Search similar:
|
uniqs 2057 |
|
|
|
EveryName Premium Member join:2001-12-05 Montreal |
EveryName
Premium Member
2012-Sep-24 12:00 am
Trying to repair my friend's laptop.Hey guys,
My friend dropped off her laptop with me this evening. She has been having problems with it for about 2 weeks to the point where it's basically unusable. She told me it started off by crashing a lot, and she ran MalwareBytes, and installed an additional virus scanner utility to run a scan. The one she had stopped working apparently. She also could only access her computer through Safe Mode. None of her attempts helped, so she basically didn't use it until I came into town tonight.
Booting up into a normal boot works somewhat. I can get past the login screen, but it is very slow, and once the Windows 7 desktop is loaded, it basically just freezes or is too slow to use, and a hard reset is the only way to go.
I used Safe Mode with Networking to do all of the scans.
Malwarebytes:
Malwarebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org
Database version: v2012.09.23.08
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking) Internet Explorer 8.0.7601.17514 Kelsey :: KELSEY-PC [administrator]
Protection: Disabled
23/09/2012 11:06:45 PM mbam-log-2012-09-23 (23-06-45).txt
Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 386411 Time elapsed: 37 minute(s), 16 second(s)
Memory Processes Detected: 0 (No malicious items detected)
Memory Modules Detected: 0 (No malicious items detected)
Registry Keys Detected: 0 (No malicious items detected)
Registry Values Detected: 0 (No malicious items detected)
Registry Data Items Detected: 0 (No malicious items detected)
Folders Detected: 0 (No malicious items detected)
Files Detected: 1 C:\SwSetup\Drivers\Cardread\SetEHCIKey.exe (Spyware.Password) -> Quarantined and deleted successfully.
(end)
OTL:
OTL logfile created on: 23/09/2012 9:02:02 PM - Run 1 OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Kelsey\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
1.93 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 65.69% Memory free 3.87 Gb Paging File | 3.23 Gb Available in Paging File | 83.43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 220.20 Gb Total Space | 103.89 Gb Free Space | 47.18% Space Free | Partition Type: NTFS Drive D: | 12.49 Gb Total Space | 2.07 Gb Free Space | 16.60% Space Free | Partition Type: NTFS
Computer Name: KELSEY-PC | User Name: Kelsey | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012/09/23 20:49:30 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Kelsey\Desktop\OTL.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2012/08/29 22:58:45 | 000,442,392 | ---- | M] () -- C:\Users\Kelsey\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll MOD - [2012/08/29 22:58:44 | 012,237,336 | ---- | M] () -- C:\Users\Kelsey\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll MOD - [2012/08/29 22:58:42 | 003,997,720 | ---- | M] () -- C:\Users\Kelsey\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll MOD - [2012/08/29 22:57:15 | 000,144,424 | ---- | M] () -- C:\Users\Kelsey\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll MOD - [2012/08/29 22:57:13 | 000,266,792 | ---- | M] () -- C:\Users\Kelsey\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll MOD - [2012/08/29 22:57:12 | 002,480,680 | ---- | M] () -- C:\Users\Kelsey\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall) SRV:64bit: - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/04/29 15:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/09/06 16:39:00 | 000,140,120 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW) DRV:64bit: - [2011/09/06 16:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2011/09/06 16:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2011/09/06 16:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2011/09/06 16:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr) DRV:64bit: - [2011/09/06 16:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2011/09/06 16:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/09/26 20:15:22 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/02/26 22:05:32 | 000,699,960 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009/06/19 00:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/04 20:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/04/29 15:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio) DRV:64bit: - [2009/04/29 12:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2009/02/13 02:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV) DRV:64bit: - [2009/02/13 02:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL) DRV:64bit: - [2009/02/13 02:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf) DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:64bit: - [2006/06/18 10:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F4A823E1-96C4-4276-8C1A-1271E467F1E8} IE:64bit: - HKLM\..\SearchScopes\{D7CDCF72-9D52-482A-BB1D-A8C27955AB71}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql IE:64bit: - HKLM\..\SearchScopes\{F4A823E1-96C4-4276-8C1A-1271E467F1E8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1 IE - HKLM\..\SearchScopes,DefaultScope = {F4A823E1-96C4-4276-8C1A-1271E467F1E8} IE - HKLM\..\SearchScopes\{D7CDCF72-9D52-482A-BB1D-A8C27955AB71}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql IE - HKLM\..\SearchScopes\{F4A823E1-96C4-4276-8C1A-1271E467F1E8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1 IE - HKCU\..\SearchScopes,DefaultScope = {F4A823E1-96C4-4276-8C1A-1271E467F1E8} IE - HKCU\..\SearchScopes\{A24681B1-D24C-4635-B64C-6D27F151D677}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=EBA86A14-C134-45F2-89DE-A5817E5848D9&apn_sauid=E73335AA-E29C-4568-B663-8674DE4247E7 IE - HKCU\..\SearchScopes\{D7CDCF72-9D52-482A-BB1D-A8C27955AB71}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql IE - HKCU\..\SearchScopes\{F4A823E1-96C4-4276-8C1A-1271E467F1E8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 FF - prefs.js..extensions.enabledAddons: info@allpremiumplay.info:1.0 FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kelsey\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kelsey\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/13 02:45:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/05 09:52:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/16 19:09:29 | 000,000,000 | ---D | M]
[2010/05/30 06:16:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kelsey\AppData\Roaming\Mozilla\Extensions [2010/05/29 18:11:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kelsey\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org [2012/09/12 14:11:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kelsey\AppData\Roaming\Mozilla\Firefox\Profiles\bbu7vfb5.default\extensions [2012/06/17 03:07:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Kelsey\AppData\Roaming\Mozilla\Firefox\Profiles\bbu7vfb5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011/01/20 19:43:44 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Kelsey\AppData\Roaming\Mozilla\Firefox\Profiles\bbu7vfb5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2012/04/04 19:02:22 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\Kelsey\AppData\Roaming\Mozilla\Firefox\Profiles\bbu7vfb5.default\extensions\info@allpremiumplay.info [2011/12/21 19:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kelsey\AppData\Roaming\Mozilla\Firefox\Profiles\bbu7vfb5.default\extensions\nostmp [2012/08/09 08:49:00 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Kelsey\AppData\Roaming\Mozilla\Firefox\Profiles\bbu7vfb5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012/09/08 17:18:03 | 000,002,299 | ---- | M] () -- C:\Users\Kelsey\AppData\Roaming\Mozilla\Firefox\Profiles\bbu7vfb5.default\searchplugins\askcom.xml [2012/09/08 06:59:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/04/24 14:25:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/08/15 19:07:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2012/09/08 06:59:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012/02/05 09:52:55 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/02/05 09:52:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/02/05 09:52:51 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[color=#E56717]========== Chrome ==========[/color]
CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Kelsey\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kelsey\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kelsey\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Kelsey\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\ CHR - Extension: AT_DolceGabbana = C:\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\ CHR - Extension: Fast save = C:\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfljjendcfmehnmmaahmhlbilbmbokeb\1.1_0\ CHR - Extension: Auto HD for YouTube = C:\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaielpkecabnggniojjhghggjedkecfj\2.5_0\ CHR - Extension: Skype Click to Call = C:\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: ICE Quick Stream = C:\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\4.5_0\ CHR - Extension: Gmail = C:\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start File not found O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15E1B5F7-B961-4366-99BF-F64D7B192A60}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15E1B5F7-B961-4366-99BF-F64D7B192A60}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16ACAD41-E1B8-414D-BC42-F8C4549DE2A2}: NameServer = 8.8.8.8,8.8.4.4 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012/09/23 20:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/09/23 20:56:29 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/09/23 20:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/09/23 20:49:26 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\Kelsey\Desktop\OTL.exe [2012/09/23 20:49:16 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Kelsey\Desktop\mbam-setup-1.65.0.1400 (1).exe [2012/09/23 20:48:48 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Kelsey\Desktop\TFC.exe [2012/09/19 21:58:49 | 000,000,000 | ---D | C] -- C:\Users\Kelsey\AppData\Local\{ECBB957F-5436-4096-86E0-5C7209617B71} [2012/09/19 14:40:18 | 000,000,000 | ---D | C] -- C:\Users\Kelsey\AppData\Local\{C7C0A9E6-3085-4C21-9B38-9FA16DE45C79} [2012/09/13 16:05:32 | 000,000,000 | ---D | C] -- C:\Users\Kelsey\AppData\Local\{60D031D9-AD01-4723-A8C9-3DEBB609879F} [2012/09/13 15:54:50 | 000,000,000 | ---D | C] -- C:\Users\Kelsey\AppData\Local\{D4E5D51B-6ECF-47A6-BA96-DF4DCD953D69} [2012/09/13 14:03:15 | 000,000,000 | ---D | C] -- C:\Users\Kelsey\AppData\Local\{6D570BD7-BB52-47B0-8D1B-72710C80CA01} [2012/09/13 07:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012/09/13 05:30:59 | 000,000,000 | ---D | C] -- C:\Users\Kelsey\AppData\Roaming\Malwarebytes [2012/09/13 05:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/09/13 05:00:03 | 000,000,000 | ---D | C] -- C:\Users\Kelsey\AppData\Local\{EB4FA5B9-8904-4912-AE43-84846F6CA324} [2012/09/12 21:42:21 | 000,000,000 | ---D | C] -- C:\Users\Kelsey\AppData\Local\{3CD2FBBF-1D8F-4163-B286-9619F4C88036} [2012/09/12 14:08:17 | 000,000,000 | ---D | C] -- C:\Users\Kelsey\AppData\Local\{ECDE4B01-1206-4DD2-A215-865A679E252F} [2012/09/12 12:07:21 | 000,000,000 | ---D | C] -- C:\Users\Kelsey\AppData\Local\{F5EA43B1-5E5E-4249-96BE-9412DCF98986} [2012/09/12 11:38:48 | 000,000,000 | ---D | C] -- C:\Users\Kelsey\AppData\Local\{240D4E4E-A7E2-49D8-B48B-8052BCBC3989} [2012/09/12 07:28:24 | 000,000,000 | ---D | C] -- C:\Users\Kelsey\AppData\Local\{2426A112-5B30-4B40-83A4-A6DACE456E94} [2012/09/11 22:45:24 | 000,000,000 | ---D | C] -- C:\Users\Kelsey\AppData\Local\{95B19548-23A9-4285-B797-68D7EA186C23} [2012/09/09 20:06:33 | 000,000,000 | ---D | C] -- C:\Users\Kelsey\AppData\Local\{CE3F2636-C36F-45A9-8252-191EF504B978} [2012/09/08 07:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2012/09/08 06:59:22 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012/09/08 06:59:22 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012/09/08 06:59:22 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012/09/08 06:48:13 | 000,000,000 | ---D | C] -- C:\Users\Kelsey\AppData\Local\{84CAAAC8-68DF-442C-B9FC-7CB3B3E7A695} [2012/09/04 00:51:41 | 000,000,000 | ---D | C] -- C:\Users\Kelsey\AppData\Local\{C27BFA45-EE0B-4805-9F51-B224D2EF6C9F} [2012/08/26 22:54:35 | 000,000,000 | ---D | C] -- C:\Users\Kelsey\AppData\Local\{6202B10E-A35B-4912-BE38-9C5D028211D4} [2 C:\Users\Kelsey\Desktop\*.tmp files -> C:\Users\Kelsey\Desktop\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012/09/23 20:56:30 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/23 20:54:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/09/23 20:54:40 | 1556,500,480 | -HS- | M] () -- C:\hiberfil.sys [2012/09/23 20:49:53 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Kelsey\Desktop\mbam-setup-1.65.0.1400 (1).exe [2012/09/23 20:49:45 | 000,881,724 | ---- | M] () -- C:\Users\Kelsey\Desktop\SecurityCheck.exe [2012/09/23 20:49:30 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Kelsey\Desktop\OTL.exe [2012/09/23 20:48:51 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Kelsey\Desktop\TFC.exe [2012/09/19 22:04:41 | 000,130,632 | ---- | M] () -- C:\Users\Kelsey\AppData\Local\Q$_140061.ENU_SoftGridUserSettings_settings.cp.temp [2012/09/19 22:03:16 | 000,622,356 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/09/19 22:03:16 | 000,111,258 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/09/19 21:58:08 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/09/19 21:57:52 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-827770144-3788928918-4278167364-1000UA.job [2012/09/19 21:57:52 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-827770144-3788928918-4278167364-1000Core.job [2012/09/19 14:45:41 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/09/13 16:12:12 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/13 16:12:12 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/13 15:51:29 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/09/04 22:02:56 | 000,002,416 | ---- | M] () -- C:\Users\Kelsey\Desktop\Google Chrome.lnk [2012/09/04 00:50:45 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKelsey.job [2012/08/28 20:24:56 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2012/08/28 20:24:53 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2012/08/28 20:10:12 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012/08/28 20:10:07 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012/08/28 20:09:57 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2 C:\Users\Kelsey\Desktop\*.tmp files -> C:\Users\Kelsey\Desktop\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2012/09/23 20:56:30 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/23 20:49:39 | 000,881,724 | ---- | C] () -- C:\Users\Kelsey\Desktop\SecurityCheck.exe [2012/09/19 22:04:27 | 000,130,632 | ---- | C] () -- C:\Users\Kelsey\AppData\Local\Q$_140061.ENU_SoftGridUserSettings_settings.cp.temp [2011/12/17 18:18:05 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2011/11/04 21:47:40 | 000,007,597 | ---- | C] () -- C:\Users\Kelsey\AppData\Local\resmon.resmoncfg [2011/06/30 11:38:00 | 000,001,854 | ---- | C] () -- C:\Users\Kelsey\AppData\Roaming\GhostObjGAFix.xml [2010/11/28 22:37:16 | 000,736,412 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/05/16 22:07:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
[color=#E56717]========== LOP Check ==========[/color]
[2010/05/03 22:59:17 | 000,000,000 | ---D | M] -- C:\Users\Kelsey\AppData\Roaming\FUJIFILM [2010/10/20 20:08:34 | 000,000,000 | ---D | M] -- C:\Users\Kelsey\AppData\Roaming\GOL_byHasbro [2012/01/19 00:03:34 | 000,000,000 | ---D | M] -- C:\Users\Kelsey\AppData\Roaming\Jaran Nilsen [2012/08/15 21:11:01 | 000,000,000 | ---D | M] -- C:\Users\Kelsey\AppData\Roaming\SoftGrid Client [2010/11/28 22:38:40 | 000,000,000 | ---D | M] -- C:\Users\Kelsey\AppData\Roaming\TP [2012/09/12 12:05:50 | 000,000,000 | ---D | M] -- C:\Users\Kelsey\AppData\Roaming\uTorrent [2012/01/13 14:55:30 | 000,000,000 | ---D | M] -- C:\Users\Kelsey\AppData\Roaming\Windows Live Writer
[color=#E56717]========== Purity Check ==========[/color] | actions · 2012-Sep-24 12:00 am · (locked) | | EveryName |
EveryName
Premium Member
2012-Sep-24 12:02 am
Extras.txt:
OTL Extras logfile created on: 23/09/2012 9:02:02 PM - Run 1 OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Kelsey\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
1.93 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 65.69% Memory free 3.87 Gb Paging File | 3.23 Gb Available in Paging File | 83.43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 220.20 Gb Total Space | 103.89 Gb Free Space | 47.18% Space Free | Partition Type: NTFS Drive D: | 12.49 Gb Total Space | 2.07 Gb Free Space | 16.60% Space Free | Partition Type: NTFS
Computer Name: KELSEY-PC | User Name: Kelsey | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1F1F3B91-1F7B-4F6E-8F6E-463463949ECC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3AF3F916-BE7F-4BE8-BCC5-6279B93F9BCD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3BD47708-931B-439D-B0BB-A16FA249971F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{3EB3C161-D9E7-4ED8-96F1-B99F9E005731}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4BAA76A7-10D1-4501-8CA3-3DB45FE8BD64}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | "{4C6ED36A-78EC-402E-A287-AE7FFD0861B2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4E30E9E8-3914-48F0-B8C9-5D1E3609F045}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | "{4ED5CB0A-0931-4DD9-A678-F3B7EB08C8ED}" = rport=445 | protocol=6 | dir=out | app=system | "{50AB9ECF-F778-4CB9-893B-6EE6917A40C1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{572F676E-F812-4C61-8096-EACA1CFBFF26}" = lport=2869 | protocol=6 | dir=in | app=system | "{67F1B209-5841-4214-BBDC-795EF8108538}" = rport=139 | protocol=6 | dir=out | app=system | "{6C0ACD3C-EF29-4D1C-85F2-D48E7B068601}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | "{6D9F7510-FA2C-4822-9974-3171A17F2500}" = rport=137 | protocol=17 | dir=out | app=system | "{776C9866-291E-431B-98EE-BB1DC33E893D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{872DCEBA-9C29-4670-872C-264F13E59253}" = lport=2869 | protocol=6 | dir=in | app=system | "{874F5AA1-6498-410F-9E6C-020FC05B4AC0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8F310162-3DFE-430F-BB0F-77382680133A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{8FA7EAD0-6810-4C3B-A0ED-9173E90B3A14}" = rport=10243 | protocol=6 | dir=out | app=system | "{90673DBF-3627-4723-B1DD-C5EE9EF016CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{93AAA45D-E58C-4513-86A1-E9592D85AAF7}" = lport=139 | protocol=6 | dir=in | app=system | "{93C2F24A-DB98-44C7-A50E-22317121C2DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{975EC7ED-3A4A-4E29-B02C-D875D2CB9D65}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{9BAD0723-5D54-46A2-839D-EAB5DBB71B60}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A146BE48-46DC-414B-B199-E43E3FC60328}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B08F17CA-E037-4B57-97AB-5EF7A7098733}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{B59F3D8E-89B9-48D3-AB5B-D25A7777A38F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B6879B98-F595-4FDE-8575-843C324DAFE1}" = lport=445 | protocol=6 | dir=in | app=system | "{BEB1E51E-1132-4344-BC7E-1EAE73639F76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C1B19F3A-98C6-45B4-BDA2-86BE1A122DDC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{C63A4308-FA0E-4BFD-B55D-FE78E1BA8E05}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C78971D3-FB80-4045-8607-F57D79A25A7F}" = lport=137 | protocol=17 | dir=in | app=system | "{D9DAED6F-B346-4BE1-942F-F5E0C90D2DFB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DA471D56-00C4-4B28-8E18-03ED8E2A6A4D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DAEB8024-3513-48D5-AFDC-0669B3E7E413}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{E2E1E241-954B-4DA0-8CE9-5D94D9B8D823}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | "{E400ACD4-DDB4-42AE-BA46-8C7DAC93E378}" = rport=138 | protocol=17 | dir=out | app=system | "{EBB3CE89-17E5-4B72-96AF-D6E7AC5BE4A3}" = lport=138 | protocol=17 | dir=in | app=system | "{ECA8BA31-DB7C-471A-8A00-F47E0B0D4DDA}" = lport=10243 | protocol=6 | dir=in | app=system | "{F4C0C14A-8E1D-4BCE-B0BE-C5BFE3401F66}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02528FA5-0D0B-4177-8A1C-BB1530EAF480}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{07F062A7-46A6-4777-A98E-9A0B930DC21C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{0DD6886E-4806-4ABB-BE20-2F1F50F72DC2}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | "{11AB3486-70F9-40E6-96BD-A376859CF58F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{19ECA0A4-7758-4BAF-8B28-C0E80A15908B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1A3E95EA-A7AD-45B3-9AE4-BD226A59656A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{23735440-F469-4092-A617-3ECE478C2543}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2A5271E8-0F4A-4A8F-B0C5-685BE280F986}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | "{2CE46416-C730-4789-B244-D04FDF88D299}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{32DAB186-5CD3-44DD-A754-1653780FAD29}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{4B2F00B3-E588-4230-B404-D5AE9BEB6052}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{519C5AA7-457B-4A80-91F1-D83312D3D61F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5AB76C12-D36D-4A95-9D40-1EE24D89C82F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{62F0F453-CF89-4D17-9FB4-9AD60E42CD40}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{678F4BB2-4990-4146-95C7-277941CE5B59}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{682B20F0-3EC6-4E5D-9587-08290AC27DC4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6F9184DC-771D-4CF4-8650-6459D854F614}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{766E1C31-A757-4458-8DDD-89DBF7A0E993}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{79CB384B-0E26-48CD-8F10-7C8D38240E12}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7C261FAB-9ED1-4C5B-BDEB-35039DE6501B}" = protocol=6 | dir=out | app=system | "{7F47EDAC-3468-4395-A934-7B3965FC48DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{80983283-DEFD-410E-8526-82ED0443A726}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{8A53E96E-34CF-40CC-B05D-8EE6A36BD0E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8E1D019B-E1E7-4A96-9024-E49BAECDBAB9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{9E185691-898C-4F69-BF99-5612CD245E1A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9F1EE360-6911-4B2D-9CD6-A560BF0D861F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{A4F9247E-A20D-47D6-8B19-B18EE4E70C85}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{AE9CF9F1-6F90-47A5-9ED7-59C267158DBC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B65429F9-A4A2-48E0-B5EB-7FF50278E386}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C9E8DDED-1733-43EB-8388-AD18F50C8C4F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | "{E09E5334-6F48-43BB-B0EC-0FF42B39887B}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{E9E22724-FC51-40AD-BA54-AC26AC80577F}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{F679C060-34D5-4C87-A2DD-94C12569CF30}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{FC90C860-C41D-479A-B737-3CE7D33B424C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FCCA62AA-CD2B-4FA1-8034-5889E1C3756A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "TCP Query User{1F6E2FF5-B106-4D02-B278-CB0826E8D90D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{505606C3-2B55-4C91-96FE-B8F36E5E3B95}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe | "TCP Query User{B56C2930-63B5-4084-A1F7-D7FF9CE98252}C:\users\kelsey\appdata\local\temp\7zipsfx.000\pack\keygen\keygen.exe" = protocol=6 | dir=in | app=c:\users\kelsey\appdata\local\temp\7zipsfx.000\pack\keygen\keygen.exe | "TCP Query User{D21C0ED4-D11C-4172-8357-DDA65D1708CC}C:\users\kelsey\appdata\local\temp\kmsact\pack\keygen\keygen.exe" = protocol=6 | dir=in | app=c:\users\kelsey\appdata\local\temp\kmsact\pack\keygen\keygen.exe | "UDP Query User{6A245301-2D97-4C3F-A480-4DAA2778EF8B}C:\users\kelsey\appdata\local\temp\kmsact\pack\keygen\keygen.exe" = protocol=17 | dir=in | app=c:\users\kelsey\appdata\local\temp\kmsact\pack\keygen\keygen.exe | "UDP Query User{7DF2C79D-A10F-438B-B966-F453C845D658}C:\users\kelsey\appdata\local\temp\7zipsfx.000\pack\keygen\keygen.exe" = protocol=17 | dir=in | app=c:\users\kelsey\appdata\local\temp\7zipsfx.000\pack\keygen\keygen.exe | "UDP Query User{7EAC62E0-3CE5-4CCA-A07B-51F2433170B7}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe | "UDP Query User{FFD2E854-D442-4C2A-93E5-CE3A4422EA16}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour "{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java(TM) 6 Update 15 (64-bit) "{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java(TM) SE Development Kit 6 Update 15 (64-bit) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "HDMI" = Intel(R) Graphics Media Accelerator Driver "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 35 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = Codecv "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar "{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}" = HP User Guides 0156 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0 "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype 5.8 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "avast" = avast! Free Antivirus "HP Smart Web Printing" = HP Smart Web Printing "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400 "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US) "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "uTorrent" = �Torrent "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite" = Windows Live Essentials
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ] Error - 17/10/2011 9:39:01 AM | Computer Name = Kelsey-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .
Error - 17/10/2011 9:39:01 AM | Computer Name = Kelsey-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .
Error - 17/10/2011 9:39:01 AM | Computer Name = Kelsey-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .
Error - 17/10/2011 9:39:01 AM | Computer Name = Kelsey-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .
Error - 17/10/2011 9:39:01 AM | Computer Name = Kelsey-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .
Error - 17/10/2011 8:06:53 PM | Computer Name = Kelsey-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
Error - 18/10/2011 2:24:05 PM | Computer Name = Kelsey-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
Error - 19/10/2011 7:07:54 AM | Computer Name = Kelsey-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .
Error - 19/10/2011 3:36:37 PM | Computer Name = Kelsey-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
Error - 20/10/2011 2:02:39 PM | Computer Name = Kelsey-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
[ Hewlett-Packard Events ] Error - 27/02/2012 11:55:51 AM | Computer Name = Kelsey-PC | Source = HPSF.exe | ID = 4000 Description =
Error - 12/03/2012 11:04:04 AM | Computer Name = Kelsey-PC | Source = HPSF.exe | ID = 4000 Description =
Error - 12/03/2012 11:10:17 AM | Computer Name = Kelsey-PC | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message: Object '/cf96246c_5b31_4e74_8b85_47ebc39f3d4d/y9uzgt+1clhvfvx0kazj4h_k_15.rem' has been disconnected or does not exist at the server. Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: en-US RAM: 1979 Ram Utilization: 70 TargetSite: Void UpdateDetail(System.String)
Error - 18/03/2012 7:18:29 AM | Computer Name = Kelsey-PC | Source = HPSF.exe | ID = 4000 Description =
Error - 09/04/2012 5:58:13 PM | Computer Name = Kelsey-PC | Source = HPSF.exe | ID = 4000 Description =
Error - 18/04/2012 8:05:02 AM | Computer Name = Kelsey-PC | Source = HPSF.exe | ID = 4000 Description =
Error - 04/06/2012 4:04:18 PM | Computer Name = Kelsey-PC | Source = HPSF.exe | ID = 4000 Description =
Error - 27/07/2012 1:06:32 PM | Computer Name = Kelsey-PC | Source = HPSF.exe | ID = 4000 Description =
Error - 27/07/2012 1:06:32 PM | Computer Name = Kelsey-PC | Source = HPSF.exe | ID = 4000 Description =
Error - 17/08/2012 11:41:05 PM | Computer Name = Kelsey-PC | Source = HPSF.exe | ID = 4000 Description =
[ Media Center Events ] Error - 05/07/2012 9:21:49 PM | Computer Name = Kelsey-PC | Source = MCUpdate | ID = 0 Description = 9:21:44 PM - Error connecting to the internet. 9:21:44 PM - Unable to contact server..
Error - 05/07/2012 10:22:32 PM | Computer Name = Kelsey-PC | Source = MCUpdate | ID = 0 Description = 10:22:32 PM - Error connecting to the internet. 10:22:32 PM - Unable to contact server..
Error - 05/07/2012 10:22:39 PM | Computer Name = Kelsey-PC | Source = MCUpdate | ID = 0 Description = 10:22:37 PM - Error connecting to the internet. 10:22:37 PM - Unable to contact server..
Error - 06/07/2012 10:18:12 AM | Computer Name = Kelsey-PC | Source = MCUpdate | ID = 0 Description = 10:18:12 AM - Error connecting to the internet. 10:18:12 AM - Unable to contact server..
Error - 06/07/2012 10:18:20 AM | Computer Name = Kelsey-PC | Source = MCUpdate | ID = 0 Description = 10:18:17 AM - Error connecting to the internet. 10:18:17 AM - Unable to contact server..
Error - 07/07/2012 4:34:01 AM | Computer Name = Kelsey-PC | Source = MCUpdate | ID = 0 Description = 4:34:01 AM - Error connecting to the internet. 4:34:01 AM - Unable to contact server..
Error - 11/07/2012 4:55:49 AM | Computer Name = Kelsey-PC | Source = MCUpdate | ID = 0 Description = 4:55:49 AM - Error connecting to the internet. 4:55:49 AM - Unable to contact server..
Error - 11/07/2012 4:55:51 AM | Computer Name = Kelsey-PC | Source = MCUpdate | ID = 0 Description = 4:55:32 AM - Error connecting to the internet. 4:55:32 AM - Unable to contact server..
Error - 11/07/2012 4:55:56 AM | Computer Name = Kelsey-PC | Source = MCUpdate | ID = 0 Description = 4:55:54 AM - Error connecting to the internet. 4:55:54 AM - Unable to contact server..
Error - 28/07/2012 5:03:53 PM | Computer Name = Kelsey-PC | Source = MCUpdate | ID = 0 Description = 4:58:41 PM - Error connecting to the internet. 4:58:42 PM - Unable to contact server..
[ System Events ] Error - 23/09/2012 8:55:15 PM | Computer Name = Kelsey-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
Error - 23/09/2012 8:55:15 PM | Computer Name = Kelsey-PC | Source = DCOM | ID = 10005 Description =
Error - 23/09/2012 8:55:18 PM | Computer Name = Kelsey-PC | Source = DCOM | ID = 10005 Description =
Error - 23/09/2012 8:55:19 PM | Computer Name = Kelsey-PC | Source = DCOM | ID = 10005 Description =
Error - 23/09/2012 8:55:17 PM | Computer Name = Kelsey-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068
Error - 23/09/2012 8:55:17 PM | Computer Name = Kelsey-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068
Error - 23/09/2012 8:55:17 PM | Computer Name = Kelsey-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068
Error - 23/09/2012 8:55:25 PM | Computer Name = Kelsey-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068
Error - 23/09/2012 8:55:25 PM | Computer Name = Kelsey-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068
Error - 23/09/2012 8:55:25 PM | Computer Name = Kelsey-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068
[/code]
checkup.txt:
[code]
Results of screen317's Security Check version 0.99.51 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 8 [color=red]Out of date![/color] [u]``````````````Antivirus/Firewall Check:``````````````[/u] [color=red]Windows Security Center service is not running! This report may not be accurate![/color] Windows Firewall Enabled! Windows Firewall Disabled! avast! Antivirus Antivirus up to date! [u]`````````Anti-malware/Other Utilities Check:`````````[/u] Malwarebytes Anti-Malware version 1.65.0.1400 Java(TM) 6 Update 35 [color=red]Java version out of Date![/color] Adobe Reader X (10.1.4) Mozilla Firefox (9.0.1) Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 [u]````````Process Check: objlist.exe by Laurent````````[/u] [u]`````````````````System Health check`````````````````[/u] Total Fragmentation on Drive C: [u]````````````````````End of Log``````````````````````[/u] [/code]
ESET Online Scan:
[code]
ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=cc54843ccac89646ad62f080135fcb57 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-09-24 02:59:21 # local_time=2012-09-23 10:59:21 (-0500, Eastern Daylight Time) # country="Canada" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=768 16777215 100 0 72768407 72768407 0 0 # compatibility_mode=5893 16776573 100 94 0 99995577 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=204248 # found=2 # cleaned=2 # scan_time=3434 C:\Users\Kelsey\AppData\Roaming\uTorrent\gossip girl season 2 soundtrack\Youth Group - What Is A Life.mp3a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined)00000000000000000000000000000000C C:\Users\Kelsey\Downloads\speedupmypc.exeWin32/SpeedUpMyPC application (cleaned by deleting - quarantined)00000000000000000000000000000000C | actions · 2012-Sep-24 12:02 am · (locked) | EveryName |
EveryName
Premium Member
2012-Sep-24 12:03 am
I really appreciate the help. Hopefully I can get this machine up and running for her, because she uses it for university.
Have a great night! | actions · 2012-Sep-24 12:03 am · (locked) | lilhurricaneCrunchin' For Cures Numquam oblita join:2003-01-11 Purple Zone |
Please do not use [code] tags...thanks | actions · 2012-Sep-24 12:05 am · (locked) | EveryName Premium Member join:2001-12-05 Montreal |
EveryName
Premium Member
2012-Sep-24 10:27 am
I just post it as is? Also, did you fix it for me? Thanks | actions · 2012-Sep-24 10:27 am · (locked) |
1 recommendation |
to EveryName
Running a computer for over two weeks as it continuously degrades was not the best choice. My recommendation is to reformat and re-install, making sure to backup all pertinent data. That said, if you want to take this further, do the following. Just be aware that reformatting may end up being the only recommendation I will make. First:Download ComboFix from one of these locations: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.infospyware.net/antimalware/combofix/
* IMPORTANT !!! Save ComboFix.exe to your Desktop[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools [*]Double click on ComboFix.exe & follow the prompts. [*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. [*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. 3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Give it at least 20-30 minutes to finish if needed.
| actions · 2012-Sep-24 10:54 am · (locked) | EveryName Premium Member join:2001-12-05 Montreal |
EveryName
Premium Member
2012-Sep-24 10:29 pm
I ran ComboFix. I tried disabling Avast. I disabled all the real-time scanners (8 in total), however ComboFix still claimed that it was running. I don't know how to completely disable Avast, as most antivirus software has an option to just disable it, while AFAIK, Avast does not.
Either way, here is the log from ComboFix:
ComboFix 12-09-24.02 - Kelsey 24/09/2012 21:32:01.1.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.815 [GMT -4:00] Running from: c:\users\Kelsey\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\programdata\Codecv c:\programdata\Codecv\background.html c:\programdata\Codecv\bccldkoinakjmmgebambiaggjobhikfg.crx c:\programdata\Codecv\content.js c:\programdata\Codecv\settings.ini . . ((((((((((((((((((((((((( Files Created from 2012-08-25 to 2012-09-25 ))))))))))))))))))))))))))))))) . . 2012-09-25 01:47 . 2012-09-25 01:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-25 01:33 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D30A9D5-FE64-4860-B108-4F9FFFC4FAA5}\mpengine.dll 2012-09-24 04:08 . 2012-09-24 04:08 -------- d-----w- c:\program files (x86)\Apple Software Update 2012-09-24 01:57 . 2012-09-24 01:57 -------- d-----w- c:\users\Kelsey\AppData\Roaming\QuickScan 2012-09-24 01:16 . 2012-09-24 01:16 -------- d-----w- c:\program files (x86)\ESET 2012-09-24 00:56 . 2012-09-24 00:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-09-24 00:56 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-13 11:14 . 2012-09-13 11:14 -------- d-----w- c:\programdata\Kaspersky Lab 2012-09-13 09:30 . 2012-09-13 09:30 -------- d-----w- c:\users\Kelsey\AppData\Roaming\Malwarebytes 2012-09-13 09:30 . 2012-09-13 09:30 -------- d-----w- c:\programdata\Malwarebytes 2012-09-08 11:00 . 2012-09-08 11:00 -------- d-----w- c:\programdata\Ask . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-29 00:24 . 2012-08-15 23:06 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-08-29 00:24 . 2010-05-01 21:27 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-08-16 22:05 . 2010-05-04 03:03 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-07-18 18:15 . 2012-08-16 00:21 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-04 22:16 . 2012-08-16 00:26 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-07-04 22:13 . 2012-08-16 00:26 59392 ----a-w- c:\windows\system32\browcli.dll 2012-07-04 22:13 . 2012-08-16 00:26 136704 ----a-w- c:\windows\system32\browser.dll 2012-07-04 21:14 . 2012-08-16 00:26 41984 ----a-w- c:\windows\SysWow64\browcli.dll 2012-06-27 18:29 . 2012-06-27 18:29 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-06-27 18:28 . 2012-06-27 18:28 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-06-27 18:18 . 2012-06-27 18:18 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-06-27 18:18 . 2012-06-27 18:18 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-06-27 07:06 . 2012-08-16 00:27 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-06-27 07:06 . 2012-08-16 00:27 1494016 ----a-w- c:\windows\system32\urlmon.dll 2012-06-27 07:06 . 2012-08-16 00:27 134144 ----a-w- c:\windows\system32\url.dll 2012-06-27 07:03 . 2012-08-16 00:27 9059840 ----a-w- c:\windows\system32\mshtml.dll 2012-06-27 07:03 . 2012-08-16 00:27 97792 ----a-w- c:\windows\system32\mshtmled.dll 2012-06-27 07:03 . 2012-08-16 00:27 735744 ----a-w- c:\windows\system32\msfeeds.dll 2012-06-27 07:02 . 2012-08-16 00:27 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-06-27 07:02 . 2012-08-16 00:27 247808 ----a-w- c:\windows\system32\ieui.dll 2012-06-27 07:02 . 2012-08-16 00:27 2453504 ----a-w- c:\windows\system32\iertutil.dll 2012-06-27 07:02 . 2012-08-16 00:27 12297216 ----a-w- c:\windows\system32\ieframe.dll 2012-06-27 05:53 . 2012-08-16 00:27 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-06-27 04:53 . 2012-08-16 00:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-27 04:10 . 2012-08-16 00:27 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R1 aswFW;avast! TDI Firewall driver; [x] R1 aswSnx;aswSnx; [x] R1 aswSP;aswSP; [x] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] R2 aswFsBlk;aswFsBlk; [x] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 65368] R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 136176] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936] R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864] R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 136176] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-06-05 216064] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-02 1255736] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040] . . Contents of the 'Scheduled Tasks' folder . 2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 23:39] . 2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 23:39] . 2012-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-827770144-3788928918-4278167364-1000Core.job - c:\users\Kelsey\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-31 18:53] . 2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-827770144-3788928918-4278167364-1000UA.job - c:\users\Kelsey\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-31 18:53] . 2012-09-04 c:\windows\Tasks\HPCeeScheduleForKelsey.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-13 171520] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{15E1B5F7-B961-4366-99BF-F64D7B192A60}: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{15E1B5F7-B961-4366-99BF-F64D7B192A60}\14E64627F696461405: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{15E1B5F7-B961-4366-99BF-F64D7B192A60}\3616666657363696E6F6: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{15E1B5F7-B961-4366-99BF-F64D7B192A60}\46C696E6B6: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{15E1B5F7-B961-4366-99BF-F64D7B192A60}\7596E64637F6273736275656E627F6F6D6: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{15E1B5F7-B961-4366-99BF-F64D7B192A60}\95162616461626164657: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{15E1B5F7-B961-4366-99BF-F64D7B192A60}\A424341647: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{15E1B5F7-B961-4366-99BF-F64D7B192A60}\C696E6B6379737: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{16ACAD41-E1B8-414D-BC42-F8C4549DE2A2}: NameServer = 8.8.8.8,8.8.4.4 FF - ProfilePath - c:\users\Kelsey\AppData\Roaming\Mozilla\Firefox\Profiles\bbu7vfb5.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-DivX Download Manager - c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-{2EF17083-57D4-4D64-AE4F-55F32A2C4571} - c:\programdata\Codecv\uninstall.exe AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-09-24 22:06:31 - machine was rebooted ComboFix-quarantined-files.txt 2012-09-25 02:06 . Pre-Run: 110,569,312,256 bytes free Post-Run: 110,304,251,904 bytes free . - - End Of File - - D5BE342D75D796707A36EC2D18AC991B | actions · 2012-Sep-24 10:29 pm · (locked) |
1 recommendation |
to EveryName
Combofix removed a few items,but nothing of note. MBAM removed a few times also, as did the ESET online scanner.
Has there been any changee in the computer's performance?
What issue(s) are still unresolved? | actions · 2012-Sep-25 10:49 am · (locked) | EveryName Premium Member join:2001-12-05 Montreal |
As far as I can tell, the computer is running almost normally. It can boot into windows without safe mode. It's not laggy and slow anymore. Is there an issue that there is something still remaining? | actions · 2012-Sep-25 9:34 pm · (locked) |
1 recommendation |
to EveryName
Nothing more to do except cleanup. First:The following will implement some cleanup procedures as well as reset System Restore points: Click Start, then Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall ( Note: There is a SPACE between ComboFix and /uninstall) Second:Cleaning Up:Delete TFC: - Delete the TFC icon on your Desktop
Delete OTL: - Double click the OTL icon on your Desktop
- Press the 'Cleanup' button
Delete Security Check: - Delete the SecurityCheck icon on your Desktop
Delete Malware Bytes: - We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.
Delete Sophos AntiRootkit- If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs.
Other Programs: - If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions.
| actions · 2012-Sep-26 10:42 am · (locked) |
|