advice until Tuesday. Thank You..
  • 0

#4
CompCav
Posted 12 August 2012 - 05:12 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Thank you for the update. We will be here! :thumbsup:


CompCav
  • 1

#5
G_Woods
Posted 14 August 2012 - 06:19 AM

G_Woods

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-14 08:10:30
-----------------------------
08:10:30.290 OS Version: Windows x64 6.1.7601 Service Pack 1
08:10:30.290 Number of processors: 2 586 0xF0D
08:10:30.292 ComputerName: WHITEY-PC UserName: GAWoods
08:10:32.079 Initialize success
08:10:32.421 AVAST engine defs: 12081400
08:10:41.872 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
08:10:41.877 Disk 0 Vendor: WDC_WD3200BEVT-60ZCT0 11.01A11 Size: 305245MB BusType: 11
08:10:41.893 Disk 0 MBR read successfully
08:10:41.898 Disk 0 MBR scan
08:10:41.905 Disk 0 Windows 7 default MBR code
08:10:41.912 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 291884 MB offset 63
08:10:41.945 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13358 MB offset 597778650
08:10:41.996 Disk 0 scanning C:\Windows\system32\drivers
08:10:52.337 Service scanning
08:11:06.472 Modules scanning
08:11:06.488 Disk 0 trace - called modules:
08:11:06.497
08:11:07.678 AVAST engine scan C:\Windows
08:11:10.160 AVAST engine scan C:\Windows\system32
08:13:35.913 AVAST engine scan C:\Windows\system32\drivers
08:13:48.783 AVAST engine scan C:\Users\GAWoods
08:15:24.188 AVAST engine scan C:\ProgramData
08:17:02.469 Scan finished successfully
08:17:29.332 Disk 0 MBR has been saved successfully to "C:\Users\GAWoods\Desktop\MBR.dat"
08:17:29.347 The log file has been saved successfully to "C:\Users\GAWoods\Desktop\aswMBR.txt"
  • 0

#6
G_Woods
Posted 14 August 2012 - 06:38 AM

G_Woods

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
CRITICAL UPDATE!

During OTL scan, near the end of the scan I believe, CREATERESTOREPOINT, had already completed the machine experienced a BSOD shutdown and restart. Upon login there appear to be two new icons on the desktop. 1. desktop.ini (greyed out) and 2. MBR.dat. But no OTL.log file was created.

Other than that machine appears to be running as normal.

G_Woods
  • 0

#7
CompCav
Posted 14 August 2012 - 07:44 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Those files are normal. In fact I need you to attach the mbr.dat file to your next reply. :thumbsup:


I also need the OTL.txt file from your desktop.
  • 0

#8
G_Woods
Posted 14 August 2012 - 07:46 AM

G_Woods

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
MBR.dat is attached.
  • 0

#9
CompCav
Posted 14 August 2012 - 07:53 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Now I need the OTL.txt file, it should be on your desktop from the OTL run in post #2.
  • 0

#10
G_Woods
Posted 14 August 2012 - 07:55 AM

G_Woods

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
the OTL run did not produce the OTL.log. BSOD happened prior to OTL completing. Do you wish me to try to run it again?
  • 0

Advertisements

#11
CompCav
Posted 14 August 2012 - 07:56 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Yes I need that it is a cornerstone tool for our process.
  • 0

#12
G_Woods
Posted 14 August 2012 - 08:12 AM

G_Woods

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
OTL logfile created on: 8/14/2012 9:59:18 AM - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\GAWoods\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 69.19% Memory free
6.00 Gb Paging File | 5.02 Gb Available in Paging File | 83.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.04 Gb Total Space | 211.84 Gb Free Space | 74.32% Space Free | Partition Type: NTFS
Drive D: | 13.05 Gb Total Space | 2.40 Gb Free Space | 18.41% Space Free | Partition Type: NTFS
Drive E: | 3.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 7.46 Gb Total Space | 0.10 Gb Free Space | 1.32% Space Free | Partition Type: FAT32

Computer Name: WHITEY-PC | User Name: GAWoods | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/07 08:57:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\GAWoods\Desktop\OTL.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/20 10:18:28 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.EXE


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/01/17 20:20:04 | 000,301,720 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV:64bit: - [2010/04/09 16:16:14 | 002,060,152 | ---- | M] (RealVNC Ltd.) [Disabled | Stopped] -- C:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:19 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC)
SRV - [2012/07/24 21:47:44 | 000,808,408 | ---- | M] (Mister Group) [Disabled | Stopped] -- C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe -- (SystemExplorerHelpService)
SRV - [2012/07/16 11:28:42 | 002,416,040 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2012/07/12 17:49:13 | 000,147,368 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/07/12 17:49:02 | 000,375,208 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/20 10:18:28 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/20 10:18:28 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/12/09 08:42:01 | 000,234,784 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\AirPrint\airprint.exe -- (AirPrint)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 08:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/11/20 08:17:22 | 000,073,216 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV - [2010/11/08 13:04:20 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/12 17:49:03 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/17 16:40:06 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/09/17 16:39:58 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/07/21 17:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/21 17:59:28 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2010/07/01 18:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010/06/02 12:49:29 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/05/25 08:14:34 | 000,031,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OXUDIDRV_x64.sys -- (OXUDIDRV)
DRV:64bit: - [2010/04/09 16:04:26 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)
DRV:64bit: - [2010/03/23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/10/26 16:36:22 | 001,202,688 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\smserial.sys -- (smserial)
DRV:64bit: - [2009/09/28 09:55:42 | 000,051,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OXSDIDRV_x64.sys -- (OXSDIDRV_x64)
DRV:64bit: - [2009/09/02 04:45:38 | 000,254,464 | R--- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\windrvr6.sys -- (WinDriver6)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2009/06/29 15:28:40 | 000,112,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\slabser.sys -- (slabser)
DRV:64bit: - [2009/06/29 15:28:38 | 000,088,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\slabbus.sys -- (slabbus)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007/10/24 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/07/11 03:30:34 | 000,009,088 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV:64bit: - [2007/04/09 11:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV:64bit: - [2007/03/12 15:26:00 | 000,106,496 | ---- | M] (Syntek Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\STK02NW2.sys -- (DCamUSBSTK02N)
DRV:64bit: - [2006/11/18 14:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2006/11/17 18:49:52 | 000,052,224 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2006/11/16 02:59:52 | 000,053,760 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV - [2010/09/17 16:40:06 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/03/12 15:25:00 | 000,101,520 | ---- | M] (Syntek Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\STK02NW2.sys -- (DCamUSBSTK02N)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1112156953-3265006850-1558540168-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1112156953-3265006850-1558540168-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1112156953-3265006850-1558540168-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A 1C 31 32 3B 74 CD 01 [binary data]
IE - HKU\S-1-5-21-1112156953-3265006850-1558540168-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1112156953-3265006850-1558540168-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1112156953-3265006850-1558540168-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\GAWoods\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\GAWoods\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found


