Windows 7 can not run programs -- critical error and will restart in 1 min

Solved
By iH8scams
Oct 8, 2012
  1. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

  2. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Good :)

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ====================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  3. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
  4. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Reopened.
  5. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    Ok. I created restore point.

    was able to run combofix but I can not find any generated log: combofix.exe
  6. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Re-run it.
  7. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    Ok. had to rerun 3 times until it finaly updated.

    here are results:

    ComboFix 12-10-22.01 - Meineke 10/22/2012 12:19:31.1.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2815.985 [GMT -4:00]
    Running from: c:\users\Meineke\Desktop\ComboFix.exe
    AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
    FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
    SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\1242_ShpInvHist.exe
    C:\install.exe
    c:\users\Meineke\AppData\Local\chromeupdate.crx
    c:\windows\SysWow64\run.bat
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-22 to 2012-10-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-22 16:33 . 2012-10-22 16:37 -------- d-----w- c:\users\ACX\AppData\Local\temp
    2012-10-22 16:33 . 2012-10-22 16:33 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-15 12:25 . 2012-10-15 12:25 -------- d-----w- c:\users\Meineke\AppData\Roaming\Malwarebytes
    2012-10-15 12:24 . 2012-10-15 12:24 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-15 12:24 . 2012-10-22 11:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-15 12:24 . 2012-09-29 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-09 13:34 . 2011-09-29 16:16 119416 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
    2012-10-09 13:03 . 2012-10-09 13:03 -------- d-----w- C:\FRST
    2012-10-09 02:31 . 2012-10-09 16:56 -------- d-----w- c:\programdata\Recovery
    2012-10-08 11:52 . 2012-10-08 11:52 -------- d-----w- c:\program files\Send To Neat
    2012-10-08 11:52 . 2012-09-06 12:41 148480 ----a-w- c:\windows\VPDAgent_x64.exe
    2012-10-08 11:52 . 2012-09-06 12:41 54784 ----a-w- c:\windows\system32\sdtnpm.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    2012-09-20 20:06 87448 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-09-20 87448]
    .
    [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "JumiController"="c:\program files (x86)\Jumi\jumi.exe" [2012-10-09 3635712]
    "HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-09-28 1715768]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
    "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "tvncontrol"="c:\program files (x86)\TightVNC\tvnserver.exe" [2011-08-03 828944]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-08-08 540056]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Dyn Updater Tray Icon.lnk - c:\program files (x86)\Dyn Updater\DynTray.exe [2011-11-15 78192]
    Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-17 1040952]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
    @="Ad-Aware Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"
    .
    R2 AConneX Part Fulfillment Svc 1;AConneX Part Fulfillment Svc 1;c:\acs\rt\win\APFSvc.exe [2009-10-16 86016]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 136176]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 136176]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-05-28 17152]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-04 1255736]
    S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 256632]
    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
    S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-09-20 1236368]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 Agent;VPDAgent;c:\windows\VPDAgent_x64.exe [2012-09-06 148480]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264]
    S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
    S2 Dyn Updater;Dyn Updater;c:\program files (x86)\Dyn Updater\DynUpSvc.exe [2011-11-15 95608]
    S2 Handler;MKey Handler;c:\program files (x86)\Meineke\Mkey Handler\Mkey Handler.exe [2011-07-20 105984]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
    S2 MSSQL$MPACTSQL;SQL Server (MPACTSQL);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
    S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
    S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
    S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
    S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2011-08-03 828944]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-11 6790656]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-11 221184]
    S3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [2010-06-03 15160]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
    S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416]
    S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
    S3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 84600]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 721768]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 269672]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 13:40]
    .
    2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 13:40]
    .
    2012-10-22 c:\windows\Tasks\HPCeeScheduleForMeineke.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.advancecommercial.com/w...nForm?catalogId=10051&langId=-1&storeId=10151
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 209.26.88.31 204.215.43.3
    TCP: Interfaces\{43F88FA6-A4CD-4941-A3AF-892DDADBB228}: NameServer = 216.146.35.35,216.146.36.36,209.26.88.31,204.215.43.3
    DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
    DPF: {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} - hxxp://192.168.1.100/HiDvrOcx.cab
    DPF: {FD3BEB0C-AB43-4253-9146-C371D48FBE0D} - hxxp://192.168.1.10/web.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-Microsoft Default Manager - c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    HKLM_Wow6432Node-ActiveSetup-Neat ADF Scanner 2008 - reg copy HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008 HKCU\Software\The Neat Company\Neat ADF Scanner 2008
    AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
    "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
    89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
    57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
    d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:1d,2a,da,2d,72,5c,cd,01
    .
    [HKEY_USERS\S-1-5-21-1723799115-427907230-1844215600-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-1723799115-427907230-1844215600-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-22 13:02:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-22 17:02
    .
    Pre-Run: 375,085,633,536 bytes free
    Post-Run: 486,941,028,352 bytes free
    .
    - - End Of File - - D23DA68F983A8771356BA4821FF06E43
  8. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Looks good.

    How is computer doing?

    ===============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  9. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    OTL logfile created on: 10/22/2012 5:31:34 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Meineke\Desktop
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.75 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 55.68% Memory free
    5.50 Gb Paging File | 3.84 Gb Available in Paging File | 69.94% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 584.01 Gb Total Space | 452.76 Gb Free Space | 77.53% Space Free | Partition Type: NTFS
    Drive D: | 12.06 Gb Total Space | 1.48 Gb Free Space | 12.23% Space Free | Partition Type: NTFS
    Drive E: | 339.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive G: | 14.90 Gb Total Space | 6.82 Gb Free Space | 45.76% Space Free | Partition Type: FAT32

    Computer Name: MEINEKE-HP | User Name: Meineke | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/22 17:30:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Meineke\Desktop\OTL.exe
    PRC - [2012/10/09 08:59:46 | 003,635,712 | ---- | M] (Jumi Technologies) -- C:\Program Files (x86)\Jumi\jumi.exe
    PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/09/20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
    PRC - [2012/09/20 15:03:16 | 018,941,832 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
    PRC - [2012/08/08 04:17:00 | 000,540,056 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
    PRC - [2011/11/15 13:20:26 | 000,095,608 | ---- | M] (Dyn, Inc.) -- C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe
    PRC - [2011/11/15 13:20:26 | 000,078,192 | ---- | M] (Dyn, Inc.) -- C:\Program Files (x86)\Dyn Updater\DynTray.exe
    PRC - [2011/08/03 09:23:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) -- C:\Program Files (x86)\TightVNC\tvnserver.exe
    PRC - [2011/07/20 08:31:10 | 000,105,984 | ---- | M] () -- C:\Program Files (x86)\Meineke\Mkey Handler\Mkey Handler.exe
    PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2010/10/14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2010/06/12 21:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
    PRC - [2010/04/24 02:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2010/04/24 02:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2010/01/18 13:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    PRC - [2009/10/16 08:41:46 | 000,086,016 | ---- | M] (Activant Solutions Inc.) -- c:\acs\rt\win\APFSvc.exe
    PRC - [2009/10/14 18:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/10/09 08:59:57 | 003,020,288 | ---- | M] () -- C:\Program Files (x86)\Jumi\PreloadedProducts.dll
    MOD - [2011/07/20 08:50:16 | 001,747,456 | ---- | M] () -- C:\Program Files (x86)\Jumi\libvorbis.dll
    MOD - [2011/07/18 04:12:20 | 000,052,736 | ---- | M] () -- C:\Program Files (x86)\Jumi\libogg.dll
    MOD - [2011/06/20 14:19:28 | 000,202,752 | ---- | M] () -- C:\Program Files (x86)\Jumi\libtheora.dll
    MOD - [2011/04/16 03:34:35 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\94eb4ca06f43edf88bbdecd3729657d5\System.Management.ni.dll
    MOD - [2011/04/16 03:29:07 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e1f199a523bdc014cd19072d583e7cc\PresentationFramework.Aero.ni.dll
    MOD - [2011/04/16 03:28:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\adc8998d96ca331d17cef00b1ef95a5f\System.Runtime.Remoting.ni.dll
    MOD - [2011/04/16 03:28:52 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\b9565c454a22ca564978b05db4186f22\System.Data.ni.dll
    MOD - [2011/04/16 03:28:44 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7827588b8043e8be3184c8a64a867fc\PresentationFramework.ni.dll
    MOD - [2011/04/16 03:28:30 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4ea95056046fdf87f06ae807308b627\System.Windows.Forms.ni.dll
    MOD - [2011/04/16 03:28:25 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2a34e74599686e7383ae90670a994cdf\System.Drawing.ni.dll
    MOD - [2011/04/16 03:28:22 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\03dd2b7701ca5cfe696d4ca5a0f7b8bb\PresentationCore.ni.dll
    MOD - [2011/04/16 03:28:14 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\caa9d8bca3092573cdbb67c8e81bf0f3\WindowsBase.ni.dll
    MOD - [2011/04/16 03:28:10 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\167c8c3817ba1f48fe7396cc56f557e3\System.Xml.ni.dll
    MOD - [2011/04/16 03:28:06 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\50c67f851ae3df2d0ab7d86fd1c5c7e0\System.ni.dll
    MOD - [2011/04/16 03:28:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9d054fc9618b81d5703af1662cd11135\System.Configuration.ni.dll
    MOD - [2011/04/16 03:28:01 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ebdaeaeb9f66c9035b5f11431f10cda4\mscorlib.ni.dll
    MOD - [2011/01/27 09:18:26 | 000,123,448 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
    MOD - [2010/09/28 15:00:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
    MOD - [2010/09/28 15:00:30 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
    MOD - [2010/09/28 15:00:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
    MOD - [2010/01/18 13:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    MOD - [2009/06/10 17:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2010/05/11 11:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/09/20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
    SRV - [2012/09/06 08:41:40 | 000,148,480 | ---- | M] (Two Pilots) [Auto | Running] -- C:\Windows\VPDAgent_x64.exe -- (Agent)
    SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
    SRV - [2011/11/15 13:20:26 | 000,095,608 | ---- | M] (Dyn, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe -- (Dyn Updater)
    SRV - [2011/08/03 09:23:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files (x86)\TightVNC\tvnserver.exe -- (tvnserver)
    SRV - [2011/07/20 08:31:10 | 000,105,984 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Meineke\Mkey Handler\Mkey Handler.exe -- (Handler)
    SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/10/14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2010/06/12 21:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
    SRV - [2010/04/24 02:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2010/04/24 02:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2010/04/03 19:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/10/16 08:41:46 | 000,086,016 | ---- | M] (Activant Solutions Inc.) [Auto | Running] -- c:\acs\rt\win\APFSvc.exe -- (AConneX Part Fulfillment Svc 1)
    SRV - [2009/10/14 18:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011/12/19 12:44:24 | 000,256,632 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
    DRV:64bit: - [2011/12/19 12:44:24 | 000,084,600 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
    DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
    DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
    DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
    DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
    DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
    DRV:64bit: - [2010/06/03 11:07:18 | 000,015,160 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jumi.sys -- (jumi)
    DRV:64bit: - [2010/05/11 11:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/05/11 10:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/04/24 02:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2010/04/24 02:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2010/04/24 02:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2010/04/24 02:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2010/03/10 11:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
    DRV:64bit: - [2010/03/04 10:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/02/06 00:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/02/06 00:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
    DRV - [2011/05/28 08:03:09 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9D998F51-5E47-4A8B-89F0-35D8E53786A2}
    IE:64bit: - HKLM\..\SearchScopes\{0E42019E-BAD5-462E-AA5D-F7C471C6FA7E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE:64bit: - HKLM\..\SearchScopes\{8F3A4900-35FA-4072-AD95-656227B3A1D8}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{9D998F51-5E47-4A8B-89F0-35D8E53786A2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{D267F26D-657D-455C-91AA-07AAD491DE82}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE - HKLM\..\SearchScopes,DefaultScope = {9D998F51-5E47-4A8B-89F0-35D8E53786A2}
    IE - HKLM\..\SearchScopes\{0E42019E-BAD5-462E-AA5D-F7C471C6FA7E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{8F3A4900-35FA-4072-AD95-656227B3A1D8}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE - HKLM\..\SearchScopes\{9D998F51-5E47-4A8B-89F0-35D8E53786A2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{D267F26D-657D-455C-91AA-07AAD491DE82}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1723799115-427907230-1844215600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.showmetheparts.com/apex [Binary data over 200 bytes]
    IE - HKU\S-1-5-21-1723799115-427907230-1844215600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.advancecommercial.com/w...nForm?catalogId=10051&langId=-1&storeId=10151
    IE - HKU\S-1-5-21-1723799115-427907230-1844215600-1000\..\SearchScopes,DefaultScope = {8F3A4900-35FA-4072-AD95-656227B3A1D8}
    IE - HKU\S-1-5-21-1723799115-427907230-1844215600-1000\..\SearchScopes\{0E42019E-BAD5-462E-AA5D-F7C471C6FA7E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKU\S-1-5-21-1723799115-427907230-1844215600-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://safesearchr.lavasoft.com/?so...34E58C278F0FD5B1858F507424AC11&q={searchTerms}
    IE - HKU\S-1-5-21-1723799115-427907230-1844215600-1000\..\SearchScopes\{8F3A4900-35FA-4072-AD95-656227B3A1D8}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE - HKU\S-1-5-21-1723799115-427907230-1844215600-1000\..\SearchScopes\{9D998F51-5E47-4A8B-89F0-35D8E53786A2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-1723799115-427907230-1844215600-1000\..\SearchScopes\{D267F26D-657D-455C-91AA-07AAD491DE82}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\S-1-5-21-1723799115-427907230-1844215600-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1723799115-427907230-1844215600-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE - HKU\S-1-5-21-1723799115-427907230-1844215600-1004\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1
    IE - HKU\S-1-5-21-1723799115-427907230-1844215600-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()



    O1 HOSTS File: ([2012/10/22 12:38:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
    O4 - HKU\S-1-5-21-1723799115-427907230-1844215600-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
    O4 - HKU\S-1-5-21-1723799115-427907230-1844215600-1000..\Run: [JumiController] C:\Program Files (x86)\Jumi\jumi.exe (Jumi Technologies)
    O4 - HKU\S-1-5-21-1723799115-427907230-1844215600-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
    O4 - HKU\S-1-5-21-1723799115-427907230-1844215600-1004..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
    O4 - HKU\S-1-5-21-1723799115-427907230-1844215600-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1723799115-427907230-1844215600-1000..\RunOnce: [109_95847513117] "C:\Users\Meineke\AppData\Local\LogMeIn Rescue Applet\LMIR0003.tmp_r.bat" File not found
    O4 - HKU\S-1-5-21-1723799115-427907230-1844215600-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1723799115-427907230-1844215600-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1723799115-427907230-1844215600-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1723799115-427907230-1844215600-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe (Bodog)
    O13 - gopher Prefix: missing
    O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} http://192.168.1.100/HiDvrOcx.cab (HiDvrOcx Control)
    O16 - DPF: {FD3BEB0C-AB43-4253-9146-C371D48FBE0D} http://192.168.1.10/web.cab (Web Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.26.88.31 204.215.43.3
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43F88FA6-A4CD-4941-A3AF-892DDADBB228}: DhcpNameServer = 209.26.88.31 204.215.43.3
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43F88FA6-A4CD-4941-A3AF-892DDADBB228}: NameServer = 216.146.35.35,216.146.36.36,209.26.88.31,204.215.43.3
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\gopher - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/08/04 18:13:52 | 000,000,110 | -H-- | M] () - G:\autorun.inf -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/22 17:30:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Meineke\Desktop\OTL.exe
    [2012/10/22 13:02:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/10/22 12:38:12 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/10/22 12:16:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/22 12:16:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/22 12:16:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/22 12:15:46 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/22 08:02:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/22 07:58:21 | 004,986,434 | R--- | C] (Swearware) -- C:\Users\Meineke\Desktop\ComboFix.exe
    [2012/10/15 13:35:14 | 000,000,000 | ---D | C] -- C:\Users\Meineke\AppData\Local\{C70F44D4-4CEE-4058-B25F-362EEF648435}
    [2012/10/15 09:42:29 | 000,000,000 | ---D | C] -- C:\Users\Meineke\Desktop\SCOTT
    [2012/10/15 09:27:39 | 000,000,000 | ---D | C] -- C:\Users\Meineke\Desktop\VIRUS PROGRAMS
    [2012/10/15 08:25:15 | 000,000,000 | ---D | C] -- C:\Users\Meineke\AppData\Roaming\Malwarebytes
    [2012/10/15 08:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/10/15 08:24:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/10/15 08:24:58 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/10/15 08:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/10/15 08:24:06 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Meineke\Desktop\mbam-setup-1.65.0.1400.exe
    [2012/10/15 08:19:20 | 000,000,000 | ---D | C] -- C:\Users\Meineke\Desktop\RK_Quarantine
    [2012/10/09 10:15:33 | 000,000,000 | ---D | C] -- C:\Users\Meineke\Documents\Neat Data
    [2012/10/09 09:34:20 | 000,119,416 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFwIm.sys
    [2012/10/09 09:34:19 | 000,256,632 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFw.sys
    [2012/10/09 09:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
    [2012/10/09 09:27:18 | 000,000,000 | ---D | C] -- C:\Users\Meineke\AppData\Roaming\LavasoftStatistics
    [2012/10/09 09:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
    [2012/10/09 09:22:49 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
    [2012/10/09 09:22:48 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
    [2012/10/09 09:22:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
    [2012/10/09 09:22:05 | 000,000,000 | ---D | C] -- C:\Users\Meineke\AppData\Local\Downloaded Installations
    [2012/10/09 09:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
    [2012/10/09 09:21:28 | 000,000,000 | ---D | C] -- C:\Users\Meineke\AppData\Local\adawarebp
    [2012/10/09 09:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
    [2012/10/09 09:21:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
    [2012/10/09 09:21:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
    [2012/10/09 09:21:01 | 000,000,000 | ---D | C] -- C:\Users\Meineke\AppData\Roaming\Ad-Aware Antivirus
    [2012/10/09 09:03:13 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/10/08 22:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
    [2012/10/08 18:44:51 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2012/10/08 12:43:03 | 000,000,000 | ---D | C] -- C:\Users\Meineke\Documents\Neat Dataold
    [2012/10/08 07:52:35 | 000,148,480 | ---- | C] (Two Pilots) -- C:\Windows\VPDAgent_x64.exe
    [2012/10/08 07:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\Send To Neat
    [2012/10/06 16:58:31 | 000,000,000 | ---D | C] -- C:\Users\Meineke\Desktop\PDF FILES
    [2011/05/10 12:35:09 | 006,649,496 | ---- | C] (Snap-on Business Solutions ) -- C:\Users\Meineke\imgrdwnld.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/10/22 17:30:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Meineke\Desktop\OTL.exe
    [2012/10/22 16:38:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/22 13:20:31 | 000,020,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/22 13:20:31 | 000,020,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/22 13:12:52 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/22 13:12:49 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
    [2012/10/22 13:12:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/22 13:12:30 | 2214,027,264 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/22 12:38:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/10/22 12:25:19 | 000,027,745 | ---- | M] () -- C:\Users\Meineke\Desktop\error.jpg
    [2012/10/22 12:12:34 | 004,986,434 | R--- | M] (Swearware) -- C:\Users\Meineke\Desktop\ComboFix.exe
    [2012/10/22 10:06:02 | 000,001,652 | ---- | M] () -- C:\PartOrderResp.xml
    [2012/10/22 10:05:59 | 000,001,551 | ---- | M] () -- C:\PartOrderReq.xml
    [2012/10/22 10:05:59 | 000,001,478 | ---- | M] () -- C:\PartInqResp.xml
    [2012/10/22 10:05:58 | 000,001,403 | ---- | M] () -- C:\PartInqReq.xml
    [2012/10/22 07:39:29 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMeineke.job
    [2012/10/17 19:30:06 | 000,001,854 | ---- | M] () -- C:\Users\Meineke\AppData\Roaming\GhostObjGAFix.xml
    [2012/10/15 14:01:43 | 000,429,180 | ---- | M] () -- C:\Users\Meineke\Desktop\subpoena.pdf
    [2012/10/15 11:03:37 | 000,402,537 | ---- | M] () -- C:\Users\Meineke\Desktop\TSANG.pdf
    [2012/10/15 09:01:04 | 000,000,512 | ---- | M] () -- C:\Users\Meineke\Desktop\MBR.dat
    [2012/10/15 08:24:20 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Meineke\Desktop\mbam-setup-1.65.0.1400.exe
    [2012/10/15 08:03:36 | 000,001,190 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
    [2012/10/10 11:40:57 | 000,273,837 | ---- | M] () -- C:\Users\Meineke\Desktop\10-6-12.pdf
    [2012/10/09 15:58:24 | 000,000,017 | ---- | M] () -- C:\Windows\SysWow64\shortcut_ex.dat
    [2012/10/09 15:48:04 | 000,117,227 | ---- | M] () -- C:\Users\Meineke\Desktop\merchant.pdf
    [2012/10/09 15:48:00 | 000,110,625 | ---- | M] () -- C:\Users\Meineke\Desktop\thomas.pdf
    [2012/10/09 12:59:23 | 1061,002,028 | ---- | M] () -- C:\Users\Meineke\Desktop\10-9-2012_Neat.nbak
    [2012/10/09 09:03:35 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
    [2012/10/09 09:03:35 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
    [2012/10/09 08:03:32 | 000,002,589 | ---- | M] () -- C:\Users\Public\Desktop\MKey.lnk
    [2012/10/03 13:35:37 | 000,000,219 | ---- | M] () -- C:\ProgramData\RmUserCfg.ini
    [2012/10/03 13:35:37 | 000,000,061 | ---- | M] () -- C:\ProgramData\IpAndPort.fig
    [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2012/10/22 12:25:18 | 000,027,745 | ---- | C] () -- C:\Users\Meineke\Desktop\error.jpg
    [2012/10/22 12:16:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/22 12:16:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/22 12:16:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/22 12:16:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/22 12:16:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/15 14:01:43 | 000,429,180 | ---- | C] () -- C:\Users\Meineke\Desktop\subpoena.pdf
    [2012/10/15 11:03:37 | 000,402,537 | ---- | C] () -- C:\Users\Meineke\Desktop\TSANG.pdf
    [2012/10/15 09:01:04 | 000,000,512 | ---- | C] () -- C:\Users\Meineke\Desktop\MBR.dat
    [2012/10/15 08:03:36 | 000,001,190 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
    [2012/10/10 11:40:57 | 000,273,837 | ---- | C] () -- C:\Users\Meineke\Desktop\10-6-12.pdf
    [2012/10/09 15:58:24 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
    [2012/10/09 15:48:03 | 000,117,227 | ---- | C] () -- C:\Users\Meineke\Desktop\merchant.pdf
    [2012/10/09 15:48:00 | 000,110,625 | ---- | C] () -- C:\Users\Meineke\Desktop\thomas.pdf
    [2012/10/09 12:34:33 | 1061,002,028 | ---- | C] () -- C:\Users\Meineke\Desktop\10-9-2012_Neat.nbak
    [2012/10/08 07:52:27 | 000,054,784 | ---- | C] () -- C:\Windows\SysNative\sdtnpm.dll
    [2012/03/05 16:46:42 | 000,102,912 | ---- | C] () -- C:\Windows\agent_x64.exe
    [2011/05/31 07:48:06 | 000,000,000 | ---- | C] () -- C:\Users\Meineke\AppData\Local\{F5C5544C-CD37-4A9E-B7D8-15A1BA050752}
    [2011/05/23 15:43:27 | 000,010,180 | -HS- | C] () -- C:\Users\Meineke\AppData\Local\h0387md7ekpl3vuk24yy
    [2011/05/23 15:43:27 | 000,010,180 | -HS- | C] () -- C:\ProgramData\h0387md7ekpl3vuk24yy
    [2011/05/19 12:00:31 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
    [2011/05/19 12:00:31 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
    [2011/05/19 11:14:33 | 000,001,854 | ---- | C] () -- C:\Users\Meineke\AppData\Roaming\GhostObjGAFix.xml
    [2011/01/10 16:53:20 | 000,000,219 | ---- | C] () -- C:\ProgramData\RmUserCfg.ini
    [2011/01/10 16:53:20 | 000,000,061 | ---- | C] () -- C:\ProgramData\IpAndPort.fig
    [2011/01/04 07:59:45 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2011/01/04 06:52:20 | 000,000,121 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/01/04 06:14:58 | 000,743,932 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/12/28 04:27:00 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\AVCDecoder.dll
    [2010/12/27 04:13:42 | 004,497,993 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
    [2010/12/27 04:13:42 | 000,142,291 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
    [2010/12/19 02:34:04 | 007,276,032 | ---- | C] () -- C:\Windows\SysWow64\avcodec.dll
    [2010/12/19 02:34:04 | 000,742,220 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2010/12/19 02:34:04 | 000,666,624 | ---- | C] () -- C:\Windows\SysWow64\avformat.dll
    [2010/12/19 02:34:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\avutil.dll

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "ThreadingModel" = Both
    "" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 10:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 10:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 10:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/10/09 09:34:40 | 000,000,000 | ---D | M] -- C:\Users\Meineke\AppData\Roaming\Ad-Aware Antivirus
    [2012/03/05 16:54:14 | 000,000,000 | ---D | M] -- C:\Users\Meineke\AppData\Roaming\Neat
    [2012/03/05 16:54:09 | 000,000,000 | ---D | M] -- C:\Users\Meineke\AppData\Roaming\Nuance
    [2012/09/21 09:14:05 | 000,000,000 | ---D | M] -- C:\Users\Meineke\AppData\Roaming\PDF Writer
    [2011/05/19 11:02:17 | 000,000,000 | ---D | M] -- C:\Users\Meineke\AppData\Roaming\PictureMover
    [2012/10/22 07:35:25 | 000,000,000 | ---D | M] -- C:\Users\Meineke\AppData\Roaming\SoftGrid Client
    [2011/11/14 13:23:39 | 000,000,000 | ---D | M] -- C:\Users\Meineke\AppData\Roaming\TightVNC
    [2011/09/19 10:31:23 | 000,000,000 | -H-D | M] -- C:\Users\Meineke\AppData\Roaming\TP
    [2011/01/27 09:16:20 | 000,000,000 | -H-D | M] -- C:\Users\Meineke\AppData\Roaming\WinBatch
    [2012/04/25 10:33:49 | 000,000,000 | -H-D | M] -- C:\Users\Meineke\AppData\Roaming\Windows Live Writer
    [2012/07/30 16:34:08 | 000,000,000 | ---D | M] -- C:\Users\Meineke\AppData\Roaming\ZumoDrive

    ========== Purity Check ==========


    < End of report >
  10. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    OTL Extras logfile created on: 10/22/2012 5:31:34 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Meineke\Desktop
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.75 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 55.68% Memory free
    5.50 Gb Paging File | 3.84 Gb Available in Paging File | 69.94% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 584.01 Gb Total Space | 452.76 Gb Free Space | 77.53% Space Free | Partition Type: NTFS
    Drive D: | 12.06 Gb Total Space | 1.48 Gb Free Space | 12.23% Space Free | Partition Type: NTFS
    Drive E: | 339.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive G: | 14.90 Gb Total Space | 6.82 Gb Free Space | 45.76% Space Free | Partition Type: FAT32

    Computer Name: MEINEKE-HP | User Name: Meineke | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{5A471EF1-2EA1-40F3-841B-712BA1DF35D8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C46EEC52-C429-452D-8FB5-F74A91ECF699}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{6ADC8D84-61AE-4944-8EB2-5FB7F7F6819E}C:\program files (x86)\jumi\jumi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jumi\jumi.exe |
    "TCP Query User{E4396648-A6A4-430E-96BA-E9E894A257F7}C:\program files (x86)\jumi\jumi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jumi\jumi.exe |
    "UDP Query User{4D34D32A-0959-4190-A6A0-683E9E19B8A9}C:\program files (x86)\jumi\jumi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jumi\jumi.exe |
    "UDP Query User{B02D50B2-774F-408D-AA98-229BAD394BA8}C:\program files (x86)\jumi\jumi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jumi\jumi.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{237E305C-B625-466A-88CE-1E121BF4FDB1}" = Send To Neat
    "{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}" = ATI Catalyst Install Manager
    "{7EA2D88A-C8B7-4102-8644-0A437B6FC143}" = Neat Mobile Scanner Driver
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}" = Neat ADF Scanner 2008 Driver
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
    "{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}" = Neat ADF Scanner Driver
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}" = Neat Mobile Scanner (Silver) Driver
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}" = Neat Mobile Scanner 2008 Driver
    "{E735E90E-FE0B-4B10-90D5-4AC6D3899BFD}" = Microsoft SQL Server Management Objects Collection
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FD9560A8-CB02-1F28-CB9C-487244A28A8B}" = ccc-utility64
    "Bullzip PDF Printer_is1" = Bullzip PDF Printer 8.4.0.1425
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02AF1BD5-BCFC-4D6C-8824-AF5AADF7C6B6}" = NGISCT
    "{0655C185-FD48-5EBA-484A-CD530291F44D}" = CCC Help Hungarian
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0818FAA3-2553-4E5A-B558-76E71C32290B}" = Mkey3
    "{08A881E0-9DBA-4C3C-A703-EBEACA62E082}" = NGISCT
    "{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0BF71387-5AFD-F71B-7353-3AEBD3E8F5F3}" = Catalyst Control Center Graphics Full Existing
    "{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}" = ccc-core-static
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1B01541D-B1B8-8B7E-E82B-70551A1AF961}" = CCC Help Chinese Standard
    "{1E171C7E-C140-4E05-9ECE-BE4DAE4093B3}" = NGISCT
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{1FDC8149-87DC-4261-8935-75BE95A0F8F2}" = NGISRD
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
    "{236DDF04-6B5A-4A56-A298-A425680B4BDB}" = NGISCT
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26070CDA-A7C5-2114-0533-38DE06C65E7F}" = CCC Help Polish
    "{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
    "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 30
    "{2726B6FF-D8F9-8F29-2A7D-8192AAE79D3F}" = Catalyst Control Center Localization All
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MPACTSQL)
    "{2C9195E9-3BE3-4030-A55C-08D720D350B6}" = NGISCT
    "{2CE4119A-FF7F-3EE6-42A4-EB53C6057FFE}" = Zinio Reader 4
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "{3088B508-7EE1-EC64-4FFD-C4901378CE7D}" = CCC Help Russian
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3778B802-8E2C-04B0-2C1B-7C2A8F981824}" = CCC Help Finnish
    "{3A6CC46F-4E48-41B8-A2CD-A1A02C4DEB52}" = NGISCT
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
    "{48CA048A-3C5B-391E-7FF0-F36F434CB1B6}" = CCC Help Thai
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{52CD3425-C5E8-C49D-B776-AC85F018C0F6}" = Catalyst Control Center Graphics Previews Vista
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{54355060-9A23-11D4-9D4B-00010240F659}" = NGIS
    "{58B56F83-827A-4A51-AF31-C2F907E0C643}" = NGISCT
    "{597CE475-4F62-89EE-A81E-DB509DA0CBB2}" = CCC Help English
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5E7A925A-CCE1-4ED5-A0DD-4A821A3F9BC2}" = Catalyst Control Center Core Implementation
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{674DAE26-3C3C-2D20-1BB4-82B380142E78}" = CCC Help Greek
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6a4b0a4f-58d0-430c-becc-aa50733cd761}" = Ad-Aware Antivirus
    "{6A9EF47E-D49A-2EFC-20A1-A92DE7F826DF}" = CCC Help Czech
    "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
    "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "{713C3B3F-63FE-48B6-9683-11D21C534D49}" = NGISCT
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77745D46-9FB3-4189-9FA5-591C8BFA249C}" = MLink 4.6
    "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
    "{7A9C67EF-05A8-499F-56A2-C467A4FE6DEE}" = CCC Help Italian
    "{7D7E84A4-3B55-475F-A1E9-CA4F9D2A8A4E}" = NGISCT
    "{7DA0C5CE-9817-CDB2-F061-F72D0CB6EEB3}" = CCC Help German
    "{7DB63154-92A4-12AE-364F-DE9C7B459720}" = CCC Help Spanish
    "{7EF432B0-6091-4508-A2EA-E81D94915EA7}" = NGISCT
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{85E0AFF3-641A-40C7-9E7B-EA1296EC9E0F}" = NGISCT
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D2A81D8-AABF-673B-08BE-EF7A80295F14}" = CCC Help French
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{912CED74-88D3-4C5B-ACB0-13231864975D}" = PressReader
    "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{93F043DA-5758-4517-BB1B-99E8058700FD}" = Mkey3
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{981F6BCD-252E-6A64-9C6D-4E3B10B1B126}" = Catalyst Control Center InstallProxy
    "{99432E4C-1189-4887-9D75-DAA796015FFD}" = Neat Core Files
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7CEA571-43AC-95FE-4F08-22C401FC2824}" = CCC Help Japanese
    "{A826CCC4-C0BA-97B4-F1DB-E68CD45D1133}" = CCC Help Danish
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
    "{AC9A3F48-8936-40CD-A0B2-7CFA76906143}" = Catalyst Control Center Graphics Full New
    "{B2BF6842-FFC6-4183-A294-2F08DC70A7E5}" = Microsoft Store Download Manager
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B68D391C-32C6-798E-C78F-83C1797B162A}" = CCC Help Swedish
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
    "{BDDA1E1E-204E-4368-B0C2-737F16B76307}" = HP MediaSmart/TouchSmart Netflix
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D0EEC9ED-1D71-482E-B20F-F8EC93840B02}" = NGISCT
    "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DC47D46D-8874-D83A-6612-9DA3175861B2}" = CCC Help Korean
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
    "{DF09BCD9-3556-77A6-8984-1CA95F8E1078}" = CCC Help Portuguese
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0DE2996-A443-5FEA-30B7-9395E0F3A7CC}" = CCC Help Chinese Traditional
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{EA8DD520-112E-4802-BDE9-49B4070C41B1}" = NGISCT
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EDFA892D-594D-C921-35FF-B6E5CFD2487C}" = CCC Help Dutch
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F12B3251-FE57-4847-A2AA-04466364F197}" = NGISCT
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F518CC16-FEDC-497D-BA4D-629171468A01}" = Mkey Handler
    "{F56BBEB1-E982-0A07-0004-1CBC8E5B534E}" = CCC Help Turkish
    "{F600ED39-BA0C-A127-EAB7-057DF0A327E0}" = CCC Help Norwegian
    "{F84B7A2F-2328-A610-89F6-2CC78CF00FFE}" = Catalyst Control Center Graphics Light
    "{F9886B58-236B-473E-BA1C-AAB731D1EFF0}" = NGISCT
    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "{FDC8065B-80DE-4466-B90B-2581F6D77DFF}" = Image Plugin
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "adawaretb" = Ad-Aware Security Add-on
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "AVIGenerator" = AVIGenerator 1.8.0.0
    "Bodog Poker_is1" = Bodog Poker
    "DynUpdater" = Dyn Updater
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "Kobo" = Kobo
    "LaserCat" = LaserCat
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "MLink_is1" = MLink HostName Fix V2
    "My HP Game Console" = HP Game Console
    "Neat" = Neat
    "NetViewer" = NetViewer 2.1.359.0
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "PDF Complete" = PDF Complete Special Edition
    "ST6UNST #1" = M.Key Appointment Book v2
    "TightVNC" = TightVNC 2.0.4
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "WORLDPAC speedDIAL_is1" = WORLDPAC speedDIAL
    "WT087328" = Blackhawk Striker 2
    "WT087335" = Build-a-lot 2
    "WT087342" = Dora's Carnival Adventure
    "WT087360" = Escape Rosecliff Island
    "WT087361" = FATE
    "WT087362" = Final Drive Nitro
    "WT087372" = Heroes of Hellas 2 - Olympia
    "WT087373" = Jewel Quest 3
    "WT087379" = Jewel Quest Solitaire 2
    "WT087394" = Penguins!
    "WT087395" = Poker Superstars III
    "WT087396" = Polar Bowler
    "WT087397" = Polar Golfer
    "WT087414" = Virtual Families
    "WT087415" = Wheel of Fortune 2
    "WT087428" = Bejeweled 2 Deluxe
    "WT087453" = Chuzzle Deluxe
    "WT087501" = Plants vs. Zombies
    "WT087513" = Virtual Villagers - The Secret City
    "WT087533" = Zuma Deluxe
    "WT087536" = Diner Dash 2 Restaurant Rescue
    "ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1723799115-427907230-1844215600-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "HuluDesktop" = Hulu Desktop

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1723799115-427907230-1844215600-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "HuluDesktop" = Hulu Desktop

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/12/2012 10:37:51 AM | Computer Name = Meineke-HP | Source = Application Virtualization Client | ID = 5009
    Description = {hap=12:app=OfficeVirt 9014006604090000:tid=D48} The Application Virtualization
    Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.6120.5005.sft'
    (rc 00000729-00000020, original rc 00000729-00000020).

    Error - 10/12/2012 10:37:52 AM | Computer Name = Meineke-HP | Source = Application Virtualization Client | ID = 3008
    Description = {hap=12:app=OfficeVirt 9014006604090000:tid=D48} The client was unable
    to connect to an Application Virtualization Server (rc 00000729-00000020)

    Error - 10/12/2012 10:47:31 AM | Computer Name = Meineke-HP | Source = CVHSVC | ID = 100
    Description = Information only. Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.


    Error - 10/13/2012 7:27:56 AM | Computer Name = Meineke-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: jumi.exe, version: 1.0.0.1, time stamp:
    0x5069aa27 Faulting module name: jumi.exe, version: 1.0.0.1, time stamp: 0x5069aa27
    Exception
    code: 0xc0000005 Fault offset: 0x00205897 Faulting process id: 0xab8 Faulting application
    start time: 0x01cda887173d0bd2 Faulting application path: C:\Program Files (x86)\Jumi\jumi.exe
    Faulting
    module path: C:\Program Files (x86)\Jumi\jumi.exe Report Id: 08760709-1529-11e2-8f51-d485649fe414

    Error - 10/14/2012 6:28:21 AM | Computer Name = Meineke-HP | Source = CVHSVC | ID = 100
    Description = Information only. Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.


    Error - 10/14/2012 7:28:28 AM | Computer Name = Meineke-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: jumi.exe, version: 1.0.0.1, time stamp:
    0x5069aa27 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp:
    0x4a5bdbdf Exception code: 0xe06d7363 Fault offset: 0x0000b727 Faulting process id:
    0x27a4 Faulting application start time: 0x01cda935c569c3eb Faulting application path:
    C:\Program Files (x86)\Jumi\jumi.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
    Report
    Id: 45b2714d-15f2-11e2-8f51-d485649fe414

    Error - 10/15/2012 8:10:07 AM | Computer Name = Meineke-HP | Source = CVHSVC | ID = 100
    Description = Information only. Too many failures while downloading ranges: 2

    Error - 10/15/2012 8:10:41 AM | Computer Name = Meineke-HP | Source = CVHSVC | ID = 100
    Description = Information only. (Stream product id=0x0066): Streaming Failed

    Error - 10/15/2012 8:18:44 AM | Computer Name = Meineke-HP | Source = CVHSVC | ID = 100
    Description = Information only. Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.


    Error - 10/15/2012 9:13:52 AM | Computer Name = Meineke-HP | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 910 Start
    Time: 01cdaacfd7799bc2 Termination Time: 19 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id:

    Error - 10/15/2012 10:25:06 AM | Computer Name = Meineke-HP | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 39c Start
    Time: 01cdaacf96d9ffa5 Termination Time: 142 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id:

    [ Hewlett-Packard Events ]
    Error - 8/29/2012 7:13:40 PM | Computer Name = Meineke-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoSI.xml' is denied. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
    filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
    at ? .? . ()

    Error - 9/4/2012 1:11:52 AM | Computer Name = Meineke-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoSI.xml' is denied. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
    filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
    at ? .? . ()

    Error - 9/6/2012 7:53:06 AM | Computer Name = Meineke-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoSI.xml' is denied. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
    filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
    at ? .? . ()

    Error - 9/12/2012 7:08:38 PM | Computer Name = Meineke-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoSI.xml' is denied. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
    filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
    at ? .? . ()

    Error - 9/19/2012 7:52:28 PM | Computer Name = Meineke-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoSI.xml' is denied. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
    filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
    at ? .? . ()

    Error - 9/26/2012 7:27:37 PM | Computer Name = Meineke-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoSI.xml' is denied. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
    filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
    at ? .? . ()

    Error - 10/3/2012 7:22:58 PM | Computer Name = Meineke-HP | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101203072252.xml
    File not created by asset agent

    Error - 10/3/2012 7:23:09 PM | Computer Name = Meineke-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoSI.xml' is denied. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
    filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
    at ? .? . ()

    Error - 10/10/2012 7:32:33 PM | Computer Name = Meineke-HP | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101210073227.xml
    File not created by asset agent

    Error - 10/10/2012 7:32:40 PM | Computer Name = Meineke-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoSI.xml' is denied. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
    filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
    at ? .? . ()

    [ System Events ]
    Error - 10/22/2012 12:35:44 PM | Computer Name = Meineke-HP | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 10/22/2012 12:36:09 PM | Computer Name = Meineke-HP | Source = Service Control Manager | ID = 7038
    Description = The AConneX Part Fulfillment Svc 1 service was unable to log on as
    .\ACX with the currently configured password due to the following error: %%50 To
    ensure that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 10/22/2012 12:36:09 PM | Computer Name = Meineke-HP | Source = Service Control Manager | ID = 7000
    Description = The AConneX Part Fulfillment Svc 1 service failed to start due to
    the following error: %%1069

    Error - 10/22/2012 12:38:41 PM | Computer Name = Meineke-HP | Source = Service Control Manager | ID = 7000
    Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed
    to start due to the following error: %%31

    Error - 10/22/2012 12:38:44 PM | Computer Name = Meineke-HP | Source = WMPNetworkSvc | ID = 866314
    Description =

    Error - 10/22/2012 12:38:44 PM | Computer Name = Meineke-HP | Source = WMPNetworkSvc | ID = 866314
    Description =

    Error - 10/22/2012 12:39:45 PM | Computer Name = Meineke-HP | Source = Service Control Manager | ID = 7000
    Description = The HP Health Check Service service failed to start due to the following
    error: %%31

    Error - 10/22/2012 12:55:26 PM | Computer Name = Meineke-HP | Source = Service Control Manager | ID = 7031
    Description = The AConneX Part Fulfillment Svc 1 service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    500000 milliseconds: Restart the service.

    Error - 10/22/2012 1:13:52 PM | Computer Name = Meineke-HP | Source = WMPNetworkSvc | ID = 866314
    Description =

    Error - 10/22/2012 1:13:52 PM | Computer Name = Meineke-HP | Source = WMPNetworkSvc | ID = 866314
    Description =


    < End of report >
  11. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    Computer is running good. only issue is I have "catalyst host error" on startup.

    also it seems as if computer sits for 2 days idle when I get in monday it is super slow and programs stop responding and it takes me about 5 min to get it to reboot.

    other than that great
     
  12. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O4 - HKLM..\Run: [] File not found
      O4 - HKU\S-1-5-21-1723799115-427907230-1844215600-1000..\RunOnce: [109_95847513117] "C:\Users\Meineke\AppData\Local\LogMeIn Rescue Applet\LMIR0003.tmp_r.bat" File not found
      O4 - HKU\S-1-5-21-1723799115-427907230-1844215600-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      [2012/10/09 09:03:13 | 000,000,000 | ---D | C] -- C:\FRST
      [2011/05/23 15:43:27 | 000,010,180 | -HS- | C] () -- C:\Users\Meineke\AppData\Local\h0387md7ekpl3vuk24yy
      [2011/05/23 15:43:27 | 000,010,180 | -HS- | C] () -- C:\ProgramData\h0387md7ekpl3vuk24yy
      [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "ThreadingModel" = Both
      "" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 10:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 10:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 10:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    =================================

    I suggest you uninstall Lavasoft Ad-Aware Antivirus and you install something better like...
    Install ONE of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
    - free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

    =================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  13. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    I am still here. Please don't close. I will do his tomorrow.
  14. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Hmm...it's been 5 days since you said "tomorrow"...
  15. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    I know. I am sorry for delay. Trust me I want to get this resolved.

    I know you probably don't care about excuses but I live in Florida and hunting season just opened for deer. That may sound irrelevant but my store managers all take a lot of vacation for hunting season so I have been covering the other stores.

    I can understand if you need to close it but I will definitely be at that location on Monday and will be attempting to finish.
  16. Broni

    Broni Malware Annihilator Posts: 46,164   +251

  17. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    OTL will quit responding in regular mode. I tried safe mode and it quit responding immediately. Please let me know if I need to try another way. this is what I got from the longest run in regular mode:

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Meineke\AppData\Local\Temp\Estimate {AD041161-401C-4CF4-A883-10BFC77FDF90}.rpt not found!
    C:\Users\Meineke\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\Meineke\AppData\Local\Temp\~cpe{2EA9AFB1-ADEE-41E7-A484-1E20D568689B}.tmp not found!
    File\Folder C:\Users\Meineke\AppData\Local\Temp\~cpe{461BC489-F82F-4FA4-B25E-57BBD8927939}.tmp not found!
    File\Folder C:\Users\Meineke\AppData\Local\Temp\~cpe{9C254E83-2119-4425-B40E-D0F8B27C8BDD}.tmp not found!
    File\Folder C:\Users\Meineke\AppData\Local\Temp\~cpe{E5C1346D-88E1-4780-9D24-D4BAD83F1396}.tmp not found!
    File\Folder C:\Users\Meineke\AppData\Local\Temp\~DF0749690BAC8C3430.TMP not found!
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XC9QR1P5\0[1].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XC9QR1P5\csc-render[1].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XC9QR1P5\ping[1].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T8KO49SU\comScore[1].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T8KO49SU\LogonForm[1].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QMXZYSON\0[1].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QMXZYSON\0[2].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QMXZYSON\0[3].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OU5W504L\aclk[1].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NPXLV4QC\aclk[1].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NPXLV4QC\apexhaust[1].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G6H7OT86\aceUAC[1].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G6H7OT86\aceUAC[2].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G6H7OT86\fc[1].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9FBA2YMW\page-2[1].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3SQHMZER\billboard[6].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3SQHMZER\ext-render-secure[2].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3RGDZXZX\featured_stories_3_up[2].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\60SMQAZV\home3[1].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4DGU2OD7\dashboard[1].htm moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
  18. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    Ok ... OTL will stop responding in both regular and safe mode. it ran longer in regular mode. here is the log file. Please let me know if I need to rerun and a workabout for the not responding issue in safe mode.


    Files\Folders moved on Reboot...
    File\Folder C:\Users\Meineke\AppData\Local\Temp\Estimate {AD041161-401C-4CF4-A883-10BFC77FDF90}.rpt not found!
    C:\Users\Meineke\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\Meineke\AppData\Local\Temp\~cpe{2EA9AFB1-ADEE-41E7-A484-1E20D568689B}.tmp not found!
    File\Folder C:\Users\Meineke\AppData\Local\Temp\~cpe{461BC489-F82F-4FA4-B25E-57BBD8927939}.tmp not found!
    File\Folder C:\Users\Meineke\AppData\Local\Temp\~cpe{9C254E83-2119-4425-B40E-D0F8B27C8BDD}.tmp not found!
    File\Folder C:\Users\Meineke\AppData\Local\Temp\~cpe{E5C1346D-88E1-4780-9D24-D4BAD83F1396}.tmp not found!
    File\Folder C:\Users\Meineke\AppData\Local\Temp\~DF0749690BAC8C3430.TMP not found!
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XC9QR1P5\0[1].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XC9QR1P5\csc-render[1].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XC9QR1P5\ping[1].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T8KO49SU\comScore[1].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T8KO49SU\LogonForm[1].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QMXZYSON\0[1].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QMXZYSON\0[2].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QMXZYSON\0[3].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OU5W504L\aclk[1].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NPXLV4QC\aclk[1].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NPXLV4QC\apexhaust[1].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G6H7OT86\aceUAC[1].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G6H7OT86\aceUAC[2].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G6H7OT86\fc[1].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9FBA2YMW\page-2[1].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3SQHMZER\billboard[6].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3SQHMZER\ext-render-secure[2].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3RGDZXZX\featured_stories_3_up[2].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\60SMQAZV\home3[1].htm moved successfully.
    C:\Users\Meineke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4DGU2OD7\dashboard[1].htm moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  19. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    Results of screen317's Security Check version 0.99.54
    Windows 7 x64 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Lavasoft Ad-Aware
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Ad-Aware
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware version 1.65.1.1000
    Java(TM) 6 Update 30
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Reader X 10.1.2 Adobe Reader out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Ad-Aware AAWService.exe is disabled!
    Ad-Aware AAWTray.exe is disabled!
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Privatefirewall 6.1 pfsvc.exe
    Ad-Aware Antivirus AdAwareService.exe
    Ad-Aware Antivirus SBAMSvc.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
  20. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Go on...
  21. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    Farbar Service Scanner Version: 04-11-2012
    Ran by Meineke (administrator) on 06-11-2012 at 10:02:12
    Running from "C:\Users\Meineke\Desktop"
    Microsoft Windows 7 Ultimate (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
  22. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    # AdwCleaner v2.006 - Logfile created 11/06/2012 at 10:30:56
    # Updated 30/10/2012 by Xplode
    # Operating system : Windows 7 Ultimate (64 bits)
    # User : Meineke - MEINEKE-HP
    # Boot Mode : Normal
    # Running from : C:\Users\Meineke\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    Folder Deleted : C:\ProgramData\blekko toolbars
    ***** [Registry] *****
    Key Deleted : HKCU\Software\AppDataLow\Software
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Deleted : HKLM\Software\Software
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    [OK] Registry is clean.
    *************************
    AdwCleaner[R1].txt - [1096 octets] - [06/11/2012 10:29:12]
    AdwCleaner[S1].txt - [888 octets] - [06/11/2012 10:30:56]
    ########## EOF - C:\AdwCleaner[S1].txt - [947 octets] ##########
  23. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    TFC will constantly stop responding. should I try to run a different way?
  24. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    C:\Qoobox\Quarantine\C\Users\Meineke\AppData\Local\chromeupdate.crx.vir JS/Redirector.NCG trojan deleted - quarantined
    C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cda6545a8536bb.0000 Win64/Patched.B.Gen trojan deleted - quarantined
    C:\_OTL\MovedFiles\11052012_104215\C_FRST\Quarantine\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}\U\00000001.@ Win64/Conedex.G trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\11052012_104215\C_FRST\Quarantine\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}\U\80000000.@ Win64/Sirefef.AL trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\11052012_104215\C_FRST\Quarantine\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}\U\800000cb.@ Win64/Sirefef.AH trojan cleaned by deleting - quarantined
  25. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Run TFC from safe mode.

    =========================

    Update Adobe Flash Player
    Download for Internet Explorer: http://www.filehippo.com/download_flashplayer_ie_64/
    Download for [/b]Firefox, Opera and other Gecko-based browsers[/b]: http://www.filehippo.com/download_flashplayer_firefox_64/

    NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
    NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

    ===========================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    =============================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===========================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.