Solved System Check Virus - Finished first 5 steps..

[hamr1965]

Here is my Malwarebytes log - running windows 7 64bit


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.06.01

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
Hamr :: GATEWAY [administrator]

1/5/2012 8:39:42 PM
mbam-log-2012-01-05 (20-39-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211894
Time elapsed: 7 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|yBlqxAdBNPjQ.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\yBlqxAdBNPjQ.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|58376 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\adwgaexhcadg.bat -> Delete on reboot.

Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\ProgramData\yBlqxAdBNPjQ.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\ProgramData\ei5D22LMmwyLl8.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-330969727-3672866943-1694442197-1001\$R3P855V.tmp (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-330969727-3672866943-1694442197-1001\$RDQ6H2K.tmp (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-330969727-3672866943-1694442197-1001\$RIJ6QN9.tmp (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Users\Hamr\AppData\Local\Temp\5dc2d610.tmp (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\Users\Hamr\Desktop\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Users\Hamr\Downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)

 

[hamr1965]

gmer log

GMER log file

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-05 21:46:21
Windows 6.1.7601 Service Pack 1
Running: kvth8ijs.exe


---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS001C9.log 1048576 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS001CA.log 1048576 bytes

---- EOF - GMER 1.0.15 ----

 

[hamr1965]

dds logs

.dds.txt


DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
Run by Hamr at 22:53:01 on 2012-01-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.2424 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AGI\core\4.2.0.10752\AGCoreService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360210n905l0314z1k5a4902y23p
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360210n905l0314z1k5a4902y23p
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360210n905l0314z1k5a4902y23p
uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: ShopAtHome.com Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mExplorerRun: [58376] C:\PROGRA~3\LOCALS~1\Temp\adwgaexhcadg.bat
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{57406A2B-9D5F-4A78-8C58-68D959B90477} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{57406A2B-9D5F-4A78-8C58-68D959B90477}\24C657563486960784F64756C6 : DhcpNameServer = 206.158.2.1 206.158.2.30
TCP: Interfaces\{57406A2B-9D5F-4A78-8C58-68D959B90477}\9445740484F6C69646169794E6E654870727563737F5642766C646F5F486 : DhcpNameServer = 4.2.2.2 8.8.8.8 4.2.2.1
TCP: Interfaces\{57406A2B-9D5F-4A78-8C58-68D959B90477}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: ShopAtHome.com Toolbar: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hamr\AppData\Roaming\Mozilla\Firefox\Profiles\ccc1tovm.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff9.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Hamr\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Hamr\AppData\Roaming\Mozilla\Firefox\Profiles\ccc1tovm.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Forecastbar Enhanced: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8} - %profile%\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Simpler Pink: {db0de900-5ee3-11da-8cd6-0800200c9a66} - %profile%\extensions\{db0de900-5ee3-11da-8cd6-0800200c9a66}
FF - Ext: PinkPaulaPack: pinkpaula-combo@pinktheme.com - %profile%\extensions\pinkpaula-combo@pinktheme.com
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: NewTabURL: newtaburl@sogame.cat - %profile%\extensions\newtaburl@sogame.cat
FF - Ext: Zoom Page: zoompage@DW-dev - %profile%\extensions\zoompage@DW-dev
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - C:\Program Files (x86)\AVG\AVG2012\Firefox4
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AGCoreService;AG Core Services;C:\Program Files (x86)\AGI\core\4.2.0.10752\AGCoreService.exe [2010-2-14 20480]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-11-9 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-10-29 255744]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-14 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-11-9 240160]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-9 225280]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-14 135664]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-14 135664]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-01-06 01:38:36 -------- d-----w- C:\Users\Hamr\AppData\Roaming\Malwarebytes
2012-01-06 01:38:33 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-01-06 01:38:33 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-06 01:38:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-02 16:38:30 -------- d--h--w- C:\Users\Hamr\AppData\Roaming\Amaranth Games
2012-01-02 15:54:09 -------- d--h--w- C:\Program Files (x86)\Curse at Twilight - Thief of Souls Collector's Edition
2012-01-01 01:02:23 -------- d--h--w- C:\ProgramData\Desktop Gaming
2012-01-01 01:00:45 -------- d--h--w- C:\Program Files (x86)\Crime Solitaire
2011-12-31 19:32:36 -------- d--h--w- C:\Program Files (x86)\Shadow Wolf Mysteries - Bane of the Family Collector's Edition
2011-12-31 00:06:08 -------- d--h--w- C:\Users\Hamr\AppData\Roaming\Rovio
2011-12-31 00:05:53 -------- d--h--w- C:\Program Files (x86)\Rovio
2011-12-25 19:18:21 -------- d--h--w- C:\Program Files (x86)\Brink of Consciousness - Dorian Gray Syndrome Collectors Edition
2011-12-25 16:31:42 -------- d--h--w- C:\Users\Hamr\AppData\Roaming\MagicIndie
2011-12-24 00:56:51 -------- d--h--w- C:\Users\Hamr\AppData\Roaming\AlawarEntertainment
2011-12-24 00:37:19 -------- d--h--w- C:\Program Files (x86)\House of 1000 Doors - Family Secret Collector's Edition
2011-12-20 22:33:56 -------- d--h--w- C:\Program Files (x86)\Dark Parables - Rise of the Snow Queen Collector's Edition
2011-12-18 22:10:44 -------- d--h--w- C:\Program Files (x86)\Haunted Past - Realm of Ghosts Collectors Edition
2011-12-17 02:01:04 -------- d--h--w- C:\Program Files (x86)\Fairway
2011-12-14 21:47:50 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-14 21:47:49 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-14 21:47:49 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-14 21:47:40 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-14 21:47:40 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-10 17:50:02 -------- d--h--w- C:\Users\Hamr\AppData\Roaming\PlayFavoriteGames
2011-12-08 18:09:09 -------- d--h--w- C:\Program Files (x86)\Fear for Sale - Sunnyvale Story Collectors Edition
.
==================== Find3M ====================
.
2011-11-07 16:31:51 1409 ---ha-w- C:\Windows\SysWow64\tmp3F662.FOT
2011-11-07 16:31:51 1409 ---ha-w- C:\Windows\SysWow64\tmp3E662.FOT
2011-11-07 16:31:51 1409 ---ha-w- C:\Windows\SysWow64\tmp3D662.FOT
2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-28 20:21:27 1409 ---ha-w- C:\Windows\SysWow64\tmp39C9A.FOT
2011-10-28 20:21:27 1409 ---ha-w- C:\Windows\SysWow64\tmp2CC9A.FOT
2011-10-28 20:21:27 1409 ---ha-w- C:\Windows\SysWow64\tmp2BC9A.FOT
2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-24 13:18:10 1409 ---ha-w- C:\Windows\SysWow64\tmp7FF03.FOT
2011-10-24 13:18:10 1409 ---ha-w- C:\Windows\SysWow64\tmp7EF03.FOT
2011-10-24 13:18:10 1409 ---ha-w- C:\Windows\SysWow64\tmp61013.FOT
2011-10-12 16:35:57 1409 ---ha-w- C:\Windows\SysWow64\tmp93376.FOT
2011-10-12 16:35:57 1409 ---ha-w- C:\Windows\SysWow64\tmp92376.FOT
2011-10-12 16:35:57 1409 ---ha-w- C:\Windows\SysWow64\tmp85376.FOT
.
============= FINISH: 22:54:45.24 ===============


attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/14/2010 2:17:05 AM
System Uptime: 1/5/2012 10:46:40 PM (0 hours ago)
.
Motherboard: Gateway | | NV79
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | CPU | 917/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 329.402 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP368: 12/1/2011 1:41:42 PM - Scheduled Checkpoint
RP369: 12/9/2011 5:45:32 PM - Scheduled Checkpoint
RP370: 12/18/2011 3:01:50 AM - Windows Update
RP371: 12/27/2011 6:45:04 AM - Scheduled Checkpoint
RP372: 1/3/2012 9:39:48 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
7 Wonders: Magical Mystery Tour
9: The Dark Side Collector's Edition
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4 MUI
Angry Birds
Art of Murder: Deadly Secrets
Atlantic Quest
Awakening: The Goblin Kingdom
Awakening: The Goblin Kingdom Collector's Edition
Azada: In Libro Collector's Edition
Backup Manager Basic
Bejeweled Twist 1.0
Best Buy Software Installer
Big Fish Games: Game Manager
Bluebeard's Castle
Braid (Version 1.015)
Brink of Consciousness: Dorian Gray Syndrome Collector's Edition
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MG5200 series User Registration
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
ClamWin Free Antivirus 0.97.1
Columbus: Ghost of the Mystery Stone
Committed: Mystery at Shady Pines
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Cradle of Rome 2
Crime Solitaire
Curse at Twilight: Thief of Souls Collector's Edition
Cursed Memories: The Secret of Agony Creek Collector's Edition
CyberLink PowerDVD 8
D3DX10
Dark Dimensions: City of Fog Collector's Edition
Dark Parables: Rise of the Snow Queen Collector's Edition
Dark Tales: Edgar Allan Poe's The Premature Burial Collector's Edition
Dark Tales: ™ Edgar Allan Poe's The Black Cat
Dark Tales:™ Edgar Allan Poe`s Murders in the Rue Morgue Collector`s Edition
Dracula: Love Kills Collector's Edition
Dream Chronicles: The Book of Water
Dream Chronicles: The Book of Water Collector's Edition
Dreamland
Echoes of Sorrow
Echoes of the Past: The Citadels of Time Collector's Edition
Emma and the Inventor
Enigmatis: The Ghosts of Maple Creek Collector's Edition
Enlightenus II: The Timeless Tower Collector's Edition
Epic Escapes: Dark Seas
Escape from Thunder Island
EVEREST Ultimate Edition v5.50
F.A.C.E.S. Collector's Edition
Fairway Solitaire
Fairway™
Fallen Shadows
Family Vacation: California
Farm Frenzy
Farm Frenzy 3
Farm Frenzy 3: American Pie
Farm Frenzy 3: Madagascar
Farm Frenzy 3: Russian Roulette
Farm Frenzy Pizza Party
Farm Frenzy: Ancient Rome
Farm Frenzy: Gone Fishing
Farm Frenzy: Viking Heroes
Farmscapes
Fear for Sale: Sunnyvale Story Collector's Edition
Fishdom - Spooky Splash
Fishdom 2
Gateway InfoCentre
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Gravely Silent: House of Deadlock Collector's Edition
Grim Facade: Mystery of Venice Collector’s Edition
Grim Tales: The Bride Collector's Edition
Guardians of Beyond: Witchville Collector's Edition
Hallowed Legends: Samhain Collector's Edition
Hallowed Legends: Templar Collector's Edition
Haunted Halls: Fears from Childhood Collector's Edition
Haunted Halls: Green Hills Sanitarium Collector's Edition
Haunted Legends: The Bronze Horseman
Haunted Legends: The Queen of Spades
Haunted Manor: Queen of Death Collector's Edition
Haunted Past: Realm of Ghosts Collector's Edition
Heroes of Hellas 3: Athens
Hidden Expedition: The Uncharted Islands Collector's Edition
Hidden Wonders of the Depths 3: Atlantis Adventures
House of 1000 Doors: Family Secret Collector's Edition
Hoyle Card Games 2010 (remove only)
Hoyle Puzzle & Board Games 2010 (remove only)
HP Update
Identity Card
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Jar of Marbles
Java Auto Updater
Java(TM) 6 Update 22
Jewel Keepers: Easter Island
Jewel Quest II
Junk Mail filter update
Launch Manager
Letters from Nowhere 2
Lost Souls: Enchanted Paintings
Lost Souls: Enchanted Paintings Collector's Edition
Love Chronicles: The Sword and the Rose Collector's Edition
Macabre Mysteries: Curse of the Nightingale Collector's Edition
Maestro: Music of Death Collector's Edition
Mahjong Towers Eternity ™
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Midnight Mysteries: Devil on the Mississippi Collector's Edition
Mozilla Firefox (3.6.25)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Age: The Dark Priests
Mystery Case Files ®: 13th Skull ™ Collector's Edition
Mystery Case Files®: Dire Grove™ Collector's Edition
Mystery Case Files®: Escape from Ravenhearst™ Collector's Edition
Mystery Case Files: Huntsville ™
Mystery Chronicles: Betrayals of Love
Mystery Legends: Beauty and the Beast Collector's Edition
Mystery Legends: The Phantom of the Opera Collector's Edition
Mystery Murders: Jack the Ripper
Mystery of the Ancients: Lockwood Manor Collector's Edition
Mystery Stories: Mountains of Madness
Mystery Trackers: Raincliff Collector's Edition
Mystic Diary: Haunted Island
Nancy Drew: The Trail of the Twister
Nightmare Adventures: The Witch's Prison
Nightmare Realm Collector's Edition
Notebook Hardware Control 2.0 Pre-Release-06 Bugfix
NVIDIA PhysX
Oddly Enough: Pied Piper
OpenAL
Our Worst Fears: Stained Skin
Paranormal Crime Investigations: Brotherhood of the Crescent Snake Collector's Edition
Phantasmat
PhotoScape
Pirate Solitaire
Princess Isabella: Return of the Curse Collector's Edition
PuppetShow: Lost Town Collector's Edition
PuppetShow: Mystery of Joyville ™
PuppetShow: Souls of the Innocent
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Red Crow Mysteries: Legion
Redemption Cemetery: Children's Plight Collector's Edition
Redemption Cemetery: Curse of the Raven
Redrum: Time Lies
Reincarnations: Back to Reality Collector's Edition
Resurrection, New Mexico Collector's Edition
Romancing the Seven Wonders: Taj Mahal
Roxio Burn
Roxio Update Manager
Secrets of the Dark: Temple of Night
Secrets of the Dark: Temple of Night Collector's Edition
Secrets of the Past: Mother's Diary
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shadow Wolf Mysteries: Bane of the Family Collector's Edition
Shadow Wolf Mysteries: Curse of the Full Moon
Shattered Minds: Masquerade Collector's Edition
Sherlock Holmes and the Hound of the Baskervilles Collector's Edition
Shiver: Vanishing Hitchhiker Collector's Edition
ShopAtHome.com Toolbar
Skymist - The Lost Spirit Stones
Spirits of Mystery: Amber Maiden Collector's Edition
Strange Cases: The Secrets of Grey Mist Lake Collector's Edition
Stray Souls: Dollhouse Story Collector's Edition
System Requirements Lab for Intel
Tearstone
The Agency of Anomalies: Mystic Hospital Collector's Edition
The Fool
The Missing: A Search and Rescue Mystery Collector's Edition
The Mystery of the Crystal Portal: Beyond the Horizon
Them: The Summoning
Time Dreamer
Time Mysteries: Inheritance
Time Mysteries: The Ancient Spectres Collector's Edition
Timeless: The Forgotten Town Collector's Edition
Twisted Lands: Insomniac Collector's Edition
Twisted Lands: Shadow Town Collector's Edition
Unsolved Mystery Club: Ancient Astronauts
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Urban Legends: The Maze
Vampire Mansion: A Linda Hyde Adventure
Vampire Saga - Welcome To Hell Lock
Video Web Camera
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Voodoo Chronicles: The First Sign
Voodoo Whisperer: Curse of a Legend Collector's Edition
Walmart MP3 Music Downloads
Webshots Desktop
Weird Park: Broken Tune Collector's Edition
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
World Riddles: Secrets of the Ages
World Riddles: Seven Wonders
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Youda Mystery: The Stanwick Legacy
.
==== Event Viewer Messages From Past Week ========
.
1/5/2012 8:48:10 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/5/2012 8:12:20 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
1/5/2012 8:10:41 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
1/5/2012 8:10:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/5/2012 8:10:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/5/2012 8:10:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/5/2012 8:10:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/5/2012 8:10:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache spldr Wanarpv6
1/5/2012 10:48:41 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/5/2012 10:48:40 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[hamr1965]

aswMBR log

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-06 18:59:47
-----------------------------
18:59:47.225 OS Version: Windows x64 6.1.7601 Service Pack 1
18:59:47.226 Number of processors: 4 586 0x2502
18:59:47.227 ComputerName: GATEWAY UserName: Hamr
18:59:49.002 Initialize success
19:02:35.460 AVAST engine defs: 12010601
19:04:15.397 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:04:15.403 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
19:04:15.426 Disk 0 MBR read successfully
19:04:15.432 Disk 0 MBR scan
19:04:15.442 Disk 0 Windows 7 default MBR code
19:04:15.449 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
19:04:15.476 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 25173855
19:04:15.491 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 464545 MB offset 25382700
19:04:15.503 Service scanning
19:04:17.201 Modules scanning
19:04:17.210 Disk 0 trace - called modules:
19:04:17.221
19:04:18.091 AVAST engine scan C:\Windows
19:04:20.958 AVAST engine scan C:\Windows\system32
19:06:33.907 AVAST engine scan C:\Windows\system32\drivers
19:06:48.521 AVAST engine scan C:\Users\Hamr
19:23:13.995 AVAST engine scan C:\ProgramData
19:25:49.998 Scan finished successfully
19:26:44.906 Disk 0 MBR has been saved successfully to "C:\Users\Hamr\Desktop\MBR.dat"
19:26:44.918 The log file has been saved successfully to "C:\Users\Hamr\Desktop\aswMBR.txt"

 

[hamr1965]

combofix log

ComboFix 12-01-06.03 - Hamr 01/06/2012 19:50:50.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.2603 [GMT -5:00]
Running from: C:\Users\Hamr\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files (x86)\SelectRebates
C:\Program Files (x86)\SelectRebates\FFToolbar\chrome.manifest
C:\Program Files (x86)\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
C:\Program Files (x86)\SelectRebates\SelectRebates.exe
C:\Program Files (x86)\SelectRebates\SelectRebates.ini
C:\Program Files (x86)\SelectRebates\SelectRebatesApi.exe
C:\Program Files (x86)\SelectRebates\SelectRebatesDownload.exe
C:\Program Files (x86)\SelectRebates\SelectRebatesUninstall.exe
C:\Program Files (x86)\SelectRebates\SRebates.dll
C:\Program Files (x86)\SelectRebates\SRFF3.dll
C:\ProgramData\~ei5D22LMmwyLl8
C:\ProgramData\~ei5D22LMmwyLl8r
C:\ProgramData\ei5D22LMmwyLl8
C:\ProgramData\Gateway
C:\ProgramData\Gateway\Gateway Updater\_UpdaterService_CFG.ini
C:\ProgramData\Gateway\Gateway Updater\_UpdaterService_LOG.txt
C:\ProgramData\Gateway\Gateway Updater\Info\ALU_Status_0.txt
C:\ProgramData\Gateway\Gateway Updater\Info\ALU_Status_7.txt
C:\ProgramData\Gateway\Gateway Updater\ServerInfo.xml
C:\ProgramData\Gateway\Gateway Updater\ServerInfo.xml_debug.xml
C:\ProgramData\Gateway\Gateway Updater\ServerInfo.xml_ori.xml
C:\Users\Hamr\Documents\Readiris.DUS


((((((((((((((((((((((((( Files Created from 2011-12-07 to 2012-01-07 )))))))))))))))))))))))))))))))


2012-01-07 01:04:55 . 2012-01-07 01:04:55 -------- d-----w- C:\ProgramData\Gateway
2012-01-07 01:02:43 . 2012-01-07 01:02:43 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-01-07 01:02:43 . 2012-01-07 01:02:43 -------- d-----w- C:\Users\Administrator\AppData\Local\temp
2012-01-06 01:38:36 . 2012-01-06 01:38:36 -------- d-----w- C:\Users\Hamr\AppData\Roaming\Malwarebytes
2012-01-06 01:38:33 . 2012-01-06 01:50:28 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-06 01:38:33 . 2012-01-06 01:38:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-06 01:38:33 . 2011-12-10 20:24:08 23152 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-01-02 23:25:17 . 2012-01-02 23:25:17 -------- d--h--w- C:\ProgramData\Local Settings
2012-01-02 16:38:30 . 2012-01-02 16:38:30 -------- d--h--w- C:\Users\Hamr\AppData\Roaming\Amaranth Games
2012-01-02 15:54:09 . 2012-01-02 15:54:29 -------- d--h--w- C:\Program Files (x86)\Curse at Twilight - Thief of Souls Collector's Edition
2012-01-01 01:02:23 . 2012-01-01 01:02:23 -------- d--h--w- C:\ProgramData\Desktop Gaming
2012-01-01 01:00:45 . 2012-01-01 01:00:56 -------- d--h--w- C:\Program Files (x86)\Crime Solitaire
2011-12-31 19:32:36 . 2011-12-31 19:34:12 -------- d--h--w- C:\Program Files (x86)\Shadow Wolf Mysteries - Bane of the Family Collector's Edition
2011-12-31 00:06:08 . 2011-12-31 00:06:08 -------- d--h--w- C:\Users\Hamr\AppData\Roaming\Rovio
2011-12-31 00:05:53 . 2011-12-31 00:05:53 -------- d--h--w- C:\Program Files (x86)\Rovio
2011-12-25 19:18:21 . 2011-12-25 19:21:23 -------- d--h--w- C:\Program Files (x86)\Brink of Consciousness - Dorian Gray Syndrome Collectors Edition
2011-12-25 16:31:42 . 2011-12-25 16:31:42 -------- d--h--w- C:\Users\Hamr\AppData\Roaming\MagicIndie
2011-12-24 00:56:51 . 2011-12-24 00:56:51 -------- d--h--w- C:\Users\Hamr\AppData\Roaming\AlawarEntertainment
2011-12-24 00:37:19 . 2011-12-24 00:38:30 -------- d--h--w- C:\Program Files (x86)\House of 1000 Doors - Family Secret Collector's Edition
2011-12-20 22:33:56 . 2011-12-20 22:35:46 -------- d--h--w- C:\Program Files (x86)\Dark Parables - Rise of the Snow Queen Collector's Edition
2011-12-18 22:10:44 . 2011-12-18 22:24:04 -------- d--h--w- C:\Program Files (x86)\Haunted Past - Realm of Ghosts Collectors Edition
2011-12-17 02:01:04 . 2011-12-17 02:02:14 -------- d--h--w- C:\Program Files (x86)\Fairway
2011-12-14 21:47:50 . 2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\system32\win32k.sys
2011-12-14 21:47:49 . 2011-10-15 06:31:56 723456 ----a-w- C:\Windows\system32\EncDec.dll
2011-12-14 21:47:49 . 2011-10-15 05:38:59 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-14 21:47:40 . 2011-11-05 05:32:50 2048 ----a-w- C:\Windows\system32\tzres.dll
2011-12-14 21:47:40 . 2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-10 17:50:02 . 2011-12-10 17:50:02 -------- d--h--w- C:\Users\Hamr\AppData\Roaming\PlayFavoriteGames
2011-12-08 18:09:09 . 2011-12-08 18:10:39 -------- d--h--w- C:\Program Files (x86)\Fear for Sale - Sunnyvale Story Collectors Edition
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-11-07 16:31:51 . 2011-11-07 16:31:51 1409 ---ha-w- C:\Windows\SysWow64\tmp3F662.FOT
2011-11-07 16:31:51 . 2011-11-07 16:31:51 1409 ---ha-w- C:\Windows\SysWow64\tmp3E662.FOT
2011-11-07 16:31:51 . 2011-11-07 16:31:51 1409 ---ha-w- C:\Windows\SysWow64\tmp3D662.FOT
2011-10-28 20:21:27 . 2011-10-28 20:21:27 1409 ---ha-w- C:\Windows\SysWow64\tmp39C9A.FOT
2011-10-28 20:21:27 . 2011-10-28 20:21:27 1409 ---ha-w- C:\Windows\SysWow64\tmp2CC9A.FOT
2011-10-28 20:21:27 . 2011-10-28 20:21:27 1409 ---ha-w- C:\Windows\SysWow64\tmp2BC9A.FOT
2011-10-24 13:18:10 . 2011-10-24 13:18:10 1409 ---ha-w- C:\Windows\SysWow64\tmp7FF03.FOT
2011-10-24 13:18:10 . 2011-10-24 13:18:10 1409 ---ha-w- C:\Windows\SysWow64\tmp7EF03.FOT
2011-10-24 13:18:10 . 2011-10-24 13:18:10 1409 ---ha-w- C:\Windows\SysWow64\tmp61013.FOT
2011-10-12 16:35:57 . 2011-10-12 16:35:57 1409 ---ha-w- C:\Windows\SysWow64\tmp93376.FOT
2011-10-12 16:35:57 . 2011-10-12 16:35:57 1409 ---ha-w- C:\Windows\SysWow64\tmp92376.FOT
2011-10-12 16:35:57 . 2011-10-12 16:35:57 1409 ---ha-w- C:\Windows\SysWow64\tmp85376.FOT


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2010-11-05 01:58:19 297808]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2010-11-05 01:58:19 297808 ----a-w- C:\Windows\System32\mscoree.dll

C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-28 1132984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 AGCoreService;AG Core Services;C:\Program Files (x86)\AGI\core\4.2.0.10752\AGCoreService.exe [2010-01-26 20:48:24 20480]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 17:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 18:27:14 138576]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 19:58:23 135664]
R3 ALSysIO;ALSysIO;C:\Users\Hamr\AppData\Local\Temp\ALSysIO64.sys [x]
R3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 15:58:52 17864]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 19:58:23 135664]
R3 RTCore64;RTCore64;C:\Program Files (x86)\RMClock\RTCore64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
S2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-10-29 19:10:02 844320]
S2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 09:38:58 1150496]
S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe [2009-07-14 01:39:46 27136]
S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-10-29 20:31:00 255744]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 12:01:32 2320920]
S2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 02:47:12 240160]
S3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [2009-09-02 01:58:08 225280]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys [x]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys [x]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL

Contents of the 'Scheduled Tasks' folder

2012-01-07 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 19:58:25 . 2010-02-14 19:58:23]

2012-01-07 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 19:58:25 . 2010-02-14 19:58:23]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 19:25:54 186904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1

------- Supplementary Scan -------

uLocal Page = C:\WINDOWS\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360210n905l0314z1k5a4902y23p
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Users\Hamr\AppData\Roaming\Mozilla\Firefox\Profiles\ccc1tovm.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Forecastbar Enhanced: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8} - %profile%\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Simpler Pink: {db0de900-5ee3-11da-8cd6-0800200c9a66} - %profile%\extensions\{db0de900-5ee3-11da-8cd6-0800200c9a66}
FF - Ext: PinkPaulaPack: pinkpaula-combo@pinktheme.com - %profile%\extensions\pinkpaula-combo@pinktheme.com
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: NewTabURL: newtaburl@sogame.cat - %profile%\extensions\newtaburl@sogame.cat
FF - Ext: Zoom Page: zoompage@DW-dev - %profile%\extensions\zoompage@DW-dev
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Wow6432Node-HKLM-Explorer_Run-58376 - C:\PROGRA~3\LOCALS~1\Temp\adwgaexhcadg.bat
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-BFG-Resurrection, New Mexico Collector's Edition - C:\Program Files (x86)\Resurrection

 

[hamr1965]

Now what?

Everything ran okay - I did get the BSOD after running aswMBR and then downloading ComboFix - but before running ComboFix _ but I thought that might hve been caused by my AVG antivirus - so I uninstalled it - then ran Combofix. Now what? I still am missing most of my desktop icons and no files show up under All Programs at the Start button - and I still have an icon called System Check on my desktop.

 

[Broni]

You can simply delete that icon.

Combofix log looks good.

Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.

Any other issues?

 

[hamr1965]

Looking good

Everything looks good! Thank you so much for your help!

 

[Broni]

We're not done yet but I needed some update....

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[hamr1965]

sorry

got ahead of myself. okay downloading otl now - i will post after

 

[hamr1965]

OTL.txt

OTL logfile created on: 1/7/2012 11:16:51 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Hamr\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 67.31% Memory free
7.36 Gb Paging File | 6.05 Gb Available in Paging File | 82.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.66 Gb Total Space | 329.58 Gb Free Space | 72.65% Space Free | Partition Type: NTFS
Drive E: | 968.25 Mb Total Space | 768.81 Mb Free Space | 79.40% Space Free | Partition Type: FAT

Computer Name: GATEWAY | User Name: Hamr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/07 11:13:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Hamr\Desktop\OTL.exe
PRC - [2012/01/06 22:53:30 | 000,869,216 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2012/01/06 22:53:29 | 000,892,768 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2011/12/27 06:46:12 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/07/26 23:01:58 | 003,474,848 | ---- | M] (Webshots.com) -- C:\Program Files (x86)\Webshots\3.1.5.7619\Webshots.scr
PRC - [2010/06/29 07:04:18 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe
PRC - [2009/10/29 15:31:00 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/10/13 14:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 14:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/09/30 07:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 07:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/06 22:53:29 | 000,892,768 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2011/12/27 06:46:12 | 000,849,368 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/02/20 17:00:12 | 006,053,536 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/10/29 14:10:02 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/01/06 22:53:30 | 000,869,216 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/06/29 07:04:18 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe -- (AGCoreService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/29 15:31:00 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/10/13 14:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/09/30 07:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 07:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/28 22:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/06 20:52:24 | 012,264,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/15 00:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/02/26 15:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/23 00:27:12 | 000,307,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/13 14:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/04 20:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/09/01 20:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/08/05 15:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/28 22:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/12 09:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/12 09:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/12 09:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/17 17:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/12/18 10:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/09/01 20:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360210n905l0314z1k5a4902y23p


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-330969727-3672866943-1694442197-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-330969727-3672866943-1694442197-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?r34=1266762680|http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Hamr\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/01/06 22:53:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.23\ [2012/01/06 22:53:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/27 06:46:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/27 06:46:14 | 000,000,000 | ---D | M]

[2010/02/14 14:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamr\AppData\Roaming\Mozilla\Extensions
[2011/04/03 21:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamr\AppData\Roaming\Mozilla\Firefox\Profiles\5d0va5oe.default\extensions
[2011/04/03 21:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamr\AppData\Roaming\Mozilla\Firefox\Profiles\5d0va5oe.default\extensions\toolbar@shopathome.com
[2011/04/03 21:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamr\AppData\Roaming\Mozilla\Firefox\Profiles\71onepno.default\extensions
[2010/02/21 09:59:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hamr\AppData\Roaming\Mozilla\Firefox\Profiles\71onepno.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/03 21:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamr\AppData\Roaming\Mozilla\Firefox\Profiles\71onepno.default\extensions\toolbar@shopathome.com
[2012/01/06 23:18:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamr\AppData\Roaming\Mozilla\Firefox\Profiles\ccc1tovm.default\extensions
[2011/05/22 13:35:14 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Hamr\AppData\Roaming\Mozilla\Firefox\Profiles\ccc1tovm.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/05/11 21:55:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hamr\AppData\Roaming\Mozilla\Firefox\Profiles\ccc1tovm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/21 09:59:34 | 000,000,000 | ---D | M] (Forecastbar Enhanced) -- C:\Users\Hamr\AppData\Roaming\Mozilla\Firefox\Profiles\ccc1tovm.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
[2011/08/31 04:32:57 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\Hamr\AppData\Roaming\Mozilla\Firefox\Profiles\ccc1tovm.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010/05/01 16:50:44 | 000,000,000 | ---D | M] (Simpler Pink) -- C:\Users\Hamr\AppData\Roaming\Mozilla\Firefox\Profiles\ccc1tovm.default\extensions\{db0de900-5ee3-11da-8cd6-0800200c9a66}
[2011/08/31 04:32:58 | 000,000,000 | ---D | M] (NewTabURL) -- C:\Users\Hamr\AppData\Roaming\Mozilla\Firefox\Profiles\ccc1tovm.default\extensions\newtaburl@sogame.cat
[2010/05/01 17:23:06 | 000,000,000 | ---D | M] ("PinkPaulaPack") -- C:\Users\Hamr\AppData\Roaming\Mozilla\Firefox\Profiles\ccc1tovm.default\extensions\pinkpaula-combo@pinktheme.com
[2011/05/11 21:55:42 | 000,000,000 | ---D | M] (Zoom Page) -- C:\Users\Hamr\AppData\Roaming\Mozilla\Firefox\Profiles\ccc1tovm.default\extensions\zoompage@DW-dev
[2012/01/06 23:18:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/26 17:23:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/28 08:59:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/13 08:25:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG9\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED
[2010/11/30 10:26:26 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2010/11/30 10:26:26 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/01/06 22:53:29 | 000,003,747 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

O1 HOSTS File: ([2012/01/06 20:05:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-330969727-3672866943-1694442197-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O4 - Startup: C:\Users\Hamr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files (x86)\Webshots\3.1.5.7619\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 58376 = C:\PROGRA~3\LOCALS~1\Temp\adwgaexhcadg.bat
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-330969727-3672866943-1694442197-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-330969727-3672866943-1694442197-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-330969727-3672866943-1694442197-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O1364bit: - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57406A2B-9D5F-4A78-8C58-68D959B90477}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/07 11:13:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Hamr\Desktop\OTL.exe
[2012/01/06 23:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/01/06 23:05:25 | 000,000,000 | ---D | C] -- C:\Users\Hamr\AppData\Roaming\AVG2012
[2012/01/06 22:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/01/06 22:53:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/01/06 22:53:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/01/06 22:53:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/01/06 22:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/01/06 22:53:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/01/06 21:27:59 | 000,000,000 | ---D | C] -- C:\Users\Hamr\Desktop\virus
[2012/01/06 21:24:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/06 20:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Gateway
[2012/01/06 20:02:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/06 19:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/01/06 19:48:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/06 19:48:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/06 19:48:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/06 19:47:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/06 19:47:45 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/06 19:47:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/05 20:38:36 | 000,000,000 | ---D | C] -- C:\Users\Hamr\AppData\Roaming\Malwarebytes
[2012/01/05 20:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/05 20:38:33 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/05 20:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/05 20:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/02 18:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012/01/02 11:38:30 | 000,000,000 | ---D | C] -- C:\Users\Hamr\AppData\Roaming\Amaranth Games
[2012/01/02 10:54:09 | 000,000,000 | ---D | C] -- C:\Users\Hamr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse at Twilight - Thief of Souls Collector's Edition
[2012/01/02 10:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Curse at Twilight - Thief of Souls Collector's Edition
[2012/01/02 10:54:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Curse at Twilight - Thief of Souls Collector's Edition
[2011/12/31 20:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Desktop Gaming
[2011/12/31 20:00:45 | 000,000,000 | ---D | C] -- C:\Users\Hamr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crime Solitaire
[2011/12/31 20:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crime Solitaire
[2011/12/31 20:00:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crime Solitaire
[2011/12/31 14:32:36 | 000,000,000 | ---D | C] -- C:\Users\Hamr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shadow Wolf Mysteries - Bane of the Family Collector's Edition
[2011/12/31 14:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shadow Wolf Mysteries - Bane of the Family Collector's Edition
[2011/12/31 14:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shadow Wolf Mysteries - Bane of the Family Collector's Edition
[2011/12/30 19:06:08 | 000,000,000 | ---D | C] -- C:\Users\Hamr\AppData\Roaming\Rovio
[2011/12/30 19:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio
[2011/12/30 19:05:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rovio
[2011/12/25 14:18:21 | 000,000,000 | ---D | C] -- C:\Users\Hamr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brink of Consciousness - Dorian Gray Syndrome Collectors Edition
[2011/12/25 14:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brink of Consciousness - Dorian Gray Syndrome Collectors Edition
[2011/12/25 14:18:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brink of Consciousness - Dorian Gray Syndrome Collectors Edition
[2011/12/25 11:31:42 | 000,000,000 | ---D | C] -- C:\Users\Hamr\AppData\Roaming\MagicIndie
[2011/12/23 19:56:51 | 000,000,000 | ---D | C] -- C:\Users\Hamr\AppData\Roaming\AlawarEntertainment
[2011/12/23 19:37:19 | 000,000,000 | ---D | C] -- C:\Users\Hamr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\House of 1000 Doors - Family Secret Collector's Edition
[2011/12/23 19:37:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\House of 1000 Doors - Family Secret Collector's Edition
[2011/12/23 19:37:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\House of 1000 Doors - Family Secret Collector's Edition
[2011/12/20 17:33:56 | 000,000,000 | ---D | C] -- C:\Users\Hamr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Parables - Rise of the Snow Queen Collector's Edition
[2011/12/20 17:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dark Parables - Rise of the Snow Queen Collector's Edition
[2011/12/20 17:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dark Parables - Rise of the Snow Queen Collector's Edition
[2011/12/18 17:10:44 | 000,000,000 | ---D | C] -- C:\Users\Hamr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haunted Past - Realm of Ghosts Collectors Edition
[2011/12/18 17:10:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haunted Past - Realm of Ghosts Collectors Edition
[2011/12/18 17:10:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haunted Past - Realm of Ghosts Collectors Edition
[2011/12/16 21:01:04 | 000,000,000 | ---D | C] -- C:\Users\Hamr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fairway
[2011/12/16 21:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fairway
[2011/12/16 21:01:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fairway
[2011/12/10 12:50:02 | 000,000,000 | ---D | C] -- C:\Users\Hamr\AppData\Roaming\PlayFavoriteGames
[2011/12/08 13:09:09 | 000,000,000 | ---D | C] -- C:\Users\Hamr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fear for Sale - Sunnyvale Story Collectors Edition
[2011/12/08 13:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fear for Sale - Sunnyvale Story Collectors Edition
[2011/12/08 13:09:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fear for Sale - Sunnyvale Story Collectors Edition
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/07 11:21:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/07 11:13:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Hamr\Desktop\OTL.exe
[2012/01/07 11:06:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/07 10:00:34 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/07 10:00:34 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/07 09:53:17 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/07 09:52:38 | 2962,313,216 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/07 09:29:26 | 086,178,471 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/01/06 23:26:49 | 000,001,143 | ---- | M] () -- C:\Users\Hamr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
[2012/01/06 22:53:38 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/01/06 22:53:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/01/06 22:53:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/01/06 22:40:15 | 000,001,461 | ---- | M] () -- C:\Users\Hamr\Desktop\Big Fish Game Manager.lnk
[2012/01/06 22:07:38 | 000,001,073 | ---- | M] () -- C:\Users\Hamr\Desktop\Webshots Desktop.lnk
[2012/01/06 21:32:18 | 000,001,507 | ---- | M] () -- C:\Users\Hamr\Desktop\Firefox.lnk
[2012/01/06 20:05:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/06 19:35:27 | 733,568,322 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/02 07:43:48 | 000,730,512 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/02 07:43:48 | 000,627,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/02 07:43:48 | 000,107,600 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/18 03:55:38 | 000,425,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/16 21:02:14 | 000,001,889 | ---- | M] () -- C:\Users\Hamr\Desktop\Play Fairway.lnk
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/07 09:29:26 | 086,178,471 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/01/06 22:53:38 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/01/06 22:53:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/01/06 22:53:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/01/06 22:39:33 | 000,001,461 | ---- | C] () -- C:\Users\Hamr\Desktop\Big Fish Game Manager.lnk

 

[hamr1965]

otl.txt part 2

[2012/01/06 22:07:38 | 000,001,143 | ---- | C] () -- C:\Users\Hamr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
[2012/01/06 22:07:38 | 000,001,073 | ---- | C] () -- C:\Users\Hamr\Desktop\Webshots Desktop.lnk
[2012/01/06 21:31:35 | 000,001,507 | ---- | C] () -- C:\Users\Hamr\Desktop\Firefox.lnk
[2012/01/06 19:57:53 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2012/01/06 19:57:53 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/06 19:57:53 | 000,002,384 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/01/06 19:57:53 | 000,001,934 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2012/01/06 19:57:53 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/01/06 19:57:53 | 000,001,356 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/01/06 19:57:53 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/01/06 19:57:53 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/01/06 19:57:53 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/01/06 19:57:53 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/01/06 19:57:53 | 000,001,300 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/01/06 19:57:53 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
[2012/01/06 19:57:53 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/01/06 19:57:53 | 000,001,231 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/01/06 19:57:53 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/01/06 19:57:53 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/01/06 19:57:53 | 000,001,085 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webshots Desktop.lnk
[2012/01/06 19:48:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/06 19:48:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/06 19:48:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/06 19:48:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/06 19:48:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/16 21:02:14 | 000,001,889 | ---- | C] () -- C:\Users\Hamr\Desktop\Play Fairway.lnk
[2011/05/28 15:29:09 | 000,000,000 | ---- | C] () -- C:\Windows\Twister.INI
[2011/04/30 16:37:29 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/06 20:50:36 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/03/06 20:50:36 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/03/06 20:50:36 | 000,105,420 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/09/06 11:55:04 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/05/05 16:05:48 | 000,000,000 | ---- | C] () -- C:\Users\Hamr\AppData\Local\prvlcl.dat
[2010/02/15 07:29:43 | 000,008,237 | ---- | C] () -- C:\Windows\wininit.ini
[2010/02/14 14:54:53 | 000,007,657 | ---- | C] () -- C:\Users\Hamr\AppData\Local\Resmon.ResmonCfg
[2010/02/14 14:29:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2011/08/20 17:17:04 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Alawar Stargaze
[2011/12/23 19:56:51 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\AlawarEntertainment
[2012/01/02 11:38:30 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Amaranth Games
[2011/07/02 17:33:08 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Anarchy
[2011/11/03 17:33:25 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Artifex Mundi
[2011/03/27 11:26:51 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Artogon
[2011/09/25 07:03:54 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\AVG
[2012/01/06 23:05:25 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\AVG2012
[2011/06/05 09:51:16 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Awem
[2011/05/22 17:59:03 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Big Finish
[2011/12/16 21:03:21 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Big Fish Games
[2011/12/20 18:20:41 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Blue Tea Games
[2011/07/10 16:09:46 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Boolat Games
[2011/09/12 18:56:06 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Boomzap
[2011/10/08 19:43:44 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Braid
[2011/04/13 15:35:28 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Camel101
[2011/06/15 10:38:23 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Canon
[2011/09/11 15:40:16 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\casualArts
[2010/11/30 10:26:26 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Catalina Marketing Corp
[2011/11/20 14:15:57 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\cerasus.media
[2011/05/14 18:47:05 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\DailyMagic
[2011/11/01 19:03:41 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\DieselPuppet
[2011/06/03 18:26:09 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\DragonsEye Studios
[2011/04/02 11:38:04 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Dying for Daylight
[2011/04/02 11:38:23 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Dying for Daylight Shared
[2011/12/10 12:32:29 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\EleFun Games
[2011/11/10 18:34:35 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Elephant Games
[2011/10/11 18:37:19 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Enki Games
[2011/08/31 15:58:28 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Enlightenus2_BFG
[2011/08/31 16:11:06 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\ERS G-Studio
[2011/12/31 18:13:19 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\ERS Game Studios
[2011/10/28 15:47:15 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\FamilyVacationCalifornia
[2011/11/13 11:15:56 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Fanda Games
[2011/09/04 10:13:53 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Fenomen Games
[2011/08/14 10:45:53 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Floodlight Games
[2011/08/14 08:23:47 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Freeze Tag
[2011/02/25 10:53:47 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Friday's games
[2011/06/11 14:23:36 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Frogwares
[2011/04/29 20:21:38 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Funswitch
[2011/07/23 12:09:15 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\GameInvest
[2011/04/13 15:35:26 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\GarageGames
[2010/09/06 11:55:04 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Ghost Ship Studios
[2011/10/05 18:19:51 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\GO Games
[2011/12/18 17:24:07 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Gogii
[2011/07/22 18:17:58 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Happy Muffin Top
[2011/05/25 18:32:04 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Hoyle
[2010/03/30 18:21:37 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Hoyle FaceCreator
[2011/05/27 17:16:56 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Hoyle Puzzle and Board Games
[2010/12/25 10:25:35 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\iWin
[2011/10/26 16:17:56 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\JaiboGames
[2011/02/02 13:59:58 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Jewel Keepers Easter Island
[2011/05/01 09:39:42 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Lazy Turtle Games
[2011/06/30 19:05:26 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\LestaStudio
[2010/05/02 14:07:05 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Ludia
[2010/11/18 18:23:43 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\MA2
[2011/12/25 11:31:42 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\MagicIndie
[2010/12/05 07:38:24 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Magnet's Story
[2011/09/28 17:14:56 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Mariaglorum
[2011/11/03 18:20:33 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\MediaArt
[2010/07/04 15:14:48 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Merscom
[2011/05/27 17:19:37 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\MumboJumbo
[2010/08/22 07:33:59 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Mutant Arcade
[2011/04/30 19:29:59 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\My Games
[2011/10/02 10:24:54 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Orneon
[2010/09/17 18:59:41 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Packard Bell
[2011/04/07 20:40:12 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Phantasmat_bf_se1
[2011/08/24 20:59:20 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\PhotoScape
[2011/12/10 12:50:02 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\PlayFavoriteGames
[2011/05/28 12:41:38 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\PlayFirst
[2011/10/12 15:24:23 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\PlayPond
[2011/12/30 19:06:08 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Rovio
[2011/10/15 15:28:11 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\SMIGames
[2010/09/12 12:47:24 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Specialbit
[2011/10/23 11:22:34 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\SulusGames
[2011/04/17 11:58:37 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\SystemRequirementsLab
[2011/06/05 09:15:11 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Teyon
[2010/07/26 15:38:07 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\TikisLab
[2011/11/20 09:15:22 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Top Evidence
[2011/05/20 19:04:59 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\TrickySoftware
[2011/07/26 19:01:51 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\VampireSagaHL
[2011/12/01 17:02:19 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Vast Studios
[2011/06/02 17:43:32 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\VendelGAMES
[2011/10/20 17:34:10 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Vogat Interactive
[2010/02/14 14:45:45 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\Webshots
[2011/01/01 08:19:04 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\WinPatrol
[2011/11/21 18:34:05 | 000,000,000 | ---D | M] -- C:\Users\Hamr\AppData\Roaming\YoudaGames
[2011/08/30 04:06:46 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/02/23 01:24:23 | 000,003,985 | ---- | M] () -- C:\ap.gif
[2004/03/08 13:51:49 | 000,045,056 | ---- | M] () -- C:\boost_thread.dll
[2009/11/09 22:12:45 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2004/03/10 16:16:33 | 000,077,824 | ---- | M] (Moodlogic) -- C:\catgen.exe
[2006/09/05 13:14:56 | 000,005,503 | R--- | M] () -- C:\dell.sdr
[2007/08/01 17:21:37 | 000,000,061 | ---- | M] () -- C:\DVDPATH.TXT
[2007/11/15 23:30:33 | 009,491,676 | ---- | M] () -- C:\get_video[8].flv.AVI
[2012/01/07 09:52:38 | 2962,313,216 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/14 01:09:38 | 000,000,132 | ---- | M] () -- C:\ICSYSINF.log
[2008/02/06 10:58:17 | 000,921,624 | ---- | M] () -- C:\img2-001.raw
[2007/02/23 02:14:58 | 000,001,735 | ---- | M] () -- C:\index.htm
[2006/09/17 22:21:04 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2010/11/27 15:43:06 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2009/07/04 14:26:52 | 000,000,139 | ---- | M] () -- C:\ioSpecial.ini
[2006/09/05 13:43:10 | 000,000,827 | ---- | M] () -- C:\IPH.PH
[2004/03/07 22:09:44 | 000,147,456 | ---- | M] () -- C:\libexpatw.dll
[2012/01/07 09:52:38 | 3949,752,320 | -HS- | M] () -- C:\pagefile.sys
[2009/11/09 22:23:10 | 000,003,132 | ---- | M] () -- C:\RHDSetup.log
[2012/01/05 22:49:25 | 000,000,361 | ---- | M] () -- C:\rkill.log
[2003/12/01 14:52:14 | 003,107,296 | ---- | M] () -- C:\SUN.TRS
[2007/11/20 01:55:58 | 149,483,008 | ---- | M] () -- C:\testcap.avi
[2003/04/21 17:09:50 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\unicows.dll
[2004/07/01 16:20:20 | 000,212,992 | ---- | M] (Moodlogic) -- C:\Updater.exe
[2003/12/01 14:49:15 | 003,064,863 | ---- | M] () -- C:\WED.TRS
[2006/12/15 21:27:07 | 000,000,146 | ---- | M] () -- C:\YServer.txt
[2011/07/16 14:23:15 | 000,003,180 | ---- | M] () -- C:\z_prof_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/09/12 23:23:14 | 000,000,170 | -HS- | M] () -- C:\Users\Hamr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2010/02/21 14:49:14 | 000,000,221 | -HS- | M] () -- C:\Users\Hamr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2009/10/13 08:07:42 | 001,277,680 | ---- | M] () -- C:\Users\Hamr\Desktop\CouponPrinter(2).exe
[2012/01/07 11:13:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Hamr\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/07/02 07:52:20 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/07/02 07:52:20 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/07/02 07:52:20 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/07/02 07:52:20 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/07/02 07:52:20 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2011/07/02 07:52:20 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2005/04/15 17:46:23 | 000,000,122 | -HS- | M] () -- C:\Users\Hamr\Favorites\Desktop (1).ini
[2011/07/02 07:57:38 | 000,000,402 | -HS- | M] () -- C:\Users\Hamr\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/05/07 07:44:15 | 000,008,447 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:45912F61
@Alternate Data Stream - 246 bytes -> C:\ProgramData\Temp:774C075A
@Alternate Data Stream - 244 bytes -> C:\ProgramData\Temp:A88BE334
@Alternate Data Stream - 244 bytes -> C:\ProgramData\Temp:4FA837B4
@Alternate Data Stream - 242 bytes -> C:\ProgramData\Temp:2DF54B62
@Alternate Data Stream - 241 bytes -> C:\ProgramData\Temp:A819A132
@Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:FB4262DE
@Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:F43B7E8F
@Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:ED2D63E4
@Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:678C1866
@Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:1A15E356
@Alternate Data Stream - 238 bytes -> C:\ProgramData\Temp:A42FABF7
@Alternate Data Stream - 238 bytes -> C:\ProgramData\Temp:8E5EA40F
@Alternate Data Stream - 238 bytes -> C:\ProgramData\Temp:5C0CABC7
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:BACB6B6C
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:56FBA78D
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:54380FEC
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:C76CFF82
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:93F3E4C9
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:852F2262
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:4149A170
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:2AF322BF
@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:4C8FA829
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:9F3CEEE6
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:B6E6C4EA
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:B54E4B5A
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:4D551822
@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:F26F5952
@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:87A3A233
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:A9223B61
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:0BBF232A
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:012BC84F
@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:ECF3C50F
@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp026A5A4
@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:1B389835
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:F89F2593
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:E2458802
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp999FFD5
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:737160C1
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:1604D047
@Alternate Data Stream - 227 bytes -> C:\ProgramData\Temp:13019F4B
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TempBC3D477
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:9FD757A9
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:689AB7E9
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:14B2E0BD
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:A5241382
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:587F3582
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:4EC7F009
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:4A8EB1C4
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:2F8138B7
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:26499772
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:19474103
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:75798D9A
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:661DC753
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:F5D01D7C
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp1713795
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:FAFEC4B9
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:B3606FCC
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:CA99FD89
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:AD2DB2F9
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:3086B95F
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:774A0E14
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:E411AA0D
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:C2F24DB5
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:BE40C8A2
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:AFC732F7
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:EE198B1F
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:CBAF0C30
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:6A0A47E7
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:2B9555D8
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:8DD36B71
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:E5B07840
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:CB0FEE2B
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:AA0017FD
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:8075370B
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:6F1F66C0
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:6C049F97
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:0FE0A03C
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:CAC06C34
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:1D6B18F1
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:EB86F355
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:4673E9EA
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:71FA8B7F
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:3595B780
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:F84B8DB5
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:FAB64002
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:319D783D
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:397D67BA
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:F610C203
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:F56BE392
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TempE875C30
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:94BD36A2
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:5CE91C67
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:3D922890
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:2775F9E2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:114C90CA
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:A6D6E537
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:6EE8565A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:3969ACF7
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:9E9A3410
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:6ED8B881
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:B6D84F71
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:67310058
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:943971F5
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:517EFA90
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:7C8AA9A6
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:77B64C59
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:30E0D641
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:BD0A043E
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:571CCF8E
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:160ADF0B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:C946EBB2
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:B0A727D1
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:33B04540
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:C4A88D6B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:17EB5BAE
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:7A032A04
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:762408BA
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:12258D63
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:70BDB805
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6896CCCE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:6BFA43EB
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:C0893153
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:6ECE93A8
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:3B4DA230
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:9E05DEB0
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:9290C91C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:E894A3ED
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:95079543
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:4EE323A4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:3DB6F365
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0F6AC518
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:65137F0D
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:2652902F
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:02CC0035
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:000D6A25
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4CD3F344
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:E6CDFB4A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:5A2E8BBF
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:5520ED93
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:B3C7433B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:474022C7
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:2512FA90
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:E3615992
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:A1460B2A
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:27974442
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:20EB6823
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:18DEBC51
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:E0888117
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:C7F08EA3
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:AECF4772
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:73AFBB96
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:58481C6F
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TempB2748F7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:BD34FFC5
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:BCFEA004
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:517DBC32

< End of report >

 

[hamr1965]

Extras.txt

OTL Extras logfile created on: 1/7/2012 11:16:52 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Hamr\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 67.31% Memory free
7.36 Gb Paging File | 6.05 Gb Available in Paging File | 82.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.66 Gb Total Space | 329.58 Gb Free Space | 72.65% Space Free | Partition Type: NTFS
Drive E: | 968.25 Mb Total Space | 768.81 Mb Free Space | 79.40% Space Free | Partition Type: FAT

Computer Name: GATEWAY | User Name: Hamr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-330969727-3672866943-1694442197-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{41B19F41-8A6F-4422-AD69-CF3B408F382C}" = AVG 2012
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{6D830209-41C2-4D6B-BA25-4EF98807D9FB}" = AVG 2012
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy Software Installer
"AVG" = AVG 2012
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 22
"{2857dbef-0b50-361c-8690-7d505747009f}" = Webshots Desktop
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{73AD5A08-FCFE-44EA-9436-3F7BEAF60049}" = Angry Birds
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.4 MUI
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Bejeweled Twist 1.0" = Bejeweled Twist 1.0
"Best Buy Software Installer" = Best Buy Software Installer
"BFG-7 Wonders - Magical Mystery Tour" = 7 Wonders: Magical Mystery Tour
"BFG-9 - The Dark Side Collector's Edition" = 9: The Dark Side Collector's Edition
"BFG-Art of Murder - Deadly Secrets" = Art of Murder: Deadly Secrets
"BFG-Atlantic Quest" = Atlantic Quest
"BFG-Awakening - The Goblin Kingdom" = Awakening: The Goblin Kingdom
"BFG-Awakening - The Goblin Kingdom Collector's Edition" = Awakening: The Goblin Kingdom Collector's Edition
"BFG-Azada - In Libro Collector's Edition" = Azada: In Libro Collector's Edition
"BFG-Bluebeard's Castle" = Bluebeard's Castle
"BFG-Brink of Consciousness - Dorian Gray Syndrome Collectors Edition" = Brink of Consciousness: Dorian Gray Syndrome Collector's Edition
"BFGC" = Big Fish Games: Game Manager
"BFG-Columbus - Ghost of the Mystery Stone" = Columbus: Ghost of the Mystery Stone
"BFG-Committed - Mystery at Shady Pines" = Committed: Mystery at Shady Pines
"BFG-Cradle of Rome 2" = Cradle of Rome 2
"BFG-Crime Solitaire" = Crime Solitaire
"BFG-Curse at Twilight - Thief of Souls Collector's Edition" = Curse at Twilight: Thief of Souls Collector's Edition
"BFG-Cursed Memories - The Secret of Agony Creek Collector's Edition" = Cursed Memories: The Secret of Agony Creek Collector's Edition
"BFG-Dark Dimensions - City of Fog Collectors Edition" = Dark Dimensions: City of Fog Collector's Edition
"BFG-Dark Parables - Rise of the Snow Queen Collector's Edition" = Dark Parables: Rise of the Snow Queen Collector's Edition
"BFG-Dark Tales - Edgar Allan Poes Murders in the Rue Morgue Collectors Edition" = Dark Tales:™ Edgar Allan Poe`s Murders in the Rue Morgue Collector`s Edition
"BFG-Dark Tales - Edgar Allan Poe's The Black Cat" = Dark Tales: ™ Edgar Allan Poe's The Black Cat
"BFG-Dark Tales - Edgar Allan Poe's The Premature Burial Collector's Edition" = Dark Tales: Edgar Allan Poe's The Premature Burial Collector's Edition
"BFG-Dracula - Love Kills Collector's Edition" = Dracula: Love Kills Collector's Edition
"BFG-Dream Chronicles - The Book of Water" = Dream Chronicles: The Book of Water
"BFG-Dream Chronicles - The Book of Water Collector's Edition" = Dream Chronicles: The Book of Water Collector's Edition
"BFG-Dreamland" = Dreamland
"BFG-Echoes of Sorrow" = Echoes of Sorrow
"BFG-Echoes of the Past - The Citadels of Time Collectors Edition" = Echoes of the Past: The Citadels of Time Collector's Edition
"BFG-Emma and the Inventor" = Emma and the Inventor
"BFG-Enigmatis - The Ghosts of Maple Creek Collector's Edition" = Enigmatis: The Ghosts of Maple Creek Collector's Edition
"BFG-Enlightenus II - The Timeless Tower Collector's Edition" = Enlightenus II: The Timeless Tower Collector's Edition
"BFG-Epic Escapes - Dark Seas" = Epic Escapes: Dark Seas
"BFG-Escape from Thunder Island" = Escape from Thunder Island
"BFG-F.A.C.E.S. Collector's Edition" = F.A.C.E.S. Collector's Edition
"BFG-Fairway" = Fairway™
"BFG-Fairway Solitaire" = Fairway Solitaire
"BFG-Fallen Shadows" = Fallen Shadows
"BFG-Family Vacation - California" = Family Vacation: California
"BFG-Farm Frenzy" = Farm Frenzy
"BFG-Farm Frenzy - Ancient Rome" = Farm Frenzy: Ancient Rome
"BFG-Farm Frenzy - Gone Fishing" = Farm Frenzy: Gone Fishing
"BFG-Farm Frenzy - Viking Heroes" = Farm Frenzy: Viking Heroes
"BFG-Farm Frenzy 3" = Farm Frenzy 3
"BFG-Farm Frenzy 3 - American Pie" = Farm Frenzy 3: American Pie
"BFG-Farm Frenzy 3 - Madagascar" = Farm Frenzy 3: Madagascar
"BFG-Farm Frenzy 3 - Russian Roulette" = Farm Frenzy 3: Russian Roulette
"BFG-Farm Frenzy Pizza Party" = Farm Frenzy Pizza Party
"BFG-Farmscapes" = Farmscapes
"BFG-Fear for Sale - Sunnyvale Story Collectors Edition" = Fear for Sale: Sunnyvale Story Collector's Edition
"BFG-Fishdom - Spooky Splash" = Fishdom - Spooky Splash
"BFG-Fishdom 2" = Fishdom 2
"BFG-Gravely Silent - House of Deadlock Collector's Edition" = Gravely Silent: House of Deadlock Collector's Edition
"BFG-Grim Facade - Mystery of Venice Collectors Edition" = Grim Facade: Mystery of Venice Collector’s Edition
"BFG-Grim Tales - The Bride Collector's Edition" = Grim Tales: The Bride Collector's Edition
"BFG-Guardians of Beyond - Witchville Collector's Edition" = Guardians of Beyond: Witchville Collector's Edition
"BFG-Hallowed Legends - Samhain Collector's Edition" = Hallowed Legends: Samhain Collector's Edition
"BFG-Hallowed Legends - Templar Collector's Edition" = Hallowed Legends: Templar Collector's Edition
"BFG-Haunted Halls - Fears from Childhood Collector's Edition" = Haunted Halls: Fears from Childhood Collector's Edition
"BFG-Haunted Halls - Green Hills Sanitarium Collector's Edition" = Haunted Halls: Green Hills Sanitarium Collector's Edition
"BFG-Haunted Legends - The Bronze Horseman" = Haunted Legends: The Bronze Horseman
"BFG-Haunted Legends - The Queen of Spades" = Haunted Legends: The Queen of Spades
"BFG-Haunted Manor - Queen of Death Collector's Edition" = Haunted Manor: Queen of Death Collector's Edition
"BFG-Haunted Past - Realm of Ghosts Collectors Edition" = Haunted Past: Realm of Ghosts Collector's Edition
"BFG-Heroes of Hellas 3 - Athens" = Heroes of Hellas 3: Athens
"BFG-Hidden Expedition - The Uncharted Islands Collector's Edition" = Hidden Expedition: The Uncharted Islands Collector's Edition
"BFG-Hidden Wonders of the Depths 3 - Atlantis Adventures" = Hidden Wonders of the Depths 3: Atlantis Adventures
"BFG-House of 1000 Doors - Family Secret Collector's Edition" = House of 1000 Doors: Family Secret Collector's Edition
"BFG-Jar of Marbles" = Jar of Marbles
"BFG-Jewel Keepers - Easter Island" = Jewel Keepers: Easter Island
"BFG-Jewel Quest II" = Jewel Quest II
"BFG-Letters from Nowhere 2" = Letters from Nowhere 2
"BFG-Lost Souls - Enchanted Paintings" = Lost Souls: Enchanted Paintings
"BFG-Lost Souls - Enchanted Paintings Collector's Edition" = Lost Souls: Enchanted Paintings Collector's Edition
"BFG-Love Chronicles - The Sword and the Rose Collector's Edition" = Love Chronicles: The Sword and the Rose Collector's Edition
"BFG-Macabre Mysteries - Curse of the Nightingale Collector's Edition" = Macabre Mysteries: Curse of the Nightingale Collector's Edition
"BFG-Maestro - Music of Death Collector's Edition" = Maestro: Music of Death Collector's Edition
"BFG-Mahjong Towers Eternity" = Mahjong Towers Eternity ™
"BFG-Midnight Mysteries - Devil on the Mississippi Collector's Edition" = Midnight Mysteries: Devil on the Mississippi Collector's Edition
"BFG-Mystery Age - The Dark Priests" = Mystery Age: The Dark Priests
"BFG-Mystery Case Files - 13th Skull Collector's Edition" = Mystery Case Files &reg;: 13th Skull ™ Collector's Edition
"BFG-Mystery Case Files - Dire Grove Collector's Edition" = Mystery Case Files&reg;: Dire Grove™ Collector's Edition
"BFG-Mystery Case Files - Escape from Ravenhearst Collector's Edition" = Mystery Case Files&reg;: Escape from Ravenhearst™ Collector's Edition
"BFG-Mystery Case Files - Huntsville" = Mystery Case Files: Huntsville ™
"BFG-Mystery Chronicles - Betrayals of Love" = Mystery Chronicles: Betrayals of Love
"BFG-Mystery Legends - Beauty and the Beast Collector's Edition" = Mystery Legends: Beauty and the Beast Collector's Edition
"BFG-Mystery Legends - The Phantom of the Opera Collector's Edition" = Mystery Legends: The Phantom of the Opera Collector's Edition
"BFG-Mystery Murders - Jack the Ripper" = Mystery Murders: Jack the Ripper
"BFG-Mystery of the Ancients - Lockwood Manor Collector's Edition" = Mystery of the Ancients: Lockwood Manor Collector's Edition
"BFG-Mystery Stories - Mountains of Madness" = Mystery Stories: Mountains of Madness
"BFG-Mystery Trackers - Raincliff Collector's Edition" = Mystery Trackers: Raincliff Collector's Edition
"BFG-Mystic Diary - Haunted Island" = Mystic Diary: Haunted Island
"BFG-Nancy Drew - The Trail of the Twister" = Nancy Drew: The Trail of the Twister
"BFG-Nightmare Adventures - The Witch's Prison" = Nightmare Adventures: The Witch's Prison
"BFG-Nightmare Realm Collector's Edition" = Nightmare Realm Collector's Edition
"BFG-Oddly Enough - Pied Piper" = Oddly Enough: Pied Piper
"BFG-Our Worst Fears - Stained Skin" = Our Worst Fears: Stained Skin
"BFG-Paranormal Crime Investigations - Brotherhood of the Crescent Snake Collectors Edition" = Paranormal Crime Investigations: Brotherhood of the Crescent Snake Collector's Edition
"BFG-Phantasmat" = Phantasmat
"BFG-Pirate Solitaire" = Pirate Solitaire
"BFG-Princess Isabella - Return of the Curse Collector's Edition" = Princess Isabella: Return of the Curse Collector's Edition
"BFG-PuppetShow - Lost Town Collector's Edition" = PuppetShow: Lost Town Collector's Edition
"BFG-PuppetShow - Mystery of Joyville" = PuppetShow: Mystery of Joyville ™
"BFG-PuppetShow - Souls of the Innocent" = PuppetShow: Souls of the Innocent
"BFG-Red Crow Mysteries - Legion" = Red Crow Mysteries: Legion
"BFG-Redemption Cemetery - Children's Plight Collector's Edition" = Redemption Cemetery: Children's Plight Collector's Edition
"BFG-Redemption Cemetery - Curse of the Raven" = Redemption Cemetery: Curse of the Raven
"BFG-Redrum - Time Lies" = Redrum: Time Lies
"BFG-Reincarnations - Back to Reality Collectors Edition" = Reincarnations: Back to Reality Collector's Edition
"BFG-Resurrection, New Mexico Collector's Edition" = Resurrection, New Mexico Collector's Edition
"BFG-Romancing the Seven Wonders - Taj Mahal" = Romancing the Seven Wonders: Taj Mahal
"BFG-Secrets of the Dark - Temple of Night" = Secrets of the Dark: Temple of Night
"BFG-Secrets of the Dark - Temple of Night Collector's Edition" = Secrets of the Dark: Temple of Night Collector's Edition
"BFG-Secrets of the Past - Mother's Diary" = Secrets of the Past: Mother's Diary
"BFG-Shadow Wolf Mysteries - Bane of the Family Collector's Edition" = Shadow Wolf Mysteries: Bane of the Family Collector's Edition
"BFG-Shadow Wolf Mysteries - Curse of the Full Moon" = Shadow Wolf Mysteries: Curse of the Full Moon
"BFG-Shattered Minds - Masquerade Collector's Edition" = Shattered Minds: Masquerade Collector's Edition
"BFG-Sherlock Holmes and the Hound of the Baskervilles Collector's Edition" = Sherlock Holmes and the Hound of the Baskervilles Collector's Edition
"BFG-Shiver - Vanishing Hitchhiker Collector's Edition" = Shiver: Vanishing Hitchhiker Collector's Edition
"BFG-Skymist - The Lost Spirit Stones" = Skymist - The Lost Spirit Stones
"BFG-Spirits of Mystery - Amber Maiden Collector's Edition" = Spirits of Mystery: Amber Maiden Collector's Edition
"BFG-Strange Cases - The Secrets of Grey Mist Lake Collectors Edition" = Strange Cases: The Secrets of Grey Mist Lake Collector's Edition
"BFG-Stray Souls - Dollhouse Story Collector's Edition" = Stray Souls: Dollhouse Story Collector's Edition
"BFG-Tearstone" = Tearstone
"BFG-The Agency of Anomalies - Mystic Hospital Collector's Edition" = The Agency of Anomalies: Mystic Hospital Collector's Edition
"BFG-The Fool" = The Fool
"BFG-The Missing - A Search and Rescue Mystery Collector's Edition" = The Missing: A Search and Rescue Mystery Collector's Edition
"BFG-The Mystery of the Crystal Portal - Beyond the Horizon" = The Mystery of the Crystal Portal: Beyond the Horizon
"BFG-Them - The Summoning" = Them: The Summoning
"BFG-Time Dreamer" = Time Dreamer
"BFG-Time Mysteries - Inheritance" = Time Mysteries: Inheritance
"BFG-Time Mysteries - The Ancient Spectres Collectors Edition" = Time Mysteries: The Ancient Spectres Collector's Edition
"BFG-Timeless - The Forgotten Town Collector's Edition" = Timeless: The Forgotten Town Collector's Edition
"BFG-Twisted Lands - Insomniac Collector's Edition" = Twisted Lands: Insomniac Collector's Edition
"BFG-Twisted Lands - Shadow Town Collector's Edition" = Twisted Lands: Shadow Town Collector's Edition
"BFG-Unsolved Mystery Club - Ancient Astronauts" = Unsolved Mystery Club: Ancient Astronauts
"BFG-Urban Legends - The Maze" = Urban Legends: The Maze
"BFG-Vampire Mansion - A Linda Hyde Adventure" = Vampire Mansion: A Linda Hyde Adventure
"BFG-Vampire Saga - Welcome To Hell Lock" = Vampire Saga - Welcome To Hell Lock
"BFG-Voodoo Chronicles - The First Sign" = Voodoo Chronicles: The First Sign
"BFG-Voodoo Whisperer - Curse of a Legend Collector's Edition" = Voodoo Whisperer: Curse of a Legend Collector's Edition
"BFG-Weird Park - Broken Tune Collectors Edition" = Weird Park: Broken Tune Collector's Edition
"BFG-World Riddles - Secrets of the Ages" = World Riddles: Secrets of the Ages
"BFG-World Riddles - Seven Wonders" = World Riddles: Seven Wonders
"BFG-Youda Mystery - The Stanwick Legacy" = Youda Mystery: The Stanwick Legacy
"Braid_is1" = Braid (Version 1.015)
"Canon MG5200 series User Registration" = Canon MG5200 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.97.1
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hoyle Card Games 2010" = Hoyle Card Games 2010 (remove only)
"Hoyle Puzzle & Board Games 2010" = Hoyle Puzzle & Board Games 2010 (remove only)
"Identity Card" = Identity Card
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Gateway MyBackup
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06 Bugfix
"OpenAL" = OpenAL
"PhotoScape" = PhotoScape
"Walmart MP3 Music Downloads" = Walmart MP3 Music Downloads
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-330969727-3672866943-1694442197-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

 

[hamr1965]

Installed a couple of programs

Last night when I mistakenly thought we were done - I reinstalled Webshots and AVG. Don't know if that makes any difference, but thought I should say something in case it shows up in the logs. Thanks again so much for your help!

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
  O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
  O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 58376 = C:\PROGRA~3\LOCALS~1\Temp\adwgaexhcadg.bat
  O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
  O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
  @Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:45912F61
  @Alternate Data Stream - 246 bytes -> C:\ProgramData\Temp:774C075A
  @Alternate Data Stream - 244 bytes -> C:\ProgramData\Temp:A88BE334
  @Alternate Data Stream - 244 bytes -> C:\ProgramData\Temp:4FA837B4
  @Alternate Data Stream - 242 bytes -> C:\ProgramData\Temp:2DF54B62
  @Alternate Data Stream - 241 bytes -> C:\ProgramData\Temp:A819A132
  @Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:FB4262DE
  @Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:F43B7E8F
  @Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:ED2D63E4
  @Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:678C1866
  @Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:1A15E356
  @Alternate Data Stream - 238 bytes -> C:\ProgramData\Temp:A42FABF7
  @Alternate Data Stream - 238 bytes -> C:\ProgramData\Temp:8E5EA40F
  @Alternate Data Stream - 238 bytes -> C:\ProgramData\Temp:5C0CABC7
  @Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:BACB6B6C
  @Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:56FBA78D
  @Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:54380FEC
  @Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:C76CFF82
  @Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:93F3E4C9
  @Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:852F2262
  @Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:4149A170
  @Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:2AF322BF
  @Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:4C8FA829
  @Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:9F3CEEE6
  @Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:B6E6C4EA
  @Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:B54E4B5A
  @Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:4D551822
  @Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:F26F5952
  @Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:87A3A233
  @Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:A9223B61
  @Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:0BBF232A
  @Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:012BC84F
  @Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:ECF3C50F
  @Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:D026A5A4
  @Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:1B389835
  @Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:F89F2593
  @Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:E2458802
  @Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:D999FFD5
  @Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:737160C1
  @Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:1604D047
  @Alternate Data Stream - 227 bytes -> C:\ProgramData\Temp:13019F4B
  @Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:DBC3D477
  @Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:9FD757A9
  @Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:689AB7E9
  @Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:14B2E0BD
  @Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:A5241382
  @Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:587F3582
  @Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:4EC7F009
  @Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:4A8EB1C4
  @Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:2F8138B7
  @Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:26499772
  @Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:19474103
  @Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:75798D9A
  @Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:661DC753
  @Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:F5D01D7C
  @Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:D1713795
  @Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:FAFEC4B9
  @Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:B3606FCC
  @Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:CA99FD89
  @Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:AD2DB2F9
  @Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:3086B95F
  @Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:774A0E14
  @Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:E411AA0D
  @Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:C2F24DB5
  @Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:BE40C8A2
  @Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:AFC732F7
  @Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:EE198B1F
  @Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:CBAF0C30
  @Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:6A0A47E7
  @Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:2B9555D8
  @Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:8DD36B71
  @Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:E5B07840
  @Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:CB0FEE2B
  @Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:AA0017FD
  @Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:8075370B
  @Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:6F1F66C0
  @Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:6C049F97
  @Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:0FE0A03C
  @Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:CAC06C34
  @Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:1D6B18F1
  @Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:EB86F355
  @Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:4673E9EA
  @Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:71FA8B7F
  @Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:3595B780
  @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:F84B8DB5
  @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:FAB64002
  @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:319D783D
  @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:397D67BA
  @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:F610C203
  @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:F56BE392
  @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:DE875C30
  @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:94BD36A2
  @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:5CE91C67
  @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:3D922890
  @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:2775F9E2
  @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:114C90CA
  @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:A6D6E537
  @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:6EE8565A
  @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:3969ACF7
  @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:9E9A3410
  @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:6ED8B881
  @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:B6D84F71
  @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:67310058
  @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:943971F5
  @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:517EFA90
  @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:7C8AA9A6
  @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:77B64C59
  @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:30E0D641
  @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:BD0A043E
  @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:571CCF8E
  @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:160ADF0B
  @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
  @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:C946EBB2
  @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:B0A727D1
  @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:33B04540
  @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:C4A88D6B
  @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:17EB5BAE
  @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:7A032A04
  @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:762408BA
  @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:12258D63
  @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:70BDB805
  @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6896CCCE
  @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:6BFA43EB
  @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:C0893153
  @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:6ECE93A8
  @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:3B4DA230
  @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:9E05DEB0
  @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:9290C91C
  @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:E894A3ED
  @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:95079543
  @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:4EE323A4
  @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:3DB6F365
  @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0F6AC518
  @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:65137F0D
  @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:2652902F
  @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:02CC0035
  @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:000D6A25
  @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4CD3F344
  @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:E6CDFB4A
  @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:5A2E8BBF
  @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:5520ED93
  @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:B3C7433B
  @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:474022C7
  @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:2512FA90
  @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:E3615992
  @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:A1460B2A
  @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:27974442
  @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:20EB6823
  @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:18DEBC51
  @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:E0888117
  @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:C7F08EA3
  @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:AECF4772
  @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:73AFBB96
  @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:58481C6F
  @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:DB2748F7
  @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:BD34FFC5
  @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:BCFEA004
  @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:517DBC32
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

=============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

==============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[hamr1965]

OTL Fix Log

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk moved successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk moved successfully.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\58376 deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
ADS C:\ProgramData\Temp:45912F61 deleted successfully.
ADS C:\ProgramData\Temp:774C075A deleted successfully.
ADS C:\ProgramData\Temp:A88BE334 deleted successfully.
ADS C:\ProgramData\Temp:4FA837B4 deleted successfully.
ADS C:\ProgramData\Temp:2DF54B62 deleted successfully.
ADS C:\ProgramData\Temp:A819A132 deleted successfully.
ADS C:\ProgramData\Temp:FB4262DE deleted successfully.
ADS C:\ProgramData\Temp:F43B7E8F deleted successfully.
ADS C:\ProgramData\Temp:ED2D63E4 deleted successfully.
ADS C:\ProgramData\Temp:678C1866 deleted successfully.
ADS C:\ProgramData\Temp:1A15E356 deleted successfully.
ADS C:\ProgramData\Temp:A42FABF7 deleted successfully.
ADS C:\ProgramData\Temp:8E5EA40F deleted successfully.
ADS C:\ProgramData\Temp:5C0CABC7 deleted successfully.
ADS C:\ProgramData\Temp:BACB6B6C deleted successfully.
ADS C:\ProgramData\Temp:56FBA78D deleted successfully.
ADS C:\ProgramData\Temp:54380FEC deleted successfully.
ADS C:\ProgramData\Temp:C76CFF82 deleted successfully.
ADS C:\ProgramData\Temp:93F3E4C9 deleted successfully.
ADS C:\ProgramData\Temp:852F2262 deleted successfully.
ADS C:\ProgramData\Temp:4149A170 deleted successfully.
ADS C:\ProgramData\Temp:2AF322BF deleted successfully.
ADS C:\ProgramData\Temp:4C8FA829 deleted successfully.
ADS C:\ProgramData\Temp:9F3CEEE6 deleted successfully.
ADS C:\ProgramData\Temp:B6E6C4EA deleted successfully.
ADS C:\ProgramData\Temp:B54E4B5A deleted successfully.
ADS C:\ProgramData\Temp:4D551822 deleted successfully.
ADS C:\ProgramData\Temp:F26F5952 deleted successfully.
ADS C:\ProgramData\Temp:87A3A233 deleted successfully.
ADS C:\ProgramData\Temp:A9223B61 deleted successfully.
ADS C:\ProgramData\Temp:0BBF232A deleted successfully.
ADS C:\ProgramData\Temp:012BC84F deleted successfully.
ADS C:\ProgramData\Temp:ECF3C50F deleted successfully.
ADS C:\ProgramData\Temp026A5A4 deleted successfully.
ADS C:\ProgramData\Temp:1B389835 deleted successfully.
ADS C:\ProgramData\Temp:F89F2593 deleted successfully.
ADS C:\ProgramData\Temp:E2458802 deleted successfully.
ADS C:\ProgramData\Temp999FFD5 deleted successfully.
ADS C:\ProgramData\Temp:737160C1 deleted successfully.
ADS C:\ProgramData\Temp:1604D047 deleted successfully.
ADS C:\ProgramData\Temp:13019F4B deleted successfully.
ADS C:\ProgramData\TempBC3D477 deleted successfully.
ADS C:\ProgramData\Temp:9FD757A9 deleted successfully.
ADS C:\ProgramData\Temp:689AB7E9 deleted successfully.
ADS C:\ProgramData\Temp:14B2E0BD deleted successfully.
ADS C:\ProgramData\Temp:A5241382 deleted successfully.
ADS C:\ProgramData\Temp:587F3582 deleted successfully.
ADS C:\ProgramData\Temp:4EC7F009 deleted successfully.
ADS C:\ProgramData\Temp:4A8EB1C4 deleted successfully.
ADS C:\ProgramData\Temp:2F8138B7 deleted successfully.
ADS C:\ProgramData\Temp:26499772 deleted successfully.
ADS C:\ProgramData\Temp:19474103 deleted successfully.
ADS C:\ProgramData\Temp:75798D9A deleted successfully.
ADS C:\ProgramData\Temp:661DC753 deleted successfully.
ADS C:\ProgramData\Temp:F5D01D7C deleted successfully.
ADS C:\ProgramData\Temp1713795 deleted successfully.
ADS C:\ProgramData\Temp:FAFEC4B9 deleted successfully.
ADS C:\ProgramData\Temp:B3606FCC deleted successfully.
ADS C:\ProgramData\Temp:CA99FD89 deleted successfully.
ADS C:\ProgramData\Temp:AD2DB2F9 deleted successfully.
ADS C:\ProgramData\Temp:3086B95F deleted successfully.
ADS C:\ProgramData\Temp:774A0E14 deleted successfully.
ADS C:\ProgramData\Temp:E411AA0D deleted successfully.
ADS C:\ProgramData\Temp:C2F24DB5 deleted successfully.
ADS C:\ProgramData\Temp:BE40C8A2 deleted successfully.
ADS C:\ProgramData\Temp:AFC732F7 deleted successfully.
ADS C:\ProgramData\Temp:EE198B1F deleted successfully.
ADS C:\ProgramData\Temp:CBAF0C30 deleted successfully.
ADS C:\ProgramData\Temp:6A0A47E7 deleted successfully.
ADS C:\ProgramData\Temp:2B9555D8 deleted successfully.
ADS C:\ProgramData\Temp:8DD36B71 deleted successfully.
ADS C:\ProgramData\Temp:E5B07840 deleted successfully.
ADS C:\ProgramData\Temp:CB0FEE2B deleted successfully.
ADS C:\ProgramData\Temp:AA0017FD deleted successfully.
ADS C:\ProgramData\Temp:8075370B deleted successfully.
ADS C:\ProgramData\Temp:6F1F66C0 deleted successfully.
ADS C:\ProgramData\Temp:6C049F97 deleted successfully.
ADS C:\ProgramData\Temp:0FE0A03C deleted successfully.
ADS C:\ProgramData\Temp:CAC06C34 deleted successfully.
ADS C:\ProgramData\Temp:1D6B18F1 deleted successfully.
ADS C:\ProgramData\Temp:EB86F355 deleted successfully.
ADS C:\ProgramData\Temp:4673E9EA deleted successfully.
ADS C:\ProgramData\Temp:71FA8B7F deleted successfully.
ADS C:\ProgramData\Temp:3595B780 deleted successfully.
ADS C:\ProgramData\Temp:F84B8DB5 deleted successfully.
ADS C:\ProgramData\Temp:FAB64002 deleted successfully.
ADS C:\ProgramData\Temp:319D783D deleted successfully.
ADS C:\ProgramData\Temp:397D67BA deleted successfully.
ADS C:\ProgramData\Temp:F610C203 deleted successfully.
ADS C:\ProgramData\Temp:F56BE392 deleted successfully.
ADS C:\ProgramData\TempE875C30 deleted successfully.
ADS C:\ProgramData\Temp:94BD36A2 deleted successfully.
ADS C:\ProgramData\Temp:5CE91C67 deleted successfully.
ADS C:\ProgramData\Temp:3D922890 deleted successfully.
ADS C:\ProgramData\Temp:2775F9E2 deleted successfully.
ADS C:\ProgramData\Temp:114C90CA deleted successfully.
ADS C:\ProgramData\Temp:A6D6E537 deleted successfully.
ADS C:\ProgramData\Temp:6EE8565A deleted successfully.
ADS C:\ProgramData\Temp:3969ACF7 deleted successfully.
ADS C:\ProgramData\Temp:9E9A3410 deleted successfully.
ADS C:\ProgramData\Temp:6ED8B881 deleted successfully.
ADS C:\ProgramData\Temp:B6D84F71 deleted successfully.
ADS C:\ProgramData\Temp:67310058 deleted successfully.
ADS C:\ProgramData\Temp:943971F5 deleted successfully.
ADS C:\ProgramData\Temp:517EFA90 deleted successfully.
ADS C:\ProgramData\Temp:7C8AA9A6 deleted successfully.
ADS C:\ProgramData\Temp:77B64C59 deleted successfully.
ADS C:\ProgramData\Temp:30E0D641 deleted successfully.
ADS C:\ProgramData\Temp:BD0A043E deleted successfully.
ADS C:\ProgramData\Temp:571CCF8E deleted successfully.
ADS C:\ProgramData\Temp:160ADF0B deleted successfully.
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
ADS C:\ProgramData\Temp:C946EBB2 deleted successfully.
ADS C:\ProgramData\Temp:B0A727D1 deleted successfully.
ADS C:\ProgramData\Temp:33B04540 deleted successfully.
ADS C:\ProgramData\Temp:C4A88D6B deleted successfully.
ADS C:\ProgramData\Temp:17EB5BAE deleted successfully.
ADS C:\ProgramData\Temp:7A032A04 deleted successfully.
ADS C:\ProgramData\Temp:762408BA deleted successfully.
ADS C:\ProgramData\Temp:12258D63 deleted successfully.
ADS C:\ProgramData\Temp:70BDB805 deleted successfully.
ADS C:\ProgramData\Temp:6896CCCE deleted successfully.
ADS C:\ProgramData\Temp:6BFA43EB deleted successfully.
ADS C:\ProgramData\Temp:C0893153 deleted successfully.
ADS C:\ProgramData\Temp:6ECE93A8 deleted successfully.
ADS C:\ProgramData\Temp:3B4DA230 deleted successfully.
ADS C:\ProgramData\Temp:9E05DEB0 deleted successfully.
ADS C:\ProgramData\Temp:9290C91C deleted successfully.
ADS C:\ProgramData\Temp:E894A3ED deleted successfully.
ADS C:\ProgramData\Temp:95079543 deleted successfully.
ADS C:\ProgramData\Temp:4EE323A4 deleted successfully.
ADS C:\ProgramData\Temp:3DB6F365 deleted successfully.
ADS C:\ProgramData\Temp:0F6AC518 deleted successfully.
ADS C:\ProgramData\Temp:65137F0D deleted successfully.
ADS C:\ProgramData\Temp:2652902F deleted successfully.
ADS C:\ProgramData\Temp:02CC0035 deleted successfully.
ADS C:\ProgramData\Temp:000D6A25 deleted successfully.
ADS C:\ProgramData\Temp:4CD3F344 deleted successfully.
ADS C:\ProgramData\Temp:E6CDFB4A deleted successfully.
ADS C:\ProgramData\Temp:5A2E8BBF deleted successfully.
ADS C:\ProgramData\Temp:5520ED93 deleted successfully.
ADS C:\ProgramData\Temp:B3C7433B deleted successfully.
ADS C:\ProgramData\Temp:474022C7 deleted successfully.
ADS C:\ProgramData\Temp:2512FA90 deleted successfully.
ADS C:\ProgramData\Temp:E3615992 deleted successfully.
ADS C:\ProgramData\Temp:A1460B2A deleted successfully.
ADS C:\ProgramData\Temp:27974442 deleted successfully.
ADS C:\ProgramData\Temp:20EB6823 deleted successfully.
ADS C:\ProgramData\Temp:18DEBC51 deleted successfully.
ADS C:\ProgramData\Temp:E0888117 deleted successfully.
ADS C:\ProgramData\Temp:C7F08EA3 deleted successfully.
ADS C:\ProgramData\Temp:AECF4772 deleted successfully.
ADS C:\ProgramData\Temp:73AFBB96 deleted successfully.
ADS C:\ProgramData\Temp:58481C6F deleted successfully.
ADS C:\ProgramData\TempB2748F7 deleted successfully.
ADS C:\ProgramData\Temp:BD34FFC5 deleted successfully.
ADS C:\ProgramData\Temp:BCFEA004 deleted successfully.
ADS C:\ProgramData\Temp:517DBC32 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Hamr
->Temp folder emptied: 29615895 bytes
->Temporary Internet Files folder emptied: 4996930 bytes
->Java cache emptied: 16815679 bytes
->FireFox cache emptied: 201429582 bytes
->Flash cache emptied: 40276 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 114114 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67429 bytes
RecycleBin emptied: 1013449 bytes

Total Files Cleaned = 242.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Hamr
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01072012_155252

Files\Folders moved on Reboot...
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk not found!
C:\Users\Hamr\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

 

[hamr1965]

security check log

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG PC Tuneup
ClamWin Free Antivirus 0.97.1
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Enigmatis: The Ghosts of Maple Creek Collector's Edition
Haunted Past: Realm of Ghosts Collector's Edition
AVG PC Tuneup
Java(TM) 6 Update 30
Adobe Flash Player ( 10.2.152.26) Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````

 

[Broni]

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

 

[hamr1965]

farbar log

Farbar Service Scanner
Ran by Hamr (administrator) on 07-01-2012 at 16:18:43
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

[Broni]

Looks good

Did you read my previous reply?

 

[hamr1965]

ESET Online Scanner Log

C:\Updater.exe probably a variant of Win32/Adware.Virtumonde.JMIMDOZ application cleaned by deleting - quarantined

 

[hamr1965]

Still Catching Up

Yes I saw it - I am following your instructions in order so I am still catching up - just finished the ESET Online Scanner from your earlier post. Moving on to Adobe Flash now.

 

[Broni]

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[hamr1965]

Last OTL Log

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Hamr
->Temp folder emptied: 7312 bytes
->Temporary Internet Files folder emptied: 35883 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 30471820 bytes
->Flash cache emptied: 456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 79763 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 134 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 29.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Hamr
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 01072012_170012

Files\Folders moved on Reboot...
C:\Users\Hamr\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...