[2012/07/26 14:45:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/19 05:29:04 | 000,000,000 | ---D | M] (BarQuery) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{D5493C6A-FD62-4255-AA85-AB7E7D0F0001}
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/11 18:41:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/11/02 16:44:48 | 000,001,456 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober244950897.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\GAWoods\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\GAWoods\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\GAWoods\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\GAWoods\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: File Converter = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\alblmaecejifbilchdofkdanifpmnmfk\1.0.0.0_0\
CHR - Extension: Google Drive = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.1_0\
CHR - Extension: YouTube = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: WGT Golf Challenge = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\32.1.0_0\
CHR - Extension: Full Screen Weather = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: Quickrr Google Maps Search = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnlfppnpmoiemhelglbefkojhlnahejd\1.1_0\
CHR - Extension: AdBlock = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\
CHR - Extension: Tabs to the front! = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaooagfdhdhmbfchnkhggjmacjlacla\0.2.4_0\
CHR - Extension: avast! WebRep = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: The Weather Channel for Chrome = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\
CHR - Extension: Numerics Calculator & Converter = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe\4.3.4_0\
CHR - Extension: Gmail = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/06 10:43:14 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - No CLSID value found.
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Whitey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Calendar 2000.lnk = C:\Program Files (x86)\Software by Design\Calendar.exe (Gregory Braun -- Software Design)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1112156953-3265006850-1558540168-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} http://192.168.1.35/UltraMJCamX.cab (UltraMJCamX Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} http://mycam148.myli...yerWeb11gv2.cab (NetCamPlayerWeb11gv2 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://taxbillupload...lV2/XUpload.ocx (Persits Software XUpload)
O16 - DPF: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} https://cms.franklin...ort/nrdhtml.cab (Microsoft CMS HTML Editor Toolbar)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{105285D1-3B44-4812-B91E-50670EE1401B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{427306D3-3D06-4601-BEE4-B1C068DDA5B1}: DhcpNameServer = 172.26.38.1 172.26.38.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2011/04/12 05:38:58 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/13 20:12:00 | 000,000,000 | ---D | C] -- C:\acd2f617de03a7be490c9c9fea
[2012/08/08 20:30:14 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Roaming\vlc
[2012/08/08 17:29:29 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\Desktop\RK_Quarantine
[2012/08/07 08:57:05 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\GAWoods\Desktop\OTL.exe
[2012/08/07 01:17:55 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Local\ElevatedDiagnostics
[2012/08/07 01:14:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/08/07 00:06:22 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Local\VirtualStore
[2012/08/06 23:09:31 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Local\Paint.NET
[2012/08/06 22:56:38 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/06 22:55:49 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Local\Google
[2012/08/06 22:55:29 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Local\Deployment
[2012/08/06 22:55:29 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Local\Apps
[2012/08/06 21:23:08 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Roaming\Macromedia
[2012/08/06 21:21:45 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Roaming\Sony Corporation
[2012/08/06 21:21:34 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Roaming\Adobe
[2012/08/06 21:21:29 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Local\LogMeIn
[2012/08/06 21:21:13 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/08/06 21:21:13 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\Searches
[2012/08/06 21:21:13 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/08/06 21:21:13 | 000,000,000 | -H-D | C] -- C:\Users\GAWoods\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/08/06 21:21:02 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Roaming\Identities
[2012/08/06 21:20:59 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\Contacts
[2012/08/06 21:20:46 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/08/06 21:20:46 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\AppData\Local\Temporary Internet Files
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\Templates
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\Start Menu
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\SendTo
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\Recent
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\PrintHood
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\NetHood
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\Documents\My Videos
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\Documents\My Pictures
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\Documents\My Music
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\My Documents
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\Local Settings
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\AppData\Local\History
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\Cookies
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\Application Data
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\AppData\Local\Application Data
[2012/08/06 21:20:46 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Local\Temp
[2012/08/06 21:20:46 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Local\Microsoft Help
[2012/08/06 21:20:46 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Local\Microsoft
[2012/08/06 21:20:46 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Roaming\Media Center Programs
[2012/08/06 21:20:45 | 000,000,000 | --SD | C] -- C:\Users\GAWoods\AppData\Roaming\Microsoft
[2012/08/06 21:20:45 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\Videos
[2012/08/06 21:20:45 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\Saved Games
[2012/08/06 21:20:45 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\Pictures
[2012/08/06 21:20:45 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\Music
[2012/08/06 21:20:45 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\Links
[2012/08/06 21:20:45 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\Favorites
[2012/08/06 21:20:45 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\Downloads
[2012/08/06 21:20:45 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\Documents
[2012/08/06 21:20:45 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\Desktop
[2012/08/06 21:20:45 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData
[2012/08/06 10:45:39 | 000,000,000 | ---D | C] -- C:\Windows\softwaredistribution.old
[2012/08/06 10:23:14 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/08/06 10:21:38 | 000,000,000 | ---D | C] -- C:\RegBackup
[2012/08/06 10:18:46 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/08/06 10:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/08/06 10:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2012/08/06 10:08:06 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/06 10:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/06 10:08:05 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/06 10:08:00 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/06 10:07:58 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/06 10:07:57 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/06 10:07:54 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/06 10:07:53 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/06 10:07:24 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/06 10:07:24 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/06 10:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/08/06 10:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/06 08:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2012/08/06 08:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012/07/29 11:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hpmonitor
[2012/07/29 11:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2012/07/27 17:19:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glarysoft
[2012/07/26 17:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/07/26 16:30:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/07/25 19:03:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/07/25 18:08:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2012/07/25 18:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012/07/25 18:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/07/25 17:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/07/22 16:53:24 | 004,274,488 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/07/22 16:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2012/07/22 14:48:48 | 000,000,000 | ---D | C] -- C:\821db997c338c6f53ce736
[2012/07/19 14:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemExplorer
[2012/07/19 14:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
[2012/07/19 14:17:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\System Explorer
[2012/07/19 07:18:38 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012/07/15 18:57:08 | 000,000,000 | ---D | C] -- C:\FI50809
[2012/07/15 18:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
[2012/07/15 18:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/14 10:05:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1112156953-3265006850-1558540168-1004UA.job
[2012/08/14 09:44:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/14 09:08:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1112156953-3265006850-1558540168-1001UA.job
[2012/08/14 08:32:46 | 000,024,880 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 08:32:46 | 000,024,880 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 08:32:07 | 000,858,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/14 08:32:07 | 000,718,094 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/14 08:32:07 | 000,141,046 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/14 08:27:53 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/14 08:27:52 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\FixCleaner Startup.job
[2012/08/14 08:27:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/14 08:27:15 | 675,907,429 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/14 08:27:07 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/14 08:17:29 | 000,000,512 | ---- | M] () -- C:\Users\GAWoods\Desktop\MBR.dat
[2012/08/13 23:05:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1112156953-3265006850-1558540168-1004Core.job
[2012/08/08 16:08:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1112156953-3265006850-1558540168-1001Core.job
[2012/08/08 12:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\FixCleaner Scan.job
[2012/08/07 08:57:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\GAWoods\Desktop\OTL.exe
[2012/08/06 22:56:41 | 000,002,379 | ---- | M] () -- C:\Users\GAWoods\Desktop\Google Chrome.lnk
[2012/08/06 22:32:16 | 000,003,456 | ---- | M] () -- C:\Users\GAWoods\Desktop\fix.reg
[2012/08/06 21:23:00 | 000,001,441 | ---- | M] () -- C:\Users\GAWoods\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/06 10:48:35 | 000,424,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/06 10:46:21 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/08/06 10:43:14 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/06 10:41:56 | 000,858,532 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/06 10:22:16 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-WHITEY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/08/06 10:18:36 | 000,002,291 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/08/06 10:08:07 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/06 10:07:54 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/06 10:00:47 | 000,016,112 | ---- | M] () -- C:\FixitRegBackup.reg
[2012/08/06 09:23:00 | 000,002,121 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/06 08:41:32 | 000,000,796 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/08/02 09:33:18 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\System Explorer.lnk
[2012/07/26 20:43:39 | 000,443,881 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_710
[2012/07/22 16:52:39 | 004,274,488 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/14 08:27:15 | 675,907,429 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/14 08:17:29 | 000,000,512 | ---- | C] () -- C:\Users\GAWoods\Desktop\MBR.dat
[2012/08/06 22:56:41 | 000,002,379 | ---- | C] () -- C:\Users\GAWoods\Desktop\Google Chrome.lnk
[2012/08/06 22:55:51 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1112156953-3265006850-1558540168-1004UA.job
[2012/08/06 22:55:50 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1112156953-3265006850-1558540168-1004Core.job
[2012/08/06 22:32:55 | 000,003,456 | ---- | C] () -- C:\Users\GAWoods\Desktop\fix.reg
[2012/08/06 21:23:00 | 000,001,441 | ---- | C] () -- C:\Users\GAWoods\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/06 21:21:21 | 000,001,413 | ---- | C] () -- C:\Users\GAWoods\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/08/06 21:21:14 | 000,001,447 | ---- | C] () -- C:\Users\GAWoods\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/08/06 21:20:46 | 000,000,290 | ---- | C] () -- C:\Users\GAWoods\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/08/06 21:20:46 | 000,000,272 | ---- | C] () -- C:\Users\GAWoods\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/06 10:39:25 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
[2012/08/06 10:22:16 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-WHITEY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/08/06 10:18:36 | 000,002,291 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/08/06 10:08:07 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/06 10:07:54 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/08/06 10:00:45 | 000,016,112 | ---- | C] () -- C:\FixitRegBackup.reg
[2012/08/06 08:41:32 | 000,000,796 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/07/29 11:32:26 | 000,000,464 | ---- | C] () -- C:\Windows\tasks\FixCleaner Scan.job
[2012/07/29 11:32:24 | 000,000,404 | ---- | C] () -- C:\Windows\tasks\FixCleaner Startup.job
[2012/07/19 14:17:18 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\System Explorer.lnk
[2012/07/14 18:20:21 | 000,001,093 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/04 10:21:52 | 000,190,124 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/11/02 16:44:35 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/05/28 15:24:03 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\KmRemove.exe
[2011/04/20 22:43:27 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\msiexec.exe
[2011/03/25 07:40:29 | 000,002,411 | ---- | C] () -- C:\Windows\esdrawsa.ini
[2011/03/25 07:40:29 | 000,000,053 | ---- | C] () -- C:\Windows\esdrawkey.ini
[2011/03/25 07:40:10 | 000,002,450 | ---- | C] () -- C:\Windows\esdraw.ini

========== LOP Check ==========

[2010/09/05 08:45:14 | 000,000,000 | ---D | M] -- C:\Users\Telitha\AppData\Roaming\Canon
[2011/08/28 19:39:23 | 000,000,000 | ---D | M] -- C:\Users\Telitha\AppData\Roaming\Foxit Software
[2011/04/17 17:26:12 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\Canon
[2011/04/27 20:51:30 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\CTdeveloping
[2011/01/24 20:24:51 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\CustomBrushesMini
[2012/07/25 17:46:14 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\DriverCure
[2012/08/01 07:50:52 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\FixCleaner
[2012/07/18 09:38:38 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\Foxit Software
[2011/08/23 17:28:42 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\GetRightToGo
[2012/07/27 17:20:49 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\GlarySoft
[2010/02/08 16:33:56 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\Gmail Backup
[2012/02/09 10:47:05 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\gtk-2.0
[2010/07/19 10:23:58 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\HandBrake
[2011/03/11 18:02:13 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\inkscape
[2011/08/28 09:41:06 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\ObviousIdea
[2012/07/22 16:53:38 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\PC Cleaners
[2012/07/22 16:53:44 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\PCPro
[2010/02/09 19:46:19 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\PDF Writer
[2012/07/25 17:46:14 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\SpeedyPC Software
[2011/11/17 20:44:10 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\TeamViewer
[2011/12/24 10:34:32 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\Thunderbird
[2010/07/19 13:29:01 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\Titanium Gears
[2010/05/21 15:29:04 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\TomTom
[2011/10/26 20:22:56 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\Unity
[2011/06/07 08:00:53 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\Vso
[2010/11/01 13:20:30 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\Windows Live Writer
[2012/07/22 17:07:17 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\YouSendIt
[2012/07/22 17:07:17 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\ZumoDrive
[2012/08/08 12:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\Tasks\FixCleaner Scan.job
[2012/08/14 08:27:52 | 000,000,404 | ---- | M] () -- C:\Windows\Tasks\FixCleaner Startup.job
[2012/07/27 17:24:53 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2008/05/08 01:03:22 | 000,303,616 | ---- | M] ( ) -- C:\SetACL.exe
[2004/06/11 19:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/04/04 01:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

< End of report >
  • 0

#13
CompCav
Posted 14 August 2012 - 08:43 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

Download AdwCleaner from here to your desktop
Run AdwCleaner for Vista and 7 right click and select Run as administrator

Select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that


Step 2.

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
  • Note: If RogueKiller will not run please try it several times, if it still does not run rename it winlogon.com and try it several times.
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on ShortcutsFix

    Posted Image
  • The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.


Step 3.

Re run OTL

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    C:\acd2f617de03a7be490c9c9fea\* /s
    C:\821db997c338c6f53ce736\* /s
    C:\FI50809\* /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt
  • Post OTL.txt


Step 4.

Please post:

AdwCleaner log
All RKreport.txt logs
OTL.txt

Give me an update on your computer issues.
  • 0

#14
G_Woods
Posted 14 August 2012 - 09:57 AM

G_Woods

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
# AdwCleaner v1.801 - Logfile created 08/14/2012 at 11:53:33
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : GAWoods - WHITEY-PC
# Boot Mode : Normal
# Running from : C:\Users\GAWoods\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Whitey\AppData\Local\Conduit
Folder Deleted : C:\Users\Whitey\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Whitey\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Telitha\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Telitha\AppData\LocalLow\Search Settings
Folder Deleted : C:\Program Files (x86)\YouTube Downloader Toolbar
File Deleted : C:\Users\Whitey\AppData\Local\funmoods.crx

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2508618
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Search Settings

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.60

File : C:\Users\Whitey\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "icon_url": "hxxps://isearch.avg.com/favicon.ico",
Deleted : "keyword": "isearch.avg.com",
Deleted : "name": "AVG Secure Search",
Deleted : "search_url": "hxxps://isearch.avg.com/search?cid={867F24BC-F09E-4B0E-B165-F92449F0FA31}&mid=0[...]
Deleted : "name": "Funmoods",
Deleted : "update_url": "hxxp://funmoods.com/public/download/chrome/update.xml",
Deleted : "description": "AVG Secure Search",
Deleted : "name": "AVG Secure Search",
Deleted : "description": "The fastest way to search the web.",
Deleted : "path": "C:\\Users\\Whitey\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dll",

File : C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "name": "Funmoods",
Deleted : "update_url": "hxxp://funmoods.com/public/download/chrome/update.xml",
Deleted : "description": "The fastest way to search the web.",

*************************

AdwCleaner[R1].txt - [9318 octets] - [14/08/2012 11:52:46]
AdwCleaner[S1].txt - [7769 octets] - [14/08/2012 11:53:33]

########## EOF - C:\AdwCleaner[S1].txt - [7897 octets] ##########
  • 0

#15
G_Woods
Posted 14 August 2012 - 10:13 AM

G_Woods

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: GAWoods [Admin rights]
Mode: Scan -- Date: 08/14/2012 12:01:56

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-60ZCT0 ATA Device +++++
--- User ---
[MBR] 8926171bf6cebe1248f9349312558a89
[BSP] e9b8920f30b8e395ae5e7b5de5f54395 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 291884 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 597778650 | Size: 13358 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: HP Photosmart D7200 USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 2b2c5b1a0b21a25859a8d9b6430d7944
[BSP] ec038f3ca5091360f60d743d6f1c7fdb : Standard MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 2232 | Size: 7654 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt



RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: GAWoods [Admin rights]
Mode: Shortcuts HJfix -- Date: 08/14/2012 12:04:27

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 3 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 52 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 396 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume3 -- 0x2 --> Restored
[K:] \Device\HarddiskVolume4 -- 0x2 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP