Just a note - i have only been starting my computer in SAFE mode, and will continue to do so until otherwise instructed by you.
Here are the logs requested:
1. Adware Cleaner Log:
createrestorepoint
netsvcs
base services
%SYSTEMDRIVE%\*.exe
/md5start
rundll32.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
dir "%systemdrive%\*" /S /A:L /C
2. JRT.txt contents:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows Vista Home Premium x64
Ran by Pete on Sun 02/09/2014 at 18:36:17.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E}
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Pete\AppData\Roaming\mozilla\firefox\profiles\4z05qces.default\minidumps [43 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/09/2014 at 18:39:17.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3. SvcRepair.txt log
Log Opened: 2014-02-09 @ 18:44:37
18:44:37 - -----------------
18:44:37 - | Begin Logging |
18:44:37 - -----------------
18:44:37 - Fix started on a WIN_VISTA X64 computer
18:44:37 - Prep in progress. Please Wait.
18:44:39 - Prep complete
18:44:39 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>
SetACL finished successfully.
18:44:40 - Services Repair Complete.
18:44:53 - Reboot Initiated
4. new FSS.txt log
Farbar Service Scanner Version: 02-02-2014
Ran by Pete (administrator) on 09-02-2014 at 18:49:21
Running from "C:\Users\Pete\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Network
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: ATTENTION!=====> Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.
System Restore Disabled Policy:
========================
Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2011-12-05 11:32] - [2009-04-10 22:44] - 0406016 ____A (Microsoft Corporation) 12415CCFD3E7CEC55B5184E67B039FE4
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2011-03-03 12:26] - [2010-06-16 12:11] - 1426816 ____A (Microsoft Corporation) 973658A2EA9C06B2976884B9046DFC6C
C:\Windows\System32\dnsrslvr.dll
[2011-12-05 11:33] - [2009-04-11 00:11] - 0117760 ____A (Microsoft Corporation) 21D16B37257370975C7457C3A5EFA530
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2010-05-10 20:01] - [2009-08-06 21:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2011-12-05 11:33] - [2009-04-11 00:11] - 0166912 ____A (Microsoft Corporation) 18918613E63F387CDE4D95CA7D49DCF7
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll
[2011-12-05 11:33] - [2009-04-11 00:11] - 0223744 ____A (Microsoft Corporation) CD033D871A83E918B14F43F7E7590819
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
5. new OTL.txt log
OTL logfile created on: 2/9/2014 6:55:10 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pete\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.75% Memory free
4.22 Gb Paging File | 3.71 Gb Available in Paging File | 87.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.18 Gb Total Space | 290.86 Gb Free Space | 64.18% Space Free | Partition Type: NTFS
Drive D: | 12.58 Gb Total Space | 1.99 Gb Free Space | 15.80% Space Free | Partition Type: NTFS
Computer Name: PETE-PC | User Name: Pete | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2013/01/14 15:10:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pete\Downloads\OTL.exe
========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:
64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:
64bit: - [2008/12/31 07:35:14 | 000,934,400 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:
64bit: - [2008/10/26 15:49:46 | 000,279,040 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\STacSV64.exe -- (STacSV)
SRV:
64bit: - [2008/06/27 10:53:06 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe -- (AESTFilters)
SRV:
64bit: - [2008/03/18 18:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Stopped] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:
64bit: - [2008/03/18 07:26:56 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:
64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/02/05 13:20:28 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/06/28 21:31:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 19:11:59 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/15 12:31:20 | 000,460,144 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 12:22:42 | 001,085,440 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/09 17:14:02 | 000,296,320 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2009/02/09 17:14:02 | 000,116,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2008/12/17 19:11:40 | 000,365,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:
64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:
64bit: - [2011/06/28 21:31:50 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:
64bit: - [2011/06/28 21:31:49 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:
64bit: - [2008/12/31 09:01:20 | 004,993,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:
64bit: - [2008/10/26 15:50:58 | 000,469,504 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:
64bit: - [2008/10/23 04:42:06 | 000,128,352 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:
64bit: - [2008/09/04 12:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:
64bit: - [2008/08/28 18:57:24 | 004,745,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:
64bit: - [2008/08/06 11:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:
64bit: - [2008/07/24 11:48:10 | 000,250,928 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:
64bit: - [2008/06/23 06:54:02 | 000,099,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:
64bit: - [2008/06/23 06:54:02 | 000,091,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:
64bit: - [2008/06/23 06:54:02 | 000,019,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:
64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:
64bit: - [2008/03/27 14:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:
64bit: - [2008/03/27 14:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:
64bit: - [2008/03/21 07:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:
64bit: - [2008/01/20 21:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:
64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:
64bit: - [2008/01/20 21:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:
64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:
64bit: - [2007/06/18 19:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:
64bit: - [2006/10/03 20:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2008/11/28 20:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/06/15 03:40:30] [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.h...avilion&pf=cnnbIE:
64bit: - HKLM\..\SearchScopes,DefaultScope = {3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E}
IE:
64bit: - HKLM\..\SearchScopes\{3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E}: "URL" =
http://search.live.c...ms}&FORM=HPNTDFIE:
64bit: - HKLM\..\SearchScopes\{BFE5EDCC-25B3-461D-8E03-309E92AD753A}: "URL" =
http://www.ask.com/w...}&l=dis&o=ushplIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.comIE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{BFE5EDCC-25B3-461D-8E03-309E92AD753A}: "URL" =
http://www.ask.com/w...}&l=dis&o=ushpl IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com/?fr=fp-yie9IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/?fr=fp-yie9IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\SearchScopes\{273B8C2F-51CB-40E1-90AA-9BB1190EEB5F}: "URL" =
http://search.yahoo....f-8&fr=chr-yie9IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\SearchScopes\{7148CB92-9375-4E9C-A5C0-166ACF27981A}: "URL" =
http://www.flickr.co...q={searchTerms}IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "
http://sports.yahoo....X81xSObsw5nYcB"FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0
FF - user.js - File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Pete\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/12 18:53:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Users\Pete\AppData\Roaming\Move Networks [2009/11/21 19:43:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/12 18:53:51 | 000,000,000 | ---D | M]
[2011/01/18 15:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Extensions
[2014/02/09 14:46:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\extensions
[2011/04/10 20:01:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/12/12 18:53:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/05 13:20:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2011/11/24 10:05:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4:
64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:
64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [Gstion Update] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [IDT Auto] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [IDT Tray] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [IDT Update] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_168_Plugin.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\RunOnce: [Report] C:\AdwCleaner\AdwCleaner[S0].txt ()
O4 - Startup: C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoZone iSync.lnk = C:\Program Files (x86)\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:
64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:
64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:
64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:
64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..Trusted Domains: yahoo.com ([sports] http in Trusted sites)
O15 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1}
http://www.king.com/ctl/kingcomie.cab (king.com)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BC2929E-B9E6-4589-A980-0CD02A9CA469}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89C1B4C5-FB96-4F64-B942-D383F21133F9}: DhcpNameServer = 192.168.1.1
O18:
64bit: - Protocol\Handler\cdo - No CLSID value found
O18:
64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:
64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:
64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:
64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:
64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:
64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Pete\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Pete\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
========== Files/Folders - Created Within 30 Days ========== [2014/02/09 18:44:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2014/02/09 18:36:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/09 18:25:38 | 001,037,530 | ---- | C] (Thisisu) -- C:\Users\Pete\Desktop\JRT.exe
[2014/02/09 17:41:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/09 17:39:38 | 000,453,632 | ---- | C] (Farbar) -- C:\Users\Pete\Desktop\FSS.exe
[2014/02/09 16:39:04 | 004,122,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Pete\Desktop\tdsskiller.exe
[2014/02/09 14:46:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/09 00:00:22 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Pete\Desktop\aswmbr.exe
[2014/02/07 11:01:41 | 000,000,000 | ---D | C] -- C:\Users\Pete\AppData\Local\KB9369951
========== Files - Modified Within 30 Days ========== [2014/02/09 18:46:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/09 18:25:51 | 004,009,167 | ---- | M] () -- C:\Users\Pete\Desktop\ServicesRepair.exe
[2014/02/09 18:25:38 | 001,037,530 | ---- | M] (Thisisu) -- C:\Users\Pete\Desktop\JRT.exe
[2014/02/09 17:40:10 | 001,166,132 | ---- | M] () -- C:\Users\Pete\Desktop\AdwCleaner.exe
[2014/02/09 17:39:38 | 000,453,632 | ---- | M] (Farbar) -- C:\Users\Pete\Desktop\FSS.exe
[2014/02/09 16:39:05 | 004,122,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Pete\Desktop\tdsskiller.exe
[2014/02/09 01:48:37 | 000,000,512 | ---- | M] () -- C:\Users\Pete\Desktop\MBR.dat
[2014/02/09 00:00:23 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Pete\Desktop\aswmbr.exe
[2014/02/08 23:54:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/02/08 23:53:57 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/08 23:53:57 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/08 13:25:38 | 000,315,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/08 13:06:44 | 000,189,440 | ---- | M] () -- C:\Users\Pete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/08 12:52:18 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/08 12:52:18 | 000,594,698 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/08 12:52:18 | 000,100,766 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/07 09:06:09 | 000,000,870 | ---- | M] () -- C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9ob3frbn.lnk
[2014/02/01 15:17:14 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPete.job
[2014/01/20 19:32:42 | 000,002,551 | ---- | M] () -- C:\Users\Pete\Application Data\Microsoft\Internet Explorer\Quick Launch\HP MediaSmart.lnk
========== Files Created - No Company Name ========== [2014/02/09 18:25:47 | 004,009,167 | ---- | C] () -- C:\Users\Pete\Desktop\ServicesRepair.exe
[2014/02/09 17:40:10 | 001,166,132 | ---- | C] () -- C:\Users\Pete\Desktop\AdwCleaner.exe
[2014/02/09 01:48:37 | 000,000,512 | ---- | C] () -- C:\Users\Pete\Desktop\MBR.dat
[2014/02/07 09:06:09 | 000,000,870 | ---- | C] () -- C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9ob3frbn.lnk
[2013/11/12 16:50:15 | 000,000,004 | ---- | C] () -- C:\Users\Pete\AppData\Roaming\cache.ini
[2010/05/12 10:41:48 | 000,004,922 | ---- | C] () -- C:\ProgramData\amjmwaey.gaf
[2009/11/23 18:48:41 | 000,189,440 | ---- | C] () -- C:\Users\Pete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/11 17:54:46 | 000,005,089 | ---- | C] () -- C:\ProgramData\cbkxtjjv.ukg
[2009/09/09 08:02:33 | 000,000,680 | ---- | C] () -- C:\Users\Pete\AppData\Local\d3d9caps.dat
[2009/08/26 11:24:45 | 000,000,600 | ---- | C] () -- C:\Users\Pete\PUTTY.RND
========== ZeroAccess Check ========== [2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011/01/21 11:50:13 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 11:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 00:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ========== [2011/05/30 22:22:14 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Flip Video
[2009/10/04 00:38:02 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Gamelab
[2010/03/27 23:01:51 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Leadertech
[2010/05/12 10:41:49 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\MOVAVI
[2010/05/12 10:43:25 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Movavi Flash Converter
[2010/05/12 10:43:25 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Movavi Flash Converter 2
[2009/08/21 23:18:03 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\SPORE Creature Creator
[2009/08/19 12:21:27 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\WildTangent
========== Purity Check ========== ========== Custom Scans ========== < base services >[2006/11/02 10:42:03 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 10:42:03 | 000,032,548 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/08/19 11:29:59 | 000,000,330 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForPete.job
< %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 01:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 00:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 00:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 21:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 01:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\ERDNT\cache86\explorer.exe
[2008/10/29 01:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 00:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 21:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 21:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
< MD5 for: RUNDLL32.EXE >[2006/11/02 06:16:05 | 000,046,592 | ---- | M] (Microsoft Corporation) MD5=10446646D128E580C46615338E74E672 -- C:\Windows\SysNative\rundll32.exe
[2006/11/02 06:16:05 | 000,046,592 | ---- | M] (Microsoft Corporation) MD5=10446646D128E580C46615338E74E672 -- C:\Windows\winsxs\amd64_microsoft-windows-rundll32_31bf3856ad364e35_6.0.6000.16386_none_31ed2b17665cf346\rundll32.exe
[2006/11/02 04:45:37 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=4B555106290BD117334E9A08761C035A -- C:\Windows\SysWOW64\rundll32.exe
[2006/11/02 04:45:37 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=4B555106290BD117334E9A08761C035A -- C:\Windows\winsxs\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.0.6000.16386_none_d5ce8f93adff8210\rundll32.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\rundll32.exe
< MD5 for: RUNDLL32.EXE.MUI >[2006/11/02 10:13:36 | 000,002,560 | ---- | M] (Microsoft Corporation) MD5=1D081AC21359C3A42B0B46191F0ADA13 -- C:\Windows\SysNative\en-US\rundll32.exe.mui
[2006/11/02 10:13:36 | 000,002,560 | ---- | M] (Microsoft Corporation) MD5=1D081AC21359C3A42B0B46191F0ADA13 -- C:\Windows\winsxs\amd64_microsoft-windows-rundll32.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a6b35c4854d71c73\rundll32.exe.mui
[2006/11/02 10:13:45 | 000,003,072 | ---- | M] (Microsoft Corporation) MD5=E23EE8B895BF05358427768C62A06C9B -- C:\Windows\SysWOW64\en-US\rundll32.exe.mui
[2006/11/02 10:13:45 | 000,003,072 | ---- | M] (Microsoft Corporation) MD5=E23EE8B895BF05358427768C62A06C9B -- C:\Windows\winsxs\x86_microsoft-windows-rundll32.resources_31bf3856ad364e35_6.0.6000.16386_en-us_4a94c0c49c79ab3d\rundll32.exe.mui
< MD5 for: RUNDLL32.EXE-0130F235.PF >[2014/02/06 18:23:03 | 000,041,074 | ---- | M] () MD5=A840B2F76CBF87F0AD2C82BBC59DCE9C -- C:\Windows\Prefetch\RUNDLL32.EXE-0130F235.pf
< MD5 for: RUNDLL32.EXE-0569809E.PF >[2014/02/06 18:23:13 | 000,040,540 | ---- | M] () MD5=1E67247A322FF12DBDD1823F88971329 -- C:\Windows\Prefetch\RUNDLL32.EXE-0569809E.pf
< MD5 for: RUNDLL32.EXE-05DEA4C3.PF >[2014/02/07 12:11:43 | 000,222,886 | ---- | M] () MD5=95C03C1852BE61A19CEFD078DCC7BF8A -- C:\Windows\Prefetch\RUNDLL32.EXE-05DEA4C3.pf
< MD5 for: RUNDLL32.EXE-089D0DDE.PF >[2014/02/06 18:23:04 | 000,039,454 | ---- | M] () MD5=1B02ACF3F9716ACCE30045735F3AA77F -- C:\Windows\Prefetch\RUNDLL32.EXE-089D0DDE.pf
< MD5 for: RUNDLL32.EXE-0FF87189.PF >[2014/02/06 18:19:08 | 000,034,712 | ---- | M] () MD5=AD94D90CB16EF20FD78FF3DD86A6652A -- C:\Windows\Prefetch\RUNDLL32.EXE-0FF87189.pf
< MD5 for: RUNDLL32.EXE-100286AC.PF >[2014/02/06 18:23:23 | 000,038,496 | ---- | M] () MD5=CDE3C79FBE38A2AA8780608FEC45DC2B -- C:\Windows\Prefetch\RUNDLL32.EXE-100286AC.pf
< MD5 for: RUNDLL32.EXE-10519788.PF >[2014/02/06 18:23:00 | 000,038,696 | ---- | M] () MD5=746803D57EE535B42C7ACEDAC4AC5DB8 -- C:\Windows\Prefetch\RUNDLL32.EXE-10519788.pf
< MD5 for: RUNDLL32.EXE-116B0857.PF >[2014/02/06 18:19:03 | 000,039,646 | ---- | M] () MD5=D0418DCD4E4CBDFCDCA3A0539548FBA4 -- C:\Windows\Prefetch\RUNDLL32.EXE-116B0857.pf
< MD5 for: RUNDLL32.EXE-126263C5.PF >[2014/02/06 18:23:03 | 000,038,758 | ---- | M] () MD5=204363E1AB376A0E83D0F461B9CCD681 -- C:\Windows\Prefetch\RUNDLL32.EXE-126263C5.pf
< MD5 for: RUNDLL32.EXE-164BA327.PF >[2014/02/06 18:23:08 | 000,040,426 | ---- | M] () MD5=1D606992E927F9216048A5642401B2FB -- C:\Windows\Prefetch\RUNDLL32.EXE-164BA327.pf
< MD5 for: RUNDLL32.EXE-1ACEA696.PF >[2014/02/06 18:23:12 | 000,040,882 | ---- | M] () MD5=89486E7BB70AEFEC56A9C18C286AAED5 -- C:\Windows\Prefetch\RUNDLL32.EXE-1ACEA696.pf
< MD5 for: RUNDLL32.EXE-1F0BC7BB.PF >[2014/02/06 18:23:17 | 000,035,670 | ---- | M] () MD5=01304F7140A9EF6A6F95D41EED89F5F7 -- C:\Windows\Prefetch\RUNDLL32.EXE-1F0BC7BB.pf
< MD5 for: RUNDLL32.EXE-20F94C55.PF >[2014/02/06 18:23:20 | 000,039,626 | ---- | M] () MD5=33D49FFC3401341422F0D7E06B1E7CEB -- C:\Windows\Prefetch\RUNDLL32.EXE-20F94C55.pf
< MD5 for: RUNDLL32.EXE-2B7A08C4.PF >[2014/02/06 18:19:07 | 000,037,298 | ---- | M] () MD5=A240AC945AA028D6BCD27981065DAD02 -- C:\Windows\Prefetch\RUNDLL32.EXE-2B7A08C4.pf
< MD5 for: RUNDLL32.EXE-3B47BEBD.PF >[2014/02/06 18:19:11 | 000,042,332 | ---- | M] () MD5=7084EBF8A07F60A71DCC54B0364B54DE -- C:\Windows\Prefetch\RUNDLL32.EXE-3B47BEBD.pf
< MD5 for: RUNDLL32.EXE-3CD2264E.PF >[2014/02/06 18:19:07 | 000,038,960 | ---- | M] () MD5=68A6D4B9277807D6D96FF8C1DEA7D0EE -- C:\Windows\Prefetch\RUNDLL32.EXE-3CD2264E.pf
< MD5 for: RUNDLL32.EXE-3D756D65.PF >[2014/02/06 18:23:25 | 000,035,804 | ---- | M] () MD5=E90CB48B2809017A521F2676F6953381 -- C:\Windows\Prefetch\RUNDLL32.EXE-3D756D65.pf
< MD5 for: RUNDLL32.EXE-40488F38.PF >[2014/02/06 18:19:08 | 000,038,900 | ---- | M] () MD5=8D381E8BBBBBA78D8F8E8247D8B62420 -- C:\Windows\Prefetch\RUNDLL32.EXE-40488F38.pf
< MD5 for: RUNDLL32.EXE-421FACC5.PF >[2014/02/06 18:23:17 | 000,036,086 | ---- | M] () MD5=4F048A8BDC3F73176890A39E1F3C6777 -- C:\Windows\Prefetch\RUNDLL32.EXE-421FACC5.pf
< MD5 for: RUNDLL32.EXE-4446971D.PF >[2014/02/06 18:23:15 | 000,040,792 | ---- | M] () MD5=FA7F1266265BE8F31887EC2114D259C2 -- C:\Windows\Prefetch\RUNDLL32.EXE-4446971D.pf
< MD5 for: RUNDLL32.EXE-44AA0796.PF >[2014/02/06 18:23:15 | 000,040,544 | ---- | M] () MD5=FAF69A13D4ABD4F84E5F5B6F58B5A31F -- C:\Windows\Prefetch\RUNDLL32.EXE-44AA0796.pf
< MD5 for: RUNDLL32.EXE-48FCD7EB.PF >[2014/02/06 18:23:05 | 000,038,686 | ---- | M] () MD5=3E4187EF012668A13731BA905C27F2A1 -- C:\Windows\Prefetch\RUNDLL32.EXE-48FCD7EB.pf
< MD5 for: RUNDLL32.EXE-49A3EBD2.PF >[2014/02/06 18:22:59 | 000,036,306 | ---- | M] () MD5=5A8F3E12DDF1E6DC04D96B70AFE8887B -- C:\Windows\Prefetch\RUNDLL32.EXE-49A3EBD2.pf
< MD5 for: RUNDLL32.EXE-4C2ACA83.PF >[2014/02/06 18:19:09 | 000,038,288 | ---- | M] () MD5=C7ADF809817C59E4BA916BAE4A7314DD -- C:\Windows\Prefetch\RUNDLL32.EXE-4C2ACA83.pf
< MD5 for: RUNDLL32.EXE-565255D3.PF >[2014/02/06 18:23:04 | 000,039,162 | ---- | M] () MD5=2AC136CB2943274CEF3C26CE0FEA7D80 -- C:\Windows\Prefetch\RUNDLL32.EXE-565255D3.pf
< MD5 for: RUNDLL32.EXE-58863F79.PF >[2014/02/07 11:20:58 | 000,032,460 | ---- | M] () MD5=82F0039FCE433C738EE02CC1F11D0AF7 -- C:\Windows\Prefetch\RUNDLL32.EXE-58863F79.pf
< MD5 for: RUNDLL32.EXE-63964989.PF >[2014/02/06 18:23:10 | 000,043,314 | ---- | M] () MD5=2D30553369FE6E29ACFF1C7D34C8F940 -- C:\Windows\Prefetch\RUNDLL32.EXE-63964989.pf
< MD5 for: RUNDLL32.EXE-639CD7E3.PF >[2014/02/06 18:23:05 | 000,039,742 | ---- | M] () MD5=BA08CF940054270AA8F61686759E07EA -- C:\Windows\Prefetch\RUNDLL32.EXE-639CD7E3.pf
< MD5 for: RUNDLL32.EXE-64DA5FB2.PF >[2014/02/06 18:23:22 | 000,042,404 | ---- | M] () MD5=039D2E23218C3083A0C6BCE2C0AFDC09 -- C:\Windows\Prefetch\RUNDLL32.EXE-64DA5FB2.pf
< MD5 for: RUNDLL32.EXE-68804F16.PF >[2014/02/06 18:23:20 | 000,039,108 | ---- | M] () MD5=5D5D1A270A243EA829147FFF83C1ACA8 -- C:\Windows\Prefetch\RUNDLL32.EXE-68804F16.pf
< MD5 for: RUNDLL32.EXE-6A0AEE16.PF >[2014/02/06 18:23:08 | 000,038,322 | ---- | M] () MD5=1689355628B84BAA78BE8939B5FF177A -- C:\Windows\Prefetch\RUNDLL32.EXE-6A0AEE16.pf
< MD5 for: RUNDLL32.EXE-6C7F9794.PF >[2014/02/06 18:19:10 | 000,037,598 | ---- | M] () MD5=258242D75F721D1FAE5DBE73E02CDACF -- C:\Windows\Prefetch\RUNDLL32.EXE-6C7F9794.pf
< MD5 for: RUNDLL32.EXE-6CC1A142.PF >[2014/02/06 18:23:02 | 000,038,240 | ---- | M] () MD5=67349DFB08B80B4B0103E760BF3F5FD9 -- C:\Windows\Prefetch\RUNDLL32.EXE-6CC1A142.pf
< MD5 for: RUNDLL32.EXE-6FE66E24.PF >[2014/02/06 18:19:01 | 000,040,186 | ---- | M] () MD5=B7E1550A295BAB85C9DE09A1310CEC1E -- C:\Windows\Prefetch\RUNDLL32.EXE-6FE66E24.pf
< MD5 for: RUNDLL32.EXE-7B33F858.PF >[2014/02/06 18:23:06 | 000,040,114 | ---- | M] () MD5=85B09FA722A1300AA7A415327D64CA5E -- C:\Windows\Prefetch\RUNDLL32.EXE-7B33F858.pf
< MD5 for: RUNDLL32.EXE-7DB5B5CA.PF >[2014/02/06 18:23:01 | 000,041,832 | ---- | M] () MD5=35D48F700619F8450E2D0F17B3217A85 -- C:\Windows\Prefetch\RUNDLL32.EXE-7DB5B5CA.pf
< MD5 for: RUNDLL32.EXE-81535C41.PF >[2014/02/06 18:23:08 | 000,037,398 | ---- | M] () MD5=B333B5C70E71E09D47DA52FD47A9413F -- C:\Windows\Prefetch\RUNDLL32.EXE-81535C41.pf
< MD5 for: RUNDLL32.EXE-81E1ADBB.PF >[2014/02/06 18:23:07 | 000,040,234 | ---- | M] () MD5=D1787746779CF3FF50249639AB3223C3 -- C:\Windows\Prefetch\RUNDLL32.EXE-81E1ADBB.pf
< MD5 for: RUNDLL32.EXE-84353A26.PF >[2014/02/06 18:22:58 | 000,038,950 | ---- | M] () MD5=A3C574CB257E0E75D60623C6249610E4 -- C:\Windows\Prefetch\RUNDLL32.EXE-84353A26.pf
< MD5 for: RUNDLL32.EXE-8C04C7FD.PF >[2014/02/06 18:23:25 | 000,038,404 | ---- | M] () MD5=A382FDC4697620EB5595CD15010421F6 -- C:\Windows\Prefetch\RUNDLL32.EXE-8C04C7FD.pf
< MD5 for: RUNDLL32.EXE-9191C3AD.PF >[2014/02/06 18:23:24 | 000,034,928 | ---- | M] () MD5=033C588AD72F9FBE6405F33AEE6E2A07 -- C:\Windows\Prefetch\RUNDLL32.EXE-9191C3AD.pf
< MD5 for: RUNDLL32.EXE-927CA77D.PF >[2014/02/06 18:19:03 | 000,038,854 | ---- | M] () MD5=46A0C0B669F0851D980686023E640265 -- C:\Windows\Prefetch\RUNDLL32.EXE-927CA77D.pf
< MD5 for: RUNDLL32.EXE-93032198.PF >[2014/02/06 18:23:11 | 000,038,120 | ---- | M] () MD5=2CBC24E37E9A8E32841D3D1EB4B7A08D -- C:\Windows\Prefetch\RUNDLL32.EXE-93032198.pf
< MD5 for: RUNDLL32.EXE-94F8439F.PF >[2014/02/06 18:23:21 | 000,039,572 | ---- | M] () MD5=8A9B2533C5DE85A167B0CA5E44CA1519 -- C:\Windows\Prefetch\RUNDLL32.EXE-94F8439F.pf
< MD5 for: RUNDLL32.EXE-9DC696D6.PF >[2014/02/06 18:23:12 | 000,041,840 | ---- | M] () MD5=CBB161DCAB10496EB15362DF45BC6126 -- C:\Windows\Prefetch\RUNDLL32.EXE-9DC696D6.pf
< MD5 for: RUNDLL32.EXE-A788D517.PF >[2014/02/06 18:23:05 | 000,038,686 | ---- | M] () MD5=79C29978EB049A19BBA61ED0D4B33EFC -- C:\Windows\Prefetch\RUNDLL32.EXE-A788D517.pf
< MD5 for: RUNDLL32.EXE-AC63C603.PF >[2014/02/06 18:23:07 | 000,035,394 | ---- | M] () MD5=5EFD0892BD3AD340B55A2DF4D6510046 -- C:\Windows\Prefetch\RUNDLL32.EXE-AC63C603.pf
< MD5 for: RUNDLL32.EXE-AFAE3D04.PF >[2014/02/06 18:23:10 | 000,047,284 | ---- | M] () MD5=10DAE17B92C224B7D71982ADD3812D92 -- C:\Windows\Prefetch\RUNDLL32.EXE-AFAE3D04.pf
< MD5 for: RUNDLL32.EXE-B12896B3.PF >[2014/02/06 18:19:12 | 000,036,196 | ---- | M] () MD5=7D01C6890A12BA43DD11423F69C79FB4 -- C:\Windows\Prefetch\RUNDLL32.EXE-B12896B3.pf
< MD5 for: RUNDLL32.EXE-B1A5A77F.PF >[2014/02/06 18:23:19 | 000,043,056 | ---- | M] () MD5=8EF9759107C1EED7CAEDAFC18EFDE296 -- C:\Windows\Prefetch\RUNDLL32.EXE-B1A5A77F.pf
< MD5 for: RUNDLL32.EXE-B90EF116.PF >[2014/02/06 18:23:00 | 000,038,506 | ---- | M] () MD5=6F0236CA5F38DC909FF26AA35A232627 -- C:\Windows\Prefetch\RUNDLL32.EXE-B90EF116.pf
< MD5 for: RUNDLL32.EXE-C06C9DE2.PF >[2014/02/06 18:19:06 | 000,037,170 | ---- | M] () MD5=BC27D09F1A8FBAEE167A193962894F17 -- C:\Windows\Prefetch\RUNDLL32.EXE-C06C9DE2.pf
< MD5 for: RUNDLL32.EXE-C66FAC93.PF >[2014/02/06 18:19:11 | 000,034,338 | ---- | M] () MD5=51ABB6D99E94ECDA19E6FD54279DDF06 -- C:\Windows\Prefetch\RUNDLL32.EXE-C66FAC93.pf
< MD5 for: RUNDLL32.EXE-C8108D2E.PF >[2014/02/06 18:23:16 | 000,038,474 | ---- | M] () MD5=A2925A3F938CCED66E71BA5981D0408D -- C:\Windows\Prefetch\RUNDLL32.EXE-C8108D2E.pf
< MD5 for: RUNDLL32.EXE-C90759EE.PF >[2014/02/06 18:19:06 | 000,039,222 | ---- | M] () MD5=7DB53012E1ED332692FA999C79274397 -- C:\Windows\Prefetch\RUNDLL32.EXE-C90759EE.pf
< MD5 for: RUNDLL32.EXE-CA8E0199.PF >[2014/02/06 18:22:57 | 000,039,258 | ---- | M] () MD5=9ECC4799471697494A6F0EC5471E54DC -- C:\Windows\Prefetch\RUNDLL32.EXE-CA8E0199.pf
< MD5 for: RUNDLL32.EXE-CF11C209.PF >[2014/02/06 18:19:09 | 000,040,448 | ---- | M] () MD5=B3D278031CE2C35F0CA856283C6AE6A6 -- C:\Windows\Prefetch\RUNDLL32.EXE-CF11C209.pf
< MD5 for: RUNDLL32.EXE-D24D41B1.PF >[2014/02/06 18:19:05 | 000,037,110 | ---- | M] () MD5=DC932F4E8F3E19F268C1B6C393634CCC -- C:\Windows\Prefetch\RUNDLL32.EXE-D24D41B1.pf
< MD5 for: RUNDLL32.EXE-D33E0B0E.PF >[2014/02/06 18:23:24 | 000,035,240 | ---- | M] () MD5=33A83F893F1F278D256724331E5EC887 -- C:\Windows\Prefetch\RUNDLL32.EXE-D33E0B0E.pf
< MD5 for: RUNDLL32.EXE-DCBDD709.PF >[2014/02/06 18:23:17 | 000,037,748 | ---- | M] () MD5=1345C9C464F9260E6D52836CCD857EF0 -- C:\Windows\Prefetch\RUNDLL32.EXE-DCBDD709.pf
< MD5 for: RUNDLL32.EXE-DCCB84D0.PF >[2014/02/06 18:22:59 | 000,038,014 | ---- | M] () MD5=EA22AC226EEA7BF0C38C43BEAEF220AB -- C:\Windows\Prefetch\RUNDLL32.EXE-DCCB84D0.pf
< MD5 for: RUNDLL32.EXE-DF33719D.PF >[2014/02/06 18:19:05 | 000,039,838 | ---- | M] () MD5=0CE4F85EEF211B0D63F36D3C37AAAAF3 -- C:\Windows\Prefetch\RUNDLL32.EXE-DF33719D.pf
< MD5 for: RUNDLL32.EXE-E27D247B.PF >[2014/02/06 18:23:06 | 000,037,218 | ---- | M] () MD5=8BC4232B81EC89B27494A415FFDEBCA0 -- C:\Windows\Prefetch\RUNDLL32.EXE-E27D247B.pf
< MD5 for: RUNDLL32.EXE-E3F8B487.PF >[2014/02/06 18:23:16 | 000,036,924 | ---- | M] () MD5=7A20015283A5FEBAB7FBF698262EF432 -- C:\Windows\Prefetch\RUNDLL32.EXE-E3F8B487.pf
< MD5 for: RUNDLL32.EXE-E447C111.PF >[2014/02/07 11:46:07 | 000,025,922 | ---- | M] () MD5=FEBC33C4AB3FB4D066A6136001797674 -- C:\Windows\Prefetch\RUNDLL32.EXE-E447C111.pf
< MD5 for: RUNDLL32.EXE-E796C1C7.PF >[2014/02/06 18:22:58 | 000,040,006 | ---- | M] () MD5=F1B7EA5B843E75129EC7239059A53648 -- C:\Windows\Prefetch\RUNDLL32.EXE-E796C1C7.pf
< MD5 for: RUNDLL32.EXE-EAC8E090.PF >[2014/02/06 18:23:09 | 000,034,938 | ---- | M] () MD5=35CA0D6A9E32B929266259D6A7CF9DEA -- C:\Windows\Prefetch\RUNDLL32.EXE-EAC8E090.pf
< MD5 for: RUNDLL32.EXE-F4B9375C.PF >[2014/02/06 18:19:10 | 000,036,174 | ---- | M] () MD5=AFF4967707E0EF0CAAEDB19773164A70 -- C:\Windows\Prefetch\RUNDLL32.EXE-F4B9375C.pf
< MD5 for: RUNDLL32.EXE-F768AF69.PF >[2014/02/06 18:19:02 | 000,044,348 | ---- | M] () MD5=5BAD2526EC7398E150A9029C59230DB7 -- C:\Windows\Prefetch\RUNDLL32.EXE-F768AF69.pf
< MD5 for: SVCHOST.EXE >[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache86\svchost.exe
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\ERDNT\cache64\svchost.exe
[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe
< MD5 for: USERINIT.EXE >[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
< MD5 for: WINLOGON.EXE >[2009/04/11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 21:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2008/01/20 21:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 21:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< dir "%systemdrive%\*" /S /A:L /C > Volume in drive C has no label.
Volume Serial Number is 58A9-45C3
Directory of C:\
11/02/2006 10:42 AM <JUNCTION> Documents and Settings [c:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
11/02/2006 10:42 AM <JUNCTION> Application Data [c:\ProgramData]
11/02/2006 10:42 AM <JUNCTION> Desktop [c:\Users\Public\Desktop]
11/02/2006 10:42 AM <JUNCTION> Documents [c:\Users\Public\Documents]
11/02/2006 10:42 AM <JUNCTION> Favorites [c:\Users\Public\Favorites]
11/02/2006 10:42 AM <JUNCTION> Start Menu [c:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 10:42 AM <JUNCTION> Templates [c:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
11/02/2006 10:42 AM <SYMLINKD> All Users [c:\ProgramData]
11/02/2006 10:42 AM <JUNCTION> Default User [c:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
11/02/2006 10:42 AM <JUNCTION> Application Data [c:\ProgramData]
11/02/2006 10:42 AM <JUNCTION> Desktop [c:\Users\Public\Desktop]
11/02/2006 10:42 AM <JUNCTION> Documents [c:\Users\Public\Documents]
11/02/2006 10:42 AM <JUNCTION> Favorites [c:\Users\Public\Favorites]
11/02/2006 10:42 AM <JUNCTION> Start Menu [c:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 10:42 AM <JUNCTION> Templates [c:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
11/02/2006 10:42 AM <JUNCTION> Application Data [c:\Users\Default\AppData\Roaming]
11/02/2006 10:42 AM <JUNCTION> Local Settings [c:\Users\Default\AppData\Local]
11/02/2006 10:42 AM <JUNCTION> My Documents [c:\Users\Default\Documents]
11/02/2006 10:42 AM <JUNCTION> NetHood [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/02/2006 10:42 AM <JUNCTION> PrintHood [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/02/2006 10:42 AM <JUNCTION> Recent [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
11/02/2006 10:42 AM <JUNCTION> SendTo [c:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
11/02/2006 10:42 AM <JUNCTION> Start Menu [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
11/02/2006 10:42 AM <JUNCTION> Templates [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
11/02/2006 10:42 AM <JUNCTION> Application Data [c:\Users\Default\AppData\Local]
11/02/2006 10:42 AM <JUNCTION> History [c:\Users\Default\AppData\Local\Microsoft\Windows\History]
11/02/2006 10:42 AM <JUNCTION> Temporary Internet Files [c:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
11/02/2006 10:42 AM <JUNCTION> My Music [c:\Users\Default\Music]
11/02/2006 10:42 AM <JUNCTION> My Pictures [c:\Users\Default\Pictures]
11/02/2006 10:42 AM <JUNCTION> My Videos [c:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Pete
08/19/2009 11:07 AM <JUNCTION> Application Data [C:\Users\Pete\AppData\Roaming]
08/19/2009 11:07 AM <JUNCTION> Cookies [C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Cookies]
08/19/2009 11:07 AM <JUNCTION> Local Settings [C:\Users\Pete\AppData\Local]
08/19/2009 11:07 AM <JUNCTION> My Documents [C:\Users\Pete\Documents]
08/19/2009 11:07 AM <JUNCTION> NetHood [C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/19/2009 11:07 AM <JUNCTION> PrintHood [C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/19/2009 11:07 AM <JUNCTION> Recent [C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Recent]
08/19/2009 11:07 AM <JUNCTION> SendTo [C:\Users\Pete\AppData\Roaming\Microsoft\Windows\SendTo]
08/19/2009 11:07 AM <JUNCTION> Start Menu [C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu]
08/19/2009 11:07 AM <JUNCTION> Templates [C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Pete\AppData\Local
08/19/2009 11:07 AM <JUNCTION> Application Data [C:\Users\Pete\AppData\Local]
08/19/2009 11:07 AM <JUNCTION> History [C:\Users\Pete\AppData\Local\Microsoft\Windows\History]
08/19/2009 11:07 AM <JUNCTION> Temporary Internet Files [C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Pete\Documents
08/19/2009 11:07 AM <JUNCTION> My Music [C:\Users\Pete\Music]
08/19/2009 11:07 AM <JUNCTION> My Pictures [C:\Users\Pete\Pictures]
08/19/2009 11:07 AM <JUNCTION> My Videos [C:\Users\Pete\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
11/02/2006 10:42 AM <JUNCTION> My Music [c:\Users\Public\Music]
11/02/2006 10:42 AM <JUNCTION> My Pictures [c:\Users\Public\Pictures]
11/02/2006 10:42 AM <JUNCTION> My Videos [c:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
01/13/2009 12:20 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
01/13/2009 12:20 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
01/13/2009 12:20 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
01/13/2009 12:20 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/13/2009 12:20 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/13/2009 12:20 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
01/13/2009 12:20 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
01/13/2009 12:20 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
01/13/2009 12:20 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
01/13/2009 12:20 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
01/13/2009 12:20 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
01/13/2009 12:20 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
01/13/2009 12:20 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
01/13/2009 12:20 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
01/13/2009 12:20 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
01/13/2009 12:20 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
01/13/2009 12:20 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
01/13/2009 12:20 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
01/13/2009 12:20 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/13/2009 12:20 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/13/2009 12:20 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
01/13/2009 12:20 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
01/13/2009 12:20 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
01/13/2009 12:20 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
01/13/2009 12:20 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
01/13/2009 12:20 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
01/13/2009 12:20 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
01/13/2009 12:20 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
01/13/2009 12:20 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
01/13/2009 12:20 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
79 Dir(s) 312,283,451,392 bytes free
< End of report >
6. new Extras.txt log:
OTL Extras logfile created on: 2/9/2014 6:55:10 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pete\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.75% Memory free
4.22 Gb Paging File | 3.71 Gb Available in Paging File | 87.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.18 Gb Total Space | 290.86 Gb Free Space | 64.18% Space Free | Partition Type: NTFS
Drive D: | 12.58 Gb Total Space | 1.99 Gb Free Space | 15.80% Space Free | Partition Type: NTFS
Computer Name: PETE-PC | User Name: Pete | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = AE F8 EE 94 71 B3 CC 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3889686918-3398402473-1388666377-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{53A03625-E45D-4A82-90E2-F32C7B63A0B5}" = lport=24727 | protocol=6 | dir=in | name=flipshareserver |
"{9240E818-9E91-4E85-A298-3D82BDEA1E3B}" = lport=24726 | protocol=6 | dir=in | name=flipshareserver |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049BF5E3-21E2-4110-A357-2A34FFF60589}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{09D923B4-6857-44B8-9F47-6D8B3DB0EF25}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{12DEEF3C-631C-4F5D-B51A-C5E4540354FD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{12F31D6E-B021-4A5A-B52B-A426FC9A8A62}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{3B73BC24-502D-4211-B0C8-D37F20F9D704}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{4575D613-79B9-4CB7-95EE-D2114CCE955E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{65FB6591-301A-4E68-A904-DFDF63A9924E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{6737C2D7-9757-402E-95D2-FC5BDCEB6BBF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{85AFA4F7-653C-4DB7-B57D-B9C314B1444D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{8C92DF9A-E74B-46E2-9758-111B5ACABC3C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{9E908510-C752-4700-8477-75BD02CE9A87}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{A0F4E890-DA0D-47FD-9E43-768B06C8F4F2}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{AB60E26F-C376-4417-BD95-9BEAD0D9004D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{B22E69BB-4446-43B1-8E13-09E522C21C49}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B9A9848E-418A-4E22-AB2B-FFE069BA294A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{C3727FC1-18F2-4B3F-AF02-4C3AD8D8E6B7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{DE312A9B-EF63-4F9A-8B1C-EB57772EC55A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{FDB86963-C243-4877-9F1C-E35F058E0C54}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{3975CE71-3544-9FBA-56E5-2E9709E348C5}" = ATI Catalyst Install Manager
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7F67AF0E-DF48-0198-E0F3-F1C9F7A6FC22}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0C7F8FBE-435C-34D2-6813-2A632AAC0C92}" = Catalyst Control Center Localization Greek
"{0E1F58B6-39BF-23FC-B4E5-3A2B4A0FADEB}" = CCC Help Turkish
"{0EEF3E07-3971-5080-2A3F-910691DA1135}" = Catalyst Control Center Graphics Previews Vista
"{114C14EE-652A-5EF6-59B8-3E5B33D6A4DF}" = Catalyst Control Center Graphics Full New
"{116C3B09-ADE0-1B8B-2F9F-C8B09A89F9AA}" = CCC Help Thai
"{12C11B2C-00F3-AF06-94D4-1AAF70616507}" = Catalyst Control Center Graphics Light
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{1EC09CDB-0674-B3D6-FCB1-7B3CE2BFF3E8}" = Catalyst Control Center Localization Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{255C206B-4776-1D14-9EDD-2F9458847739}" = ccc-core-static
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{34CFF761-7AD1-7C1A-4513-79B3E2F54290}" = CCC Help Greek
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3744B641-61DE-417F-BCDC-9CCED4224DF8}" = LightScribe System Software
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3A6F3C3C-A83C-34D5-F80A-4FDA2FBBFE2F}" = Catalyst Control Center Localization Chinese Standard
"{3BFD4B3C-9105-454A-A673-E023E8BC9D56}" = Movavi VideoSuite 7
"{3DFA31F1-4747-60E4-6CA9-0060CFB99E30}" = CCC Help Spanish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4198AAE5-A938-B0A0-9AD2-95C2F23ED677}" = Catalyst Control Center Localization Italian
"{420DFB63-8AE7-F7D6-E4B4-AB6D140221F4}" = FlipShare
"{46345EA6-1608-2E99-B47F-D83725A5C4D9}" = CCC Help Hungarian
"{46ACB9C1-6109-088B-931F-B7A5CE735504}" = CCC Help Italian
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B8CA01-3E68-9993-E6F3-7F8982A0F600}" = CCC Help Finnish
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5D4E7A79-23E0-4715-867C-9D49024BFA57}" = Movavi Flash Converter
"{650A275F-75B8-B71E-4C9D-04E952A63E5F}" = Catalyst Control Center Graphics Previews Common
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6756A967-2904-DE46-3265-4BB80B934904}" = Catalyst Control Center Localization Chinese Traditional
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{6ABE0E28-3A8E-4ADC-A050-784064B76236}" = HP User Guides 0134
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{735DAC68-3FF4-2895-83A2-DBF135AB9F44}" = CCC Help German
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DAD42E6-BBE7-C12B-C78D-8AC8C87F4055}" = Catalyst Control Center Localization German
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90EF242A-A2ED-FBBD-2F1F-A159DB0DDAC3}" = CCC Help Chinese Traditional
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{9198CC8F-8B08-6F7B-BF7D-A6594526B5DF}" = Catalyst Control Center Localization Hungarian
"{93DD8BC9-ADD5-D20B-22B5-1526E45CB6C8}" = CCC Help French
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{99AF6670-F557-F4D3-3069-AE62DA675A70}" = Catalyst Control Center Localization French
"{9B88930B-A7E7-03E5-1313-BED90FCCF72C}" = CCC Help Swedish
"{9F19486B-B187-5A51-189F-FCCEBBB70E2E}" = Catalyst Control Center Localization Dutch
"{A019B329-BFA8-3F59-6F80-6A3714104CE9}" = CCC Help English
"{A107F928-EED3-28FC-857F-ED33FEDBA02A}" = Catalyst Control Center Localization Korean
"{A15B2786-6F7E-0B96-A222-141202F9CECC}" = CCC Help Japanese
"{A5D5CC36-6A42-6FB6-882F-90C6262C8DCA}" = CCC Help Korean
"{A9359BA2-B496-8E14-EDA9-923DBE8913CB}" = Catalyst Control Center Localization Thai
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3D11644-94AB-17E7-D9CF-52EF943D9F52}" = Catalyst Control Center Localization Spanish
"{B4B199E3-4D33-4F08-688A-9BCE5920AAF6}" = Catalyst Control Center Localization Japanese
"{BDDB0932-2C7F-ABB3-ED54-6F045EEF14F7}" = Catalyst Control Center Localization Swedish
"{C2E52B6F-E4F1-B9D6-D671-D7E2FC60C7C0}" = CCC Help Chinese Standard
"{C58AED82-0DD9-DF4B-1CE7-F7EE9B1BBB83}" = CCC Help Danish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C61D8EF2-D9BF-B36F-4887-ADE39C924F3F}" = Catalyst Control Center Localization Polish
"{C7D02E19-07F2-8EE5-7C18-1617A656AF74}" = Catalyst Control Center Localization Turkish
"{C91CC841-7B39-9454-4A16-91C7FF300EC8}" = CCC Help Portuguese
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE60D4C0-86A7-52C8-7C8A-AFD2E99A1790}" = Catalyst Control Center Graphics Full Existing
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D6EA6018-0F5B-E4CC-C930-990412BED306}" = Catalyst Control Center Localization Czech
"{D80D6A7D-A6AA-019A-12D8-CA58F76FA313}" = Skins
"{DB7DE91F-AC23-7A23-B1A7-6FD3A05534E2}" = CCC Help Czech
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DFC21203-E063-A351-8027-F5D43162539D}" = CCC Help Norwegian
"{E0FE7850-04F8-D01A-971F-C7B00F8D003A}" = Catalyst Control Center Localization Russian
"{E18407AE-614D-5B0B-9C38-5A1853E8AB5D}" = Catalyst Control Center Core Implementation
"{E1B2BA63-4023-B582-0D88-ABB528E281D9}" = Catalyst Control Center InstallProxy
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E651B083-2904-8342-5C27-39800B39E03B}" = CCC Help Polish
"{E6695454-03CD-146E-4A10-75FCB5AFE3FB}" = Catalyst Control Center Localization Finnish
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{E9D045D8-E31E-E3D6-004D-9AD4EE6C2747}" = CCC Help Russian
"{E9EEB277-B66C-9A72-9CF0-90AC7BFC2095}" = Catalyst Control Center Localization Norwegian
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F98DF01D-F1C3-3878-FCE6-F749729A8949}" = CCC Help Dutch
"{FDBA2850-0054-7733-527B-A6286D639345}" = Catalyst Control Center Localization Portuguese
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"GoZone iSync" = GoZone iSync
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP.MediaSmartSlingPlayer_is1" = HP MediaSmart SlingPlayer
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Movavi Screen Capture Studio 3" = Movavi Screen Capture Studio
"Mozilla Firefox 27.0 (x86 en-US)" = Mozilla Firefox 27.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 2/9/2014 7:42:57 PM | Computer Name = Pete-PC | Source = EventSystem | ID = 4609
Description =
Error - 2/9/2014 7:43:08 PM | Computer Name = Pete-PC | Source = WinMgmt | ID = 10
Description =
Error - 2/9/2014 7:47:07 PM | Computer Name = Pete-PC | Source = EventSystem | ID = 4609
Description =
Error - 2/9/2014 7:47:19 PM | Computer Name = Pete-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 2/9/2014 7:42:59 PM | Computer Name = Pete-PC | Source = DCOM | ID = 10005
Description =
Error - 2/9/2014 7:43:02 PM | Computer Name = Pete-PC | Source = DCOM | ID = 10005
Description =
Error - 2/9/2014 7:43:08 PM | Computer Name = Pete-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 2/9/2014 7:43:08 PM | Computer Name = Pete-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 2/9/2014 7:46:59 PM | Computer Name = Pete-PC | Source = DCOM | ID = 10005
Description =
Error - 2/9/2014 7:47:07 PM | Computer Name = Pete-PC | Source = DCOM | ID = 10005
Description =
Error - 2/9/2014 7:47:10 PM | Computer Name = Pete-PC | Source = DCOM | ID = 10005
Description =
Error - 2/9/2014 7:47:12 PM | Computer Name = Pete-PC | Source = DCOM | ID = 10005
Description =
Error - 2/9/2014 7:47:20 PM | Computer Name = Pete-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 2/9/2014 7:47:20 PM | Computer Name = Pete-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >