1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Computer Starting Extremely Slow

Discussion in 'General Malware And Security' started by magicalgritz, Aug 9, 2011.

  1. magicalgritz

    magicalgritz Registered Members

    Joined:
    Dec 9, 2010
    Messages:
    15
    Location:
    charlotte
    Operating System:
    Windows 8
    Hey guys recently my computer has been acting up and its been starting really slow for some reason, takes about 2 mins to load up all the programs etc, i believe i am infected but i am not sure, I have ran Malware bytes, Super Antispyware, Norton internet security, and Housecall and they find nothing at all. I have to have something though, the specs of my laptop are pretty good.

    Processor Intel® Core™ i7 CPU Q 720 @ 1.60GHz, 1600 Mhz, 4 Core(s), 8 Logical Processor(s)
    Installed Physical Memory (RAM) 6.00 GB
    Adapter Description ATI Mobility Radeon HD 5600/5700 Series 1gb
    400gb Hard drive

    Also i was doing some research and read that if the computer gets to hot then it reduces the performance on the processor so it doesn't overheat, this laptop has overheated about 6 times now so maybe that can be it? Not sure, i have looked into my BIOS however the options in the BIOS are very limited, i cant do much there.

    Here is my OTL Report

    OTL logfile created on: 8/9/2011 10:45:46 AM - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Wreck\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.94 Gb Total Physical Memory | 3.83 Gb Available Physical Memory | 64.51% Memory free
    11.87 Gb Paging File | 9.60 Gb Available in Paging File | 80.87% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 444.18 Gb Total Space | 324.50 Gb Free Space | 73.05% Space Free | Partition Type: NTFS
    Drive D: | 21.28 Gb Total Space | 3.10 Gb Free Space | 14.56% Space Free | Partition Type: NTFS
    Drive E: | 99.02 Mb Total Space | 90.24 Mb Free Space | 91.13% Space Free | Partition Type: FAT32

    Computer Name: WRECK-PC | User Name: Wreck | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Wreck\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. )
    PRC - C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
    PRC - C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe (Webroot Software, Inc. (www.webroot.com))
    PRC - C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\SSU.exe (Webroot Software, Inc. (www.webroot.com))
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe (Hewlett-Packard Development Company, L.P.)
    PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe (Symantec Corporation)
    PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
    PRC - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Wreck\Downloads\OTL.exe (OldTimer Tools)
    MOD - C:\Program Files\AVAST Software\Avast\snxhk.dll (AVAST Software)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV:64bit: - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
    SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\stacsv64.exe (IDT, Inc.)
    SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
    SRV:64bit: - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
    SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)
    SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe (Andrea Electronics Corporation)
    SRV - (WRConsumerService) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. )
    SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (WebrootSpySweeperService) -- C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe (Webroot Software, Inc. (www.webroot.com))
    SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
    SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
    SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
    SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    SRV - (hpdoccardsvc) -- C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe (Hewlett-Packard Developement Company, L.P.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe (Symantec Corporation)
    SRV - (DvmMDES) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
    SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
    SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
    SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (ssidrv) -- C:\Windows\SysNative\drivers\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
    DRV:64bit: - (ssfmonm) -- C:\Windows\SysNative\drivers\ssfmonm.sys (Webroot Software, Inc. (www.webroot.com))
    DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
    DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
    DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symtdiv.sys (Symantec Corporation)
    DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
    DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1108000.005\ironx64.sys (Symantec Corporation)
    DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
    DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symefa64.sys (Symantec Corporation)
    DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtsp64.sys (Symantec Corporation)
    DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtspx64.sys (Symantec Corporation)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
    DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
    DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1108000.005\cchpx64.sys (Symantec Corporation)
    DRV:64bit: - (DVMIO) -- C:\Windows\SysNative\drivers\dvmio.sys (DeviceVM, Inc.)
    DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
    DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (PTUMWVsp) -- C:\Windows\SysNative\drivers\PTUMWVsp.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
    DRV:64bit: - (PTUMWNET) -- C:\Windows\SysNative\drivers\PTUMWNET.sys (DEVGURU Co., LTD.)
    DRV:64bit: - (PTUMWMdm) -- C:\Windows\SysNative\drivers\PTUMWMdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
    DRV:64bit: - (PTUMWFLT) -- C:\Windows\SysNative\drivers\PTUMWFLT.sys (DEVGURU Co., LTD.)
    DRV:64bit: - (PTUMWCDF) -- C:\Windows\SysNative\drivers\PTUMWCDF.sys (DEVGURU Co., LTD.)
    DRV:64bit: - (PTUMWBus) -- C:\Windows\SysNative\drivers\PTUMWBus.sys (DEVGURU Co., LTD.)
    DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
    DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symds64.sys (Symantec Corporation)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
    DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)
    DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)
    DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
    DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
    DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
    DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
    DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110808.024\EX64.SYS (Symantec Corporation)
    DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110808.024\ENG64.SYS (Symantec Corporation)
    DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110808.030\IDSviA64.sys (Symantec Corporation)
    DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
    DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110723.001\BHDrvx64.sys (Symantec Corporation)
    DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bing.com/
    IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "bing.com"

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Wreck\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\Firefox [2010/06/26 02:06:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2011/07/21 15:33:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/06/26 02:21:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [2011/08/09 10:38:34 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/07/08 13:03:40 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/21 15:46:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/24 05:39:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/08 20:19:09 | 000,000,000 | ---D | M]

    [2011/05/15 16:30:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wreck\AppData\Roaming\Mozilla\Extensions
    [2011/08/01 23:52:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wreck\AppData\Roaming\Mozilla\Firefox\Profiles\z7nj0khn.default\extensions
    [2011/06/23 04:26:21 | 000,000,000 | ---D | M] (ShopToWin4) -- C:\Users\Wreck\AppData\Roaming\Mozilla\Firefox\Profiles\z7nj0khn.default\extensions\{6cbc25b0-0a52-11df-8a39-0800200c9a66}
    [2011/06/05 02:39:53 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Users\Wreck\AppData\Roaming\Mozilla\Firefox\Profiles\z7nj0khn.default\extensions\DefaultManager@Microsoft
    [2011/06/08 20:19:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/06/15 22:14:00 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2011/06/08 20:19:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    File not found (No name found) --
    [2011/07/21 15:46:29 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2011/08/09 10:38:34 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN_2010_9_0_6
    [2011/07/21 15:33:55 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN
    () (No name found) -- C:\USERS\WRECK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z7NJ0KHN.DEFAULT\EXTENSIONS\{FE0258AB-4F74-43A1-8781-BCDF340F9EE9}.XPI
    () (No name found) -- C:\USERS\WRECK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z7NJ0KHN.DEFAULT\EXTENSIONS\JOHN@VELVETCACHE.ORG.XPI
    [2011/06/24 05:39:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2010/07/27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
    [2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/08/03 14:01:52 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (HP SimplePass Identity Protection Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
    O2 - BHO: (HP SimplePass Identity Protection Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEplg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
    O4:64bit: - HKLM..\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe (Hewlett-Packard )
    O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
    O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [WrSvcAssist] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRSvcAssist.exe ()
    O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_Plugin.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Users\Wreck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011/08/09 09:35:25 | 000,000,000 | -H-D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{9844e5b7-8745-11e0-bfc8-ddf35b22bd7d}\Shell - "" = AutoRun
    O33 - MountPoints2\{9844e5b7-8745-11e0-bfc8-ddf35b22bd7d}\Shell\AutoRun\command - "" = G:\Start.exe
    O33 - MountPoints2\{9844e5b7-8745-11e0-bfc8-ddf35b22bd7d}\Shell\menu1\command - "" = G:\Start.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*



    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/08/09 10:00:19 | 000,000,000 | ---D | C] -- C:\Users\Wreck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2011/08/09 10:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2011/08/09 09:35:25 | 000,000,000 | -H-D | C] -- C:\Users\Wreck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    [2011/08/09 09:35:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    [2011/08/09 05:51:15 | 000,000,000 | ---D | C] -- C:\Users\Wreck\AppData\Local\Sony
    [2011/08/09 05:48:23 | 000,000,000 | ---D | C] -- C:\Users\Wreck\AppData\Roaming\Sony
    [2011/07/30 00:23:34 | 000,000,000 | ---D | C] -- C:\Users\Wreck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth
    [2011/07/30 00:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth
    [2011/07/30 00:23:32 | 000,000,000 | ---D | C] -- C:\Users\Wreck\Documents\Heroes of Newerth
    [2011/07/30 00:21:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Heroes of Newerth
    [2011/07/27 02:32:05 | 000,000,000 | ---D | C] -- C:\Users\Wreck\riotsGamesLogs
    [2011/07/21 21:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2011/07/21 21:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2011/07/21 15:47:48 | 000,000,000 | ---D | C] -- C:\Users\Wreck\AppData\Roaming\SUPERAntiSpyware.com
    [2011/07/21 15:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2011/07/21 15:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
    [2011/07/21 15:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2011/07/21 15:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/07/21 15:47:04 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2011/07/21 15:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2011/07/21 15:47:03 | 000,288,088 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2011/07/21 15:46:49 | 000,045,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2011/07/21 15:46:49 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2011/07/21 15:46:48 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2011/07/21 15:46:42 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2011/07/21 15:46:42 | 000,064,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2011/07/21 15:46:21 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/07/21 15:46:20 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2011/07/21 15:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2011/07/21 15:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/07/20 23:10:42 | 000,000,000 | ---D | C] -- C:\Users\Wreck\Desktop\Random
    [2011/07/20 23:10:27 | 000,000,000 | ---D | C] -- C:\Users\Wreck\Desktop\WW
    [2011/07/15 17:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
    [2011/07/15 14:53:00 | 000,000,000 | ---D | C] -- C:\Users\Wreck\AppData\Roaming\SoftGrid Client
    [2011/07/15 14:53:00 | 000,000,000 | ---D | C] -- C:\Users\Wreck\AppData\Local\SoftGrid Client
    [2011/07/15 14:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
    [2011/07/15 14:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
    [2011/07/15 14:52:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2011/07/15 14:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
    [2011/07/15 14:51:46 | 000,000,000 | ---D | C] -- C:\Users\Wreck\AppData\Roaming\TP
    [2011/07/15 13:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2011/07/12 10:50:30 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
    [2011/07/12 10:50:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2011/07/12 10:50:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2011/07/12 10:50:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2011/07/12 10:50:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2011/07/12 10:50:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2011/07/12 10:50:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2011/07/12 10:50:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2011/07/12 10:50:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2011/07/12 10:50:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2011/07/12 10:50:16 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
    [2011/07/12 10:50:15 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
    [2011/07/12 10:50:06 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
    [2011/07/12 10:50:06 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
    [2011/07/12 10:50:05 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
    [2011/07/12 10:50:05 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
    [2011/07/12 10:50:05 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
    [2011/07/12 10:50:04 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
    [2011/07/12 10:50:04 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
    [2011/07/12 10:49:51 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
    [2011/07/12 10:49:49 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
    [2011/07/12 10:49:48 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
    [2011/07/12 10:49:48 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2011/07/12 10:49:47 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2011/07/12 10:49:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2011/07/12 10:49:46 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2011/07/12 10:49:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2011/07/12 10:49:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
    [2011/07/12 10:49:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2011/07/12 10:49:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2011/07/12 10:49:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2011/05/26 07:37:57 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe339A.dll
    [2 C:\*.tmp files -> C:\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/08/09 10:49:01 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/08/09 10:49:01 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/08/09 10:37:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/08/09 10:37:48 | 484,855,807 | -HS- | M] () -- C:\hiberfil.sys
    [2011/08/09 10:37:45 | 680,755,310 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/08/09 10:00:19 | 000,002,975 | ---- | M] () -- C:\Users\Wreck\Desktop\HiJackThis.lnk
    [2011/08/09 09:40:39 | 003,053,174 | ---- | M] () -- C:\Users\Wreck\Documents\AutoRuns.arn
    [2011/08/09 09:21:27 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForWreck.job
    [2011/08/08 10:06:21 | 000,000,992 | ---- | M] () -- C:\Users\Wreck\Desktop\Wow - Shortcut.lnk
    [2011/08/02 20:39:13 | 000,001,882 | ---- | M] () -- C:\Users\Wreck\Documents\cc_20110802_203907.reg
    [2011/07/30 00:23:37 | 000,001,953 | ---- | M] () -- C:\Users\Wreck\Application Data\Microsoft\Internet Explorer\Quick Launch\Heroes of Newerth.lnk
    [2011/07/30 00:23:37 | 000,001,929 | ---- | M] () -- C:\Users\Wreck\Desktop\Heroes of Newerth.lnk
    [2011/07/24 10:04:36 | 000,280,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/07/24 04:21:57 | 000,351,350 | ---- | M] () -- C:\Users\Wreck\Desktop\cuucc(3).jpg
    [2011/07/21 21:45:29 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2011/07/21 18:44:37 | 147,829,932 | ---- | M] () -- C:\Users\Wreck\Desktop\Random.rar
    [2011/07/21 18:42:38 | 043,648,383 | ---- | M] () -- C:\Users\Wreck\Desktop\Pop up blocker.rar
    [2011/07/21 15:47:45 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/07/21 15:47:05 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/07/21 15:46:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2011/07/21 15:41:20 | 001,181,022 | ---- | M] () -- C:\Windows\SysWow64\TmpA470358
    [2011/07/16 03:15:31 | 000,127,347 | ---- | M] () -- C:\ml-20110716031531.xml
    [2011/07/16 03:01:29 | 000,743,534 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/07/16 03:01:29 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/07/16 03:01:29 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/07/15 13:06:16 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2011/07/11 10:07:54 | 000,136,224 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\SysNative\drivers\ssidrv.sys
    [2011/07/11 10:07:50 | 000,056,920 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\SysNative\drivers\ssfmonm.sys
    [2011/07/11 10:07:38 | 000,030,424 | ---- | M] () -- C:\Windows\SysWow64\wrLZMA.dll
    [2011/07/11 10:07:28 | 000,019,576 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe
    [2 C:\*.tmp files -> C:\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/08/09 10:37:45 | 680,755,310 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/08/09 10:00:19 | 000,002,975 | ---- | C] () -- C:\Users\Wreck\Desktop\HiJackThis.lnk
    [2011/08/09 09:40:39 | 003,053,174 | ---- | C] () -- C:\Users\Wreck\Documents\AutoRuns.arn
    [2011/08/09 09:34:46 | 000,048,904 | ---- | C] () -- C:\Users\Wreck\Desktop\autoruns.chm
    [2011/08/02 20:39:10 | 000,001,882 | ---- | C] () -- C:\Users\Wreck\Documents\cc_20110802_203907.reg
    [2011/07/30 00:23:37 | 000,001,953 | ---- | C] () -- C:\Users\Wreck\Application Data\Microsoft\Internet Explorer\Quick Launch\Heroes of Newerth.lnk
    [2011/07/30 00:23:36 | 000,001,929 | ---- | C] () -- C:\Users\Wreck\Desktop\Heroes of Newerth.lnk
    [2011/07/28 05:08:53 | 000,000,992 | ---- | C] () -- C:\Users\Wreck\Desktop\Wow - Shortcut.lnk
    [2011/07/24 04:22:21 | 000,351,350 | ---- | C] () -- C:\Users\Wreck\Desktop\cuucc(3).jpg
    [2011/07/21 21:45:29 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2011/07/21 18:43:47 | 147,829,932 | ---- | C] () -- C:\Users\Wreck\Desktop\Random.rar
    [2011/07/21 18:42:10 | 043,648,383 | ---- | C] () -- C:\Users\Wreck\Desktop\Pop up blocker.rar
    [2011/07/21 15:47:45 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/07/21 15:47:04 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/07/21 15:46:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2011/07/21 15:41:20 | 001,181,022 | ---- | C] () -- C:\Windows\SysWow64\TmpA470358
    [2011/07/16 03:15:31 | 000,127,347 | ---- | C] () -- C:\ml-20110716031531.xml
    [2011/07/15 14:52:14 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/07/15 13:06:16 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2011/07/04 12:15:31 | 000,000,036 | ---- | C] () -- C:\Users\Wreck\AppData\Local\housecall.guid.cache
    [2011/05/18 01:14:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/05/15 17:58:02 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2011/05/15 16:36:09 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
    [2011/04/19 22:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2010/06/26 01:50:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/06/26 01:41:41 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
    [2010/06/26 01:40:13 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
    [2010/06/26 01:40:13 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
    [2010/06/15 15:28:58 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2010/05/16 21:16:29 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
    [2010/01/27 17:05:52 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
    [2009/12/30 11:57:04 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApi.dll.hpsign
    [2009/12/30 11:57:04 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPClback.dll.hpsign
    [2009/12/29 23:36:24 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPPassFilter.dll.hpsign
    [2009/12/29 23:36:24 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPCrProv.dll.hpsign
    [2009/12/29 23:35:50 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApiUI.dll.hpsign
    [2009/11/30 15:55:34 | 000,370,312 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
    [2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 14:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
    [2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2011/06/07 23:45:14 | 000,000,000 | ---D | M] -- C:\Users\Wreck\AppData\Roaming\.minecraft
    [2011/05/15 18:11:56 | 000,000,000 | ---D | M] -- C:\Users\Wreck\AppData\Roaming\Audacity
    [2011/05/15 15:41:00 | 000,000,000 | ---D | M] -- C:\Users\Wreck\AppData\Roaming\DigitalPersona
    [2011/07/21 15:43:19 | 000,000,000 | ---D | M] -- C:\Users\Wreck\AppData\Roaming\DriverFinder
    [2011/06/17 01:15:48 | 000,000,000 | ---D | M] -- C:\Users\Wreck\AppData\Roaming\Faerie Solitaire
    [2011/07/21 15:36:23 | 000,000,000 | ---D | M] -- C:\Users\Wreck\AppData\Roaming\FrostWire
    [2011/05/22 04:06:47 | 000,000,000 | ---D | M] -- C:\Users\Wreck\AppData\Roaming\funkitron
    [2011/06/02 01:36:23 | 000,000,000 | ---D | M] -- C:\Users\Wreck\AppData\Roaming\ijjigame
    [2011/06/14 22:44:23 | 000,000,000 | ---D | M] -- C:\Users\Wreck\AppData\Roaming\InfraRecorder
    [2011/05/15 17:54:27 | 000,000,000 | ---D | M] -- C:\Users\Wreck\AppData\Roaming\LolClient
    [2011/05/25 22:24:41 | 000,000,000 | ---D | M] -- C:\Users\Wreck\AppData\Roaming\Sammsoft
    [2011/07/21 15:32:36 | 000,000,000 | ---D | M] -- C:\Users\Wreck\AppData\Roaming\SoftGrid Client
    [2011/08/09 05:51:15 | 000,000,000 | ---D | M] -- C:\Users\Wreck\AppData\Roaming\Sony
    [2011/06/17 23:40:12 | 000,000,000 | ---D | M] -- C:\Users\Wreck\AppData\Roaming\SystemRequirementsLab
    [2011/07/02 22:24:56 | 000,000,000 | ---D | M] -- C:\Users\Wreck\AppData\Roaming\Tific
    [2011/07/15 14:53:13 | 000,000,000 | ---D | M] -- C:\Users\Wreck\AppData\Roaming\TP
    [2011/08/09 09:44:56 | 000,000,000 | ---D | M] -- C:\Users\Wreck\AppData\Roaming\uTorrent
    [2011/05/17 03:43:45 | 000,000,000 | ---D | M] -- C:\Users\Wreck\AppData\Roaming\WildTangent
    [2011/06/07 14:16:33 | 000,000,000 | ---D | M] -- C:\Users\Wreck\AppData\Roaming\WildTangentv1001
    [2011/05/17 03:44:42 | 000,000,000 | ---D | M] -- C:\Users\Wreck\AppData\Roaming\WildTangentv1002
    [2009/07/13 22:08:49 | 000,019,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/07/13 18:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2011/08/09 10:37:48 | 484,855,807 | -HS- | M] () -- C:\hiberfil.sys
    [2011/07/16 03:15:31 | 000,127,347 | ---- | M] () -- C:\ml-20110716031531.xml
    [2011/08/09 10:37:46 | 2078,130,175 | -HS- | M] () -- C:\pagefile.sys
    [2 C:\*.tmp files -> C:\*.tmp -> ]

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2011/07/11 10:07:38 | 000,030,424 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\wrLZMA.dll

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\*.exe /lockedfiles >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\* >
    [2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %USERPROFILE%\..|smtmp;true;true;true /FP >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/24 05:39:03 | 000,712,976 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/24 05:39:03 | 000,712,976 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/24 05:39:03 | 000,712,976 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/06/24 05:39:03 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/06/24 05:39:03 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/24 05:39:03 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/04/22 12:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/04/22 12:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/06/24 05:39:03 | 000,712,976 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/06/24 05:39:03 | 000,712,976 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/06/24 05:39:03 | 000,712,976 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2011/06/24 05:39:03 | 000,924,632 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2011/06/24 05:39:03 | 000,924,632 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2011/06/24 05:39:03 | 000,924,632 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/04/22 12:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/04/22 12:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation)

    < End of report >
     
    magicalgritz, Aug 9, 2011
    #1
  3. magicalgritz

    magicalgritz Registered Members

    Joined:
    Dec 9, 2010
    Messages:
    15
    Location:
    charlotte
    Operating System:
    Windows 8
    OTL Extras logfile created on: 8/9/2011 10:45:46 AM - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Wreck\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.94 Gb Total Physical Memory | 3.83 Gb Available Physical Memory | 64.51% Memory free
    11.87 Gb Paging File | 9.60 Gb Available in Paging File | 80.87% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 444.18 Gb Total Space | 324.50 Gb Free Space | 73.05% Space Free | Partition Type: NTFS
    Drive D: | 21.28 Gb Total Space | 3.10 Gb Free Space | 14.56% Space Free | Partition Type: NTFS
    Drive E: | 99.02 Mb Total Space | 90.24 Mb Free Space | 91.13% Space Free | Partition Type: FAT32

    Computer Name: WRECK-PC | User Name: Wreck | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0279C882-B150-44B6-A769-A7C8A2F31CE3}" = HP Wireless Assistant
    "{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
    "{1C336D20-A089-4818-9C56-96AD81BF5A11}" = PANTECH USB Modem V2
    "{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
    "{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}" = HP MediaSmart Movies and TV
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}" = HP MediaSmart SmartMenu
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{9207D4A1-586E-49CA-A002-FC9F475AB1A3}" = HP Tone Control
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{AF81FB63-8419-35A3-D9B1-BAFB441C81DE}" = ccc-utility64
    "{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{EE5017A6-7525-4EE9-99DA-2EF1F6C16B1B}" = Validity Sensors DDK
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F20DF0CA-5929-4C26-A501-FDB19FDF0A50}" = HP SimplePass Identity Protection
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F8597D20-ACC7-FD03-56FA-23894108BA06}" = ATI Catalyst Install Manager
    "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
    "CCleaner" = CCleaner
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
    "{08C94F9D-EB51-D748-E299-E347A2C14A81}" = PX Profile Update
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
    "{15436D38-68EF-4D20-A794-755F54E7E955}" = HP Software Framework
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20B88A14-02F9-48D4-ACEC-6D8F5F3E8A83}" = HP User Guides 0176
    "{220688FD-4E64-4810-B31A-32C3895DFDFA}_is1" = Auto Shutdown
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 26
    "{2822F016-69E9-A368-B612-685CCF4A9B83}" = CCC Help English
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
    "{3273F0D8-3204-4DE5-BE34-AA6613B0E844}" = Mobile PhoneTools
    "{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
    "{394FA67A-FF0A-4356-BB77-D85E5A300BDE}" = HP QuickWeb Installer
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{4123BE4D-C65C-467E-8071-232FB1FBF3B8}" = MSN Toolbar Platform
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{44B4C2E3-D570-16B4-8CED-3D83AAF5D6F7}" = Catalyst Control Center Localization All
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4ECC1D06-672F-2935-E570-CA2D210AE0CE}" = Catalyst Control Center InstallProxy
    "{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
    "{6336C0CC-BA32-4949-9D3D-C86B76147CCA}" = Cricket Broadband Connect
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
    "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
    "{8D7CCD59-BEBB-57D4-23EC-B9A9DB173EAA}" = Catalyst Control Center Graphics Previews Vista
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
    "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
    "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CB829D09-6426-F17D-C95D-303A6613A190}" = ccc-core-static
    "{CC7553CB-AB4E-5BCA-DC44-54D823B83E60}" = Catalyst Control Center InstallProxy
    "{CF6B515D-D99A-4B02-8C92-9EA255035A3D}" = Mobile PhoneTools
    "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
    "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
    "{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{E2831862-F131-4327-B9CC-FA30F587EB6C}" = HP Setup
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "{FEC7B56F-A010-4866-809E-F5082CF5BB8C}" = HP ENVY Document Card Utilities
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "avast" = avast! Free Antivirus
    "Fraps" = Fraps (remove only)
    "GamersFirst LIVE!" = GamersFirst LIVE!
    "hon" = Heroes of Newerth
    "HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
    "HP Photo Creations" = HP Photo Creations
    "InfraRecorder" = InfraRecorder
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
    "MKV Player_is1" = MKV Player 2.0
    "Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
    "My HP Game Console" = HP Game Console
    "NIS" = Norton Internet Security
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "Shutdown Timer_is1" = Shutdown Timer 1.1
    "Steam App 440" = Team Fortress 2
    "Steam App 63710" = BIT.TRIP RUNNER
    "Steam App 7940" = Call of Duty 4: Modern Warfare
    "uTorrent" = µTorrent
    "Webroot Software" = Webroot Software
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "World of Warcraft" = World of Warcraft
    "WT082122" = Blackhawk Striker 2
    "WT082124" = Blasterball 3
    "WT082133" = Dora's Carnival Adventure
    "WT082141" = FATE
    "WT082168" = Penguins!
    "WT082170" = Plants vs. Zombies
    "WT082171" = Poker Superstars III
    "WT082172" = Polar Bowler
    "WT082173" = Polar Golfer
    "WT082188" = Virtual Families
    "WT082189" = Wheel of Fortune 2
    "WT082192" = Bejeweled 2 Deluxe
    "WT082200" = Chuzzle Deluxe
    "WT082241" = Virtual Villagers - The Secret City
    "WT082396" = Diner Dash 2 Restaurant Rescue
    "WT082438" = Build-a-lot 2
    "WT082442" = Faerie Solitaire
    "WT082443" = Jewel Quest 3
    "WT082456" = Mystery P.I. - The New York Fortune
    "WT082463" = Zuma's Revenge
    "WT082468" = Jewel Quest Solitaire 2
    "WT083477" = Cake Mania
    "WT083484" = Escape Rosecliff Island
    "WT083491" = TextTwist 2

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "HuluDesktop" = Hulu Desktop

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 7/6/2011 2:39:58 PM | Computer Name = Wreck-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 7/6/2011 4:35:01 PM | Computer Name = Wreck-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 7/6/2011 4:36:59 PM | Computer Name = Wreck-PC | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
    enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
    file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
    on line 2. Invalid Xml syntax.

    Error - 7/7/2011 6:24:47 AM | Computer Name = Wreck-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 7/7/2011 7:17:33 AM | Computer Name = Wreck-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 7/7/2011 2:07:04 PM | Computer Name = Wreck-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Updater.exe, version: 1.0.0.16749, time
    stamp: 0x4dd2d92c Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385,
    time stamp: 0x4a5bdbdf Exception code: 0xe06d7363 Fault offset: 0x0000b727 Faulting
    process id: 0x164c Faulting application start time: 0x01cc3cd0a54cf551 Faulting application
    path: C:\Program Files (x86)\Ask.com\Updater\Updater.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
    Report
    Id: ead57295-a8c3-11e0-b54b-ac90f9ff2b0a

    Error - 7/8/2011 1:39:26 AM | Computer Name = Wreck-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 7/8/2011 8:22:16 PM | Computer Name = Wreck-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 7/8/2011 9:16:54 PM | Computer Name = Wreck-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 7/9/2011 9:48:45 AM | Computer Name = Wreck-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    [ Hewlett-Packard Events ]
    Error - 6/30/2011 10:22:24 PM | Computer Name = Wreck-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 6/30/2011 10:22:24 PM | Computer Name = Wreck-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 7/7/2011 10:15:37 PM | Computer Name = Wreck-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    [ HP Wireless Assistant Events ]
    Error - 8/7/2011 1:08:28 AM | Computer Name = Wreck-PC | Source = HP WA Service | ID = 0
    Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

    Error - 8/7/2011 1:08:28 AM | Computer Name = Wreck-PC | Source = HP WA Service | ID = 0
    Description = Unable to access panel brightness tables.

    Error - 8/7/2011 12:37:20 PM | Computer Name = Wreck-PC | Source = HP WA Service | ID = 0
    Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

    Error - 8/7/2011 12:37:20 PM | Computer Name = Wreck-PC | Source = HP WA Service | ID = 0
    Description = Unable to access panel brightness tables.

    Error - 8/7/2011 6:39:04 PM | Computer Name = Wreck-PC | Source = HP WA Service | ID = 0
    Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

    Error - 8/7/2011 6:39:04 PM | Computer Name = Wreck-PC | Source = HP WA Service | ID = 0
    Description = Unable to access panel brightness tables.

    Error - 8/9/2011 12:49:13 AM | Computer Name = Wreck-PC | Source = HP WA Service | ID = 0
    Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

    Error - 8/9/2011 12:49:13 AM | Computer Name = Wreck-PC | Source = HP WA Service | ID = 0
    Description = Unable to access panel brightness tables.

    Error - 8/9/2011 12:26:20 PM | Computer Name = Wreck-PC | Source = HP WA Service | ID = 0
    Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

    Error - 8/9/2011 12:57:24 PM | Computer Name = Wreck-PC | Source = HP WA Service | ID = 0
    Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

    [ Media Center Events ]
    Error - 6/15/2011 5:16:52 AM | Computer Name = Wreck-PC | Source = MCUpdate | ID = 0
    Description = 2:16:52 AM - Error connecting to the internet. 2:16:52 AM - Unable
    to contact server..

    Error - 6/15/2011 6:58:46 AM | Computer Name = Wreck-PC | Source = MCUpdate | ID = 0
    Description = 3:58:46 AM - Error connecting to the internet. 3:58:46 AM - Unable
    to contact server..

    Error - 6/15/2011 4:37:15 PM | Computer Name = Wreck-PC | Source = MCUpdate | ID = 0
    Description = 1:37:15 PM - Error connecting to the internet. 1:37:15 PM - Unable
    to contact server..

    Error - 6/19/2011 5:37:14 PM | Computer Name = Wreck-PC | Source = MCUpdate | ID = 0
    Description = 2:37:14 PM - Error connecting to the internet. 2:37:14 PM - Unable
    to contact server..

    Error - 6/19/2011 6:31:54 PM | Computer Name = Wreck-PC | Source = MCUpdate | ID = 0
    Description = 2:37:19 PM - Error connecting to the internet. 2:37:19 PM - Unable
    to contact server..

    Error - 6/25/2011 6:46:19 AM | Computer Name = Wreck-PC | Source = MCUpdate | ID = 0
    Description = 3:46:18 AM - Error connecting to the internet. 3:46:18 AM - Unable
    to contact server..

    [ System Events ]
    Error - 7/4/2011 3:12:52 AM | Computer Name = Wreck-PC | Source = Microsoft-Windows-Kernel-Power | ID = 88
    Description = The system was hibernated due to a critical thermal event. Hibernate
    Time = 2011-07-04T07:12:52.385240200Z ACPI Thermal Zone = ACPI\ThermalZone\TZ01

    _HOT = 378K

    Error - 7/4/2011 3:12:52 AM | Computer Name = Wreck-PC | Source = Microsoft-Windows-Kernel-Power | ID = 88
    Description = The system was hibernated due to a critical thermal event. Hibernate
    Time = 2011-07-04T07:12:52.400840200Z ACPI Thermal Zone = ACPI\ThermalZone\TZ01

    _HOT = 378K

    Error - 7/4/2011 8:21:03 AM | Computer Name = Wreck-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 12:06:32 AM on ?7/?4/?2011 was unexpected.

    Error - 7/5/2011 4:11:26 AM | Computer Name = Wreck-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 12:18:46 AM on ?7/?5/?2011 was unexpected.

    Error - 7/13/2011 6:20:24 AM | Computer Name = Wreck-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 3:18:44 AM on ?7/?13/?2011 was unexpected.

    Error - 7/14/2011 2:42:53 AM | Computer Name = Wreck-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 11:38:19 PM on ?7/?13/?2011 was unexpected.

    Error - 7/14/2011 2:45:44 AM | Computer Name = Wreck-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
    Client Service service to connect.

    Error - 7/14/2011 2:45:44 AM | Computer Name = Wreck-PC | Source = Service Control Manager | ID = 7000
    Description = The Steam Client Service service failed to start due to the following
    error: %%1053

    Error - 7/21/2011 9:34:03 PM | Computer Name = Wreck-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 6:32:42 PM on ?7/?21/?2011 was unexpected.

    Error - 7/21/2011 9:39:46 PM | Computer Name = Wreck-PC | Source = Service Control Manager | ID = 7022
    Description = The Windows Update service hung on starting.


    < End of report >
     
    magicalgritz, Aug 9, 2011
    #2
  4. magicalgritz

    magicalgritz Registered Members

    Joined:
    Dec 9, 2010
    Messages:
    15
    Location:
    charlotte
    Operating System:
    Windows 8
    MBR REPORT

    aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
    Run date: 2011-08-09 11:05:45
    -----------------------------
    11:05:45.828 OS Version: Windows x64 6.1.7600
    11:05:45.828 Number of processors: 8 586 0x1E05
    11:05:45.829 ComputerName: WRECK-PC UserName: Wreck
    11:05:48.067 Initialize success
    11:05:48.444 AVAST engine defs: 11080901
    11:06:44.765 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    11:06:44.770 Disk 0 Vendor: TOSHIBA_ LH00 Size: 476940MB BusType: 3
    11:06:44.811 Disk 0 MBR read successfully
    11:06:44.818 Disk 0 MBR scan
    11:06:44.825 Disk 0 unknown MBR code
    11:06:44.833 Service scanning
    11:06:45.976 Modules scanning
    11:06:45.987 Disk 0 trace - called modules:
    11:06:46.024 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
    11:06:46.034 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800667d060]
    11:06:46.043 3 CLASSPNP.SYS[fffff88001b9f43f] -> nt!IofCallDriver -> [0xfffffa80064d9b10]
    11:06:46.052 5 hpdskflt.sys[fffff88001b46289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800636b050]
    11:06:47.331 AVAST engine scan C:\Windows
    11:06:49.232 AVAST engine scan C:\Windows\system32
    11:07:36.903 AVAST engine scan C:\Windows\system32\drivers
    11:07:41.837 AVAST engine scan C:\Users\Wreck
    11:12:22.907 AVAST engine scan C:\ProgramData
    11:15:31.924 Scan finished successfully
    11:26:35.952 Disk 0 MBR has been saved successfully to "C:\Users\Wreck\Desktop\MBR.dat"
    11:26:35.965 The log file has been saved successfully to "C:\Users\Wreck\Desktop\aswMBR.txt"
     
    magicalgritz, Aug 9, 2011
    #3
  5. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi magicalgritz

    The main reason for this is quite evident from the reports:

    But first:

    P2P Warning
    Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Limewire, U Torrent, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
    Once upon a time, P2P file sharing was fairly safe. That is no longer true.
    P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

    Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
    When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

    You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
    If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.



    Step 1
    It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    Therefore please go to add/remove in the control panel and remove either avast! Free Antivirus or Norton Internet Security.

    also, if your Webroot Spysweeper is the version that also includes an Anti Virus protector.... this will need to be removed as well.

    While you're at it....
    please remove:
    Java™ 6 Update 17 (64-bit)
    This is an old version and should have been removed when your Java was updated.

    If you choose to remove Norton Internet, please add this step afterwards:

    To make sure all Norton Products have been removed:
    Go to: Norton Removal Tool

    Download it to your 'Desktop'.
    Then click on the desktop icon to run the removal tool.


    Step 2
    There are other issues we should address, so......

    Double click on OTL to run it.
    • Under Extra Registry section, select Use SafeList.
    • Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
    • Click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.


    In your next reply, please submit:
    The 2 new OTL reports


    Thanks.
     
    starbuck, Aug 9, 2011
    #4
  6. magicalgritz

    magicalgritz Registered Members

    Joined:
    Dec 9, 2010
    Messages:
    15
    Location:
    charlotte
    Operating System:
    Windows 8
    Ok we are def getting somewhere! The computer is restarting much quicker and loading to windows much quicker, still slow when logging on to a profile though and programs are taking a bit to load. On the OTL do i still run it as Minimal output?
     
    magicalgritz, Aug 9, 2011
    #5
  7. magicalgritz

    magicalgritz Registered Members

    Joined:
    Dec 9, 2010
    Messages:
    15
    Location:
    charlotte
    Operating System:
    Windows 8
    OTL REPORT

    OTL logfile created on: 8/9/2011 1:49:27 PM - Run 2
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Wreck\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.94 Gb Total Physical Memory | 4.27 Gb Available Physical Memory | 71.86% Memory free
    11.87 Gb Paging File | 9.94 Gb Available in Paging File | 83.75% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 444.18 Gb Total Space | 329.06 Gb Free Space | 74.08% Space Free | Partition Type: NTFS
    Drive D: | 21.28 Gb Total Space | 3.10 Gb Free Space | 14.56% Space Free | Partition Type: NTFS
    Drive E: | 99.02 Mb Total Space | 90.24 Mb Free Space | 91.13% Space Free | Partition Type: FAT32

    Computer Name: WRECK-PC | User Name: Wreck | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Wreck\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe (Hewlett-Packard Development Company, L.P.)
    PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
    PRC - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Wreck\Downloads\OTL.exe (OldTimer Tools)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV:64bit: - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
    SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\stacsv64.exe (IDT, Inc.)
    SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
    SRV:64bit: - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
    SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)
    SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe (Andrea Electronics Corporation)
    SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
    SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    SRV - (hpdoccardsvc) -- C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe (Hewlett-Packard Developement Company, L.P.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (DvmMDES) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
    SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
    SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
    SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
    DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
    DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
    DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
    DRV:64bit: - (DVMIO) -- C:\Windows\SysNative\drivers\dvmio.sys (DeviceVM, Inc.)
    DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
    DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (PTUMWVsp) -- C:\Windows\SysNative\drivers\PTUMWVsp.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
    DRV:64bit: - (PTUMWNET) -- C:\Windows\SysNative\drivers\PTUMWNET.sys (DEVGURU Co., LTD.)
    DRV:64bit: - (PTUMWMdm) -- C:\Windows\SysNative\drivers\PTUMWMdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
    DRV:64bit: - (PTUMWFLT) -- C:\Windows\SysNative\drivers\PTUMWFLT.sys (DEVGURU Co., LTD.)
    DRV:64bit: - (PTUMWCDF) -- C:\Windows\SysNative\drivers\PTUMWCDF.sys (DEVGURU Co., LTD.)
    DRV:64bit: - (PTUMWBus) -- C:\Windows\SysNative\drivers\PTUMWBus.sys (DEVGURU Co., LTD.)
    DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
    DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)
    DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)
    DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
    DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
    DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
    DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
    DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bing.com/
    IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "bing.com"

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Wreck\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\Firefox [2010/06/26 02:06:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/06/26 02:21:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/07/08 13:03:40 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/24 05:39:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/08 20:19:09 | 000,000,000 | ---D | M]

    [2011/05/15 16:30:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wreck\AppData\Roaming\Mozilla\Extensions
    [2011/08/01 23:52:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wreck\AppData\Roaming\Mozilla\Firefox\Profiles\z7nj0khn.default\extensions
    [2011/06/23 04:26:21 | 000,000,000 | ---D | M] (ShopToWin4) -- C:\Users\Wreck\AppData\Roaming\Mozilla\Firefox\Profiles\z7nj0khn.default\extensions\{6cbc25b0-0a52-11df-8a39-0800200c9a66}
    [2011/06/05 02:39:53 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Users\Wreck\AppData\Roaming\Mozilla\Firefox\Profiles\z7nj0khn.default\extensions\DefaultManager@Microsoft
    [2011/06/08 20:19:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/06/15 22:14:00 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2011/06/08 20:19:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    File not found (No name found) --
    () (No name found) -- C:\USERS\WRECK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z7NJ0KHN.DEFAULT\EXTENSIONS\{FE0258AB-4F74-43A1-8781-BCDF340F9EE9}.XPI
    () (No name found) -- C:\USERS\WRECK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z7NJ0KHN.DEFAULT\EXTENSIONS\JOHN@VELVETCACHE.ORG.XPI
    [2011/06/24 05:39:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2010/07/27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
    [2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/08/03 14:01:52 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (HP SimplePass Identity Protection Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
    O2 - BHO: (HP SimplePass Identity Protection Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
    O4:64bit: - HKLM..\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe (Hewlett-Packard )
    O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
    O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_Plugin.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Users\Wreck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011/08/09 09:35:25 | 000,000,000 | -H-D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{9844e5b7-8745-11e0-bfc8-ddf35b22bd7d}\Shell - "" = AutoRun
    O33 - MountPoints2\{9844e5b7-8745-11e0-bfc8-ddf35b22bd7d}\Shell\AutoRun\command - "" = G:\Start.exe
    O33 - MountPoints2\{9844e5b7-8745-11e0-bfc8-ddf35b22bd7d}\Shell\menu1\command - "" = G:\Start.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/08/09 10:00:19 | 000,000,000 | ---D | C] -- C:\Users\Wreck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2011/08/09 10:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2011/08/09 09:35:25 | 000,000,000 | -H-D | C] -- C:\Users\Wreck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    [2011/08/09 09:35:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    [2011/08/09 05:51:15 | 000,000,000 | ---D | C] -- C:\Users\Wreck\AppData\Local\Sony
    [2011/08/09 05:48:23 | 000,000,000 | ---D | C] -- C:\Users\Wreck\AppData\Roaming\Sony
    [2011/07/30 00:23:34 | 000,000,000 | ---D | C] -- C:\Users\Wreck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth
    [2011/07/30 00:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth
    [2011/07/30 00:23:32 | 000,000,000 | ---D | C] -- C:\Users\Wreck\Documents\Heroes of Newerth
    [2011/07/30 00:21:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Heroes of Newerth
    [2011/07/27 02:32:05 | 000,000,000 | ---D | C] -- C:\Users\Wreck\riotsGamesLogs
    [2011/07/21 21:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2011/07/21 21:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2011/07/21 15:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2011/07/21 15:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2011/07/21 15:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/07/21 15:46:42 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2011/07/21 15:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2011/07/21 15:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/07/20 23:10:42 | 000,000,000 | ---D | C] -- C:\Users\Wreck\Desktop\Random
    [2011/07/20 23:10:27 | 000,000,000 | ---D | C] -- C:\Users\Wreck\Desktop\WW
    [2011/07/15 17:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
    [2011/07/15 14:53:00 | 000,000,000 | ---D | C] -- C:\Users\Wreck\AppData\Roaming\SoftGrid Client
    [2011/07/15 14:53:00 | 000,000,000 | ---D | C] -- C:\Users\Wreck\AppData\Local\SoftGrid Client
    [2011/07/15 14:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
    [2011/07/15 14:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
    [2011/07/15 14:52:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2011/07/15 14:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
    [2011/07/15 14:51:46 | 000,000,000 | ---D | C] -- C:\Users\Wreck\AppData\Roaming\TP
    [2011/07/15 13:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2011/07/12 10:50:30 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
    [2011/07/12 10:50:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2011/07/12 10:50:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2011/07/12 10:50:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2011/07/12 10:50:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2011/07/12 10:50:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2011/07/12 10:50:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2011/07/12 10:50:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2011/07/12 10:50:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2011/07/12 10:50:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2011/07/12 10:50:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2011/07/12 10:50:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2011/07/12 10:50:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2011/07/12 10:50:16 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
    [2011/07/12 10:50:15 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
    [2011/07/12 10:50:06 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
    [2011/07/12 10:50:06 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
    [2011/07/12 10:50:05 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
    [2011/07/12 10:50:05 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
    [2011/07/12 10:50:05 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
    [2011/07/12 10:50:04 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
    [2011/07/12 10:50:04 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
    [2011/07/12 10:49:51 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
    [2011/07/12 10:49:49 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
    [2011/07/12 10:49:48 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
    [2011/07/12 10:49:48 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2011/07/12 10:49:47 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2011/07/12 10:49:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2011/07/12 10:49:46 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2011/07/12 10:49:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2011/07/12 10:49:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
    [2011/07/12 10:49:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2011/07/12 10:49:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2011/07/12 10:49:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2011/05/26 07:37:57 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe339A.dll
    [2 C:\*.tmp files -> C:\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/08/09 13:42:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/08/09 13:42:32 | 484,855,807 | -HS- | M] () -- C:\hiberfil.sys
    [2011/08/09 10:49:01 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/08/09 10:49:01 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/08/09 10:37:45 | 680,755,310 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/08/09 10:00:19 | 000,002,975 | ---- | M] () -- C:\Users\Wreck\Desktop\HiJackThis.lnk
    [2011/08/09 09:40:39 | 003,053,174 | ---- | M] () -- C:\Users\Wreck\Documents\AutoRuns.arn
    [2011/08/09 09:21:27 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForWreck.job
    [2011/08/08 10:06:21 | 000,000,992 | ---- | M] () -- C:\Users\Wreck\Desktop\Wow - Shortcut.lnk
    [2011/08/02 20:39:13 | 000,001,882 | ---- | M] () -- C:\Users\Wreck\Documents\cc_20110802_203907.reg
    [2011/07/30 00:23:37 | 000,001,953 | ---- | M] () -- C:\Users\Wreck\Application Data\Microsoft\Internet Explorer\Quick Launch\Heroes of Newerth.lnk
    [2011/07/30 00:23:37 | 000,001,929 | ---- | M] () -- C:\Users\Wreck\Desktop\Heroes of Newerth.lnk
    [2011/07/24 10:04:36 | 000,280,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/07/24 04:21:57 | 000,351,350 | ---- | M] () -- C:\Users\Wreck\Desktop\cuucc(3).jpg
    [2011/07/21 21:45:29 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2011/07/21 18:44:37 | 147,829,932 | ---- | M] () -- C:\Users\Wreck\Desktop\Random.rar
    [2011/07/21 18:42:38 | 043,648,383 | ---- | M] () -- C:\Users\Wreck\Desktop\Pop up blocker.rar
    [2011/07/21 15:46:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2011/07/21 15:41:20 | 001,181,022 | ---- | M] () -- C:\Windows\SysWow64\TmpA470358
    [2011/07/16 03:15:31 | 000,127,347 | ---- | M] () -- C:\ml-20110716031531.xml
    [2011/07/16 03:01:29 | 000,743,534 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/07/16 03:01:29 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/07/16 03:01:29 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/07/15 13:06:16 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2011/07/11 10:07:38 | 000,030,424 | ---- | M] () -- C:\Windows\SysWow64\wrLZMA.dll
    [2 C:\*.tmp files -> C:\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/08/09 10:37:45 | 680,755,310 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/08/09 10:00:19 | 000,002,975 | ---- | C] () -- C:\Users\Wreck\Desktop\HiJackThis.lnk
    [2011/08/09 09:40:39 | 003,053,174 | ---- | C] () -- C:\Users\Wreck\Documents\AutoRuns.arn
    [2011/08/02 20:39:10 | 000,001,882 | ---- | C] () -- C:\Users\Wreck\Documents\cc_20110802_203907.reg
    [2011/07/30 00:23:37 | 000,001,953 | ---- | C] () -- C:\Users\Wreck\Application Data\Microsoft\Internet Explorer\Quick Launch\Heroes of Newerth.lnk
    [2011/07/30 00:23:36 | 000,001,929 | ---- | C] () -- C:\Users\Wreck\Desktop\Heroes of Newerth.lnk
    [2011/07/28 05:08:53 | 000,000,992 | ---- | C] () -- C:\Users\Wreck\Desktop\Wow - Shortcut.lnk
    [2011/07/24 04:22:21 | 000,351,350 | ---- | C] () -- C:\Users\Wreck\Desktop\cuucc(3).jpg
    [2011/07/21 21:45:29 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2011/07/21 18:43:47 | 147,829,932 | ---- | C] () -- C:\Users\Wreck\Desktop\Random.rar
    [2011/07/21 18:42:10 | 043,648,383 | ---- | C] () -- C:\Users\Wreck\Desktop\Pop up blocker.rar
    [2011/07/21 15:46:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2011/07/21 15:41:20 | 001,181,022 | ---- | C] () -- C:\Windows\SysWow64\TmpA470358
    [2011/07/16 03:15:31 | 000,127,347 | ---- | C] () -- C:\ml-20110716031531.xml
    [2011/07/15 14:52:14 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/07/15 13:06:16 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2011/07/04 12:15:31 | 000,000,036 | ---- | C] () -- C:\Users\Wreck\AppData\Local\housecall.guid.cache
    [2011/05/18 01:14:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/05/15 17:58:02 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2011/05/15 16:36:09 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
    [2011/04/19 22:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2010/06/26 01:50:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/06/26 01:41:41 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
    [2010/06/26 01:40:13 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
    [2010/06/26 01:40:13 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
    [2010/06/15 15:28:58 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2010/05/16 21:16:29 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
    [2010/01/27 17:05:52 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
    [2009/12/30 11:57:04 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApi.dll.hpsign
    [2009/12/30 11:57:04 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPClback.dll.hpsign
    [2009/12/29 23:36:24 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPPassFilter.dll.hpsign
    [2009/12/29 23:36:24 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPCrProv.dll.hpsign
    [2009/12/29 23:35:50 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApiUI.dll.hpsign
    [2009/11/30 15:55:34 | 000,370,312 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
    [2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 14:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
    [2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    < End of report >
     
    magicalgritz, Aug 9, 2011
    #6
  8. magicalgritz

    magicalgritz Registered Members

    Joined:
    Dec 9, 2010
    Messages:
    15
    Location:
    charlotte
    Operating System:
    Windows 8
    OTL REPORT EXTRA

    OTL Extras logfile created on: 8/9/2011 1:49:27 PM - Run 2
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Wreck\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.94 Gb Total Physical Memory | 4.27 Gb Available Physical Memory | 71.86% Memory free
    11.87 Gb Paging File | 9.94 Gb Available in Paging File | 83.75% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 444.18 Gb Total Space | 329.06 Gb Free Space | 74.08% Space Free | Partition Type: NTFS
    Drive D: | 21.28 Gb Total Space | 3.10 Gb Free Space | 14.56% Space Free | Partition Type: NTFS
    Drive E: | 99.02 Mb Total Space | 90.24 Mb Free Space | 91.13% Space Free | Partition Type: FAT32

    Computer Name: WRECK-PC | User Name: Wreck | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0279C882-B150-44B6-A769-A7C8A2F31CE3}" = HP Wireless Assistant
    "{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
    "{1C336D20-A089-4818-9C56-96AD81BF5A11}" = PANTECH USB Modem V2
    "{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}" = HP MediaSmart Movies and TV
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}" = HP MediaSmart SmartMenu
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{9207D4A1-586E-49CA-A002-FC9F475AB1A3}" = HP Tone Control
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{AF81FB63-8419-35A3-D9B1-BAFB441C81DE}" = ccc-utility64
    "{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{EE5017A6-7525-4EE9-99DA-2EF1F6C16B1B}" = Validity Sensors DDK
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F20DF0CA-5929-4C26-A501-FDB19FDF0A50}" = HP SimplePass Identity Protection
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F8597D20-ACC7-FD03-56FA-23894108BA06}" = ATI Catalyst Install Manager
    "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
    "CCleaner" = CCleaner
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
    "{08C94F9D-EB51-D748-E299-E347A2C14A81}" = PX Profile Update
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
    "{15436D38-68EF-4D20-A794-755F54E7E955}" = HP Software Framework
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20B88A14-02F9-48D4-ACEC-6D8F5F3E8A83}" = HP User Guides 0176
    "{220688FD-4E64-4810-B31A-32C3895DFDFA}_is1" = Auto Shutdown
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 26
    "{2822F016-69E9-A368-B612-685CCF4A9B83}" = CCC Help English
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
    "{3273F0D8-3204-4DE5-BE34-AA6613B0E844}" = Mobile PhoneTools
    "{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
    "{394FA67A-FF0A-4356-BB77-D85E5A300BDE}" = HP QuickWeb Installer
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{4123BE4D-C65C-467E-8071-232FB1FBF3B8}" = MSN Toolbar Platform
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{44B4C2E3-D570-16B4-8CED-3D83AAF5D6F7}" = Catalyst Control Center Localization All
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4ECC1D06-672F-2935-E570-CA2D210AE0CE}" = Catalyst Control Center InstallProxy
    "{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
    "{6336C0CC-BA32-4949-9D3D-C86B76147CCA}" = Cricket Broadband Connect
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
    "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D7CCD59-BEBB-57D4-23EC-B9A9DB173EAA}" = Catalyst Control Center Graphics Previews Vista
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
    "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CB829D09-6426-F17D-C95D-303A6613A190}" = ccc-core-static
    "{CC7553CB-AB4E-5BCA-DC44-54D823B83E60}" = Catalyst Control Center InstallProxy
    "{CF6B515D-D99A-4B02-8C92-9EA255035A3D}" = Mobile PhoneTools
    "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
    "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
    "{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{E2831862-F131-4327-B9CC-FA30F587EB6C}" = HP Setup
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "{FEC7B56F-A010-4866-809E-F5082CF5BB8C}" = HP ENVY Document Card Utilities
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Fraps" = Fraps (remove only)
    "GamersFirst LIVE!" = GamersFirst LIVE!
    "hon" = Heroes of Newerth
    "HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
    "HP Photo Creations" = HP Photo Creations
    "InfraRecorder" = InfraRecorder
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
    "MKV Player_is1" = MKV Player 2.0
    "Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
    "My HP Game Console" = HP Game Console
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "Shutdown Timer_is1" = Shutdown Timer 1.1
    "Steam App 440" = Team Fortress 2
    "Steam App 63710" = BIT.TRIP RUNNER
    "Steam App 7940" = Call of Duty 4: Modern Warfare
    "uTorrent" = µTorrent
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "World of Warcraft" = World of Warcraft
    "WT082122" = Blackhawk Striker 2
    "WT082124" = Blasterball 3
    "WT082133" = Dora's Carnival Adventure
    "WT082141" = FATE
    "WT082168" = Penguins!
    "WT082170" = Plants vs. Zombies
    "WT082171" = Poker Superstars III
    "WT082172" = Polar Bowler
    "WT082173" = Polar Golfer
    "WT082188" = Virtual Families
    "WT082189" = Wheel of Fortune 2
    "WT082192" = Bejeweled 2 Deluxe
    "WT082200" = Chuzzle Deluxe
    "WT082241" = Virtual Villagers - The Secret City
    "WT082396" = Diner Dash 2 Restaurant Rescue
    "WT082438" = Build-a-lot 2
    "WT082442" = Faerie Solitaire
    "WT082443" = Jewel Quest 3
    "WT082456" = Mystery P.I. - The New York Fortune
    "WT082463" = Zuma's Revenge
    "WT082468" = Jewel Quest Solitaire 2
    "WT083477" = Cake Mania
    "WT083484" = Escape Rosecliff Island
    "WT083491" = TextTwist 2

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "HuluDesktop" = Hulu Desktop

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 7/13/2011 6:18:04 AM | Computer Name = Wreck-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 7/13/2011 6:20:24 AM | Computer Name = WRECK-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
    Dependent
    Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 7/13/2011 6:23:00 AM | Computer Name = WRECK-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
    Dependent
    Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 7/13/2011 7:01:44 AM | Computer Name = Wreck-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
    Dependent
    Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 7/13/2011 8:24:53 AM | Computer Name = WRECK-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
    Dependent
    Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 7/13/2011 2:00:04 PM | Computer Name = WRECK-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
    Dependent
    Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 7/13/2011 2:51:04 PM | Computer Name = Wreck-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 7/13/2011 3:00:00 PM | Computer Name = WRECK-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
    Dependent
    Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 7/13/2011 3:49:52 PM | Computer Name = Wreck-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 7/14/2011 2:42:56 AM | Computer Name = Wreck-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
    Dependent
    Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    [ Hewlett-Packard Events ]
    Error - 6/30/2011 10:22:24 PM | Computer Name = Wreck-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 6/30/2011 10:22:24 PM | Computer Name = Wreck-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 7/7/2011 10:15:37 PM | Computer Name = Wreck-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    [ HP Wireless Assistant Events ]
    Error - 8/7/2011 12:37:20 PM | Computer Name = Wreck-PC | Source = HP WA Service | ID = 0
    Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

    Error - 8/7/2011 12:37:20 PM | Computer Name = Wreck-PC | Source = HP WA Service | ID = 0
    Description = Unable to access panel brightness tables.

    Error - 8/7/2011 6:39:04 PM | Computer Name = Wreck-PC | Source = HP WA Service | ID = 0
    Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

    Error - 8/7/2011 6:39:04 PM | Computer Name = Wreck-PC | Source = HP WA Service | ID = 0
    Description = Unable to access panel brightness tables.

    Error - 8/9/2011 12:49:13 AM | Computer Name = Wreck-PC | Source = HP WA Service | ID = 0
    Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

    Error - 8/9/2011 12:49:13 AM | Computer Name = Wreck-PC | Source = HP WA Service | ID = 0
    Description = Unable to access panel brightness tables.

    Error - 8/9/2011 12:26:20 PM | Computer Name = Wreck-PC | Source = HP WA Service | ID = 0
    Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

    Error - 8/9/2011 12:57:24 PM | Computer Name = Wreck-PC | Source = HP WA Service | ID = 0
    Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

    Error - 8/9/2011 1:43:21 PM | Computer Name = Wreck-PC | Source = HP WA Service | ID = 0
    Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

    Error - 8/9/2011 4:46:47 PM | Computer Name = Wreck-PC | Source = HP WA Service | ID = 0
    Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

    [ Media Center Events ]
    Error - 6/15/2011 5:16:52 AM | Computer Name = Wreck-PC | Source = MCUpdate | ID = 0
    Description = 2:16:52 AM - Error connecting to the internet. 2:16:52 AM - Unable
    to contact server..

    Error - 6/15/2011 6:58:46 AM | Computer Name = Wreck-PC | Source = MCUpdate | ID = 0
    Description = 3:58:46 AM - Error connecting to the internet. 3:58:46 AM - Unable
    to contact server..

    Error - 6/15/2011 4:37:15 PM | Computer Name = Wreck-PC | Source = MCUpdate | ID = 0
    Description = 1:37:15 PM - Error connecting to the internet. 1:37:15 PM - Unable
    to contact server..

    Error - 6/19/2011 5:37:14 PM | Computer Name = Wreck-PC | Source = MCUpdate | ID = 0
    Description = 2:37:14 PM - Error connecting to the internet. 2:37:14 PM - Unable
    to contact server..

    Error - 6/19/2011 6:31:54 PM | Computer Name = Wreck-PC | Source = MCUpdate | ID = 0
    Description = 2:37:19 PM - Error connecting to the internet. 2:37:19 PM - Unable
    to contact server..

    Error - 6/25/2011 6:46:19 AM | Computer Name = Wreck-PC | Source = MCUpdate | ID = 0
    Description = 3:46:18 AM - Error connecting to the internet. 3:46:18 AM - Unable
    to contact server..

    [ System Events ]
    Error - 7/4/2011 3:12:52 AM | Computer Name = Wreck-PC | Source = Microsoft-Windows-Kernel-Power | ID = 88
    Description = The system was hibernated due to a critical thermal event. Hibernate
    Time = 2011-07-04T07:12:52.385240200Z ACPI Thermal Zone = ACPI\ThermalZone\TZ01

    _HOT = 378K

    Error - 7/4/2011 3:12:52 AM | Computer Name = Wreck-PC | Source = Microsoft-Windows-Kernel-Power | ID = 88
    Description = The system was hibernated due to a critical thermal event. Hibernate
    Time = 2011-07-04T07:12:52.400840200Z ACPI Thermal Zone = ACPI\ThermalZone\TZ01

    _HOT = 378K

    Error - 7/4/2011 8:21:03 AM | Computer Name = Wreck-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 12:06:32 AM on ?7/?4/?2011 was unexpected.

    Error - 7/5/2011 4:11:26 AM | Computer Name = Wreck-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 12:18:46 AM on ?7/?5/?2011 was unexpected.

    Error - 7/13/2011 6:20:24 AM | Computer Name = Wreck-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 3:18:44 AM on ?7/?13/?2011 was unexpected.

    Error - 7/14/2011 2:42:53 AM | Computer Name = Wreck-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 11:38:19 PM on ?7/?13/?2011 was unexpected.

    Error - 7/14/2011 2:45:44 AM | Computer Name = Wreck-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
    Client Service service to connect.

    Error - 7/14/2011 2:45:44 AM | Computer Name = Wreck-PC | Source = Service Control Manager | ID = 7000
    Description = The Steam Client Service service failed to start due to the following
    error: %%1053

    Error - 7/21/2011 9:34:03 PM | Computer Name = Wreck-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 6:32:42 PM on ?7/?21/?2011 was unexpected.

    Error - 7/21/2011 9:39:46 PM | Computer Name = Wreck-PC | Source = Service Control Manager | ID = 7022
    Description = The Windows Update service hung on starting.


    < End of report >
     
    magicalgritz, Aug 9, 2011
    #7
  9. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi again magicalgritz

    Seems you may have misunderstood what i posted earlier:
    Not both.
    You now have no Anti Virus installed.

    If you want Avast back, it can be downloaded from this recommended list:

    Note*:
    Avira now includes the Ask.com Toolbar unless you choose not to install it. This means it is pre-checked by default and it is recommended that you uncheck that option during installation.

    Note**:
    Upon installation MS Security Essentials will check that your OS is a legal copy.

    Only install one AntiVirus program


    Step 1
    Let's do some cleaning in the registry:

    Double click on OTL to run it.
    Copy the lines in bold below. (make sure that :Otl is on the first line )

    :eek:tl
    IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
    O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O33 - MountPoints2\{9844e5b7-8745-11e0-bfc8-ddf35b22bd7d}\Shell - "" = AutoRun
    O33 - MountPoints2\{9844e5b7-8745-11e0-bfc8-ddf35b22bd7d}\Shell\AutoRun\command - "" = G:\Start.exe
    O33 - MountPoints2\{9844e5b7-8745-11e0-bfc8-ddf35b22bd7d}\Shell\menu1\command - "" = G:\Start.exe

    :Files
    ipconfig /flushdns /c

    :commands
    [emptytemp]
    [purity]
    [RESETHOSTS]
    [EMPTYFLASH]


    • Return to OTL,
    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

      .
    • Click the red Run Fix button.

      [​IMG]
    • OTL will reboot your system once the fix has completed.
    • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

    Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

    if you lose the report, there will be a copy here:
    C:\_OTL\MovedFiles



    Step 2
    Let's get a fresh MBAM report.

    Please update MBAM and run another scan:
    Start MBAM
    Click on the Update tab

    .

    Click Check for Updates

    The latest Database Version is: 7419

    If it says that MBAM needs to close to update it... let it close and then restart.
    Then click the Scan button.

    Don't forget:

    In your next reply, please submit:
    Otl fix report
    Fresh MBAM report


    Thanks.
     
    Last edited by a moderator: Feb 4, 2014
    starbuck, Aug 9, 2011
    #8
  10. magicalgritz

    magicalgritz Registered Members

    Joined:
    Dec 9, 2010
    Messages:
    15
    Location:
    charlotte
    Operating System:
    Windows 8
    Yea i uninstalled all of them just incase, i did some research and it says AD-Adware is one of the best, what do you think about it? Ima try these steps now.
     
    magicalgritz, Aug 9, 2011
    #9
  11. magicalgritz

    magicalgritz Registered Members

    Joined:
    Dec 9, 2010
    Messages:
    15
    Location:
    charlotte
    Operating System:
    Windows 8
    Dude its running much much faster, it still a little slow when logging in the profile but compared to earlier it is waaaaay faster and programs are opening up much quicker as well.

    OTL REPORT

    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9844e5b7-8745-11e0-bfc8-ddf35b22bd7d}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9844e5b7-8745-11e0-bfc8-ddf35b22bd7d}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9844e5b7-8745-11e0-bfc8-ddf35b22bd7d}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9844e5b7-8745-11e0-bfc8-ddf35b22bd7d}\ not found.
    File G:\Start.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9844e5b7-8745-11e0-bfc8-ddf35b22bd7d}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9844e5b7-8745-11e0-bfc8-ddf35b22bd7d}\ not found.
    File G:\Start.exe not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Wreck\Downloads\cmd.bat deleted successfully.
    C:\Users\Wreck\Downloads\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User

    User: Public

    User: Wreck
    ->Temp folder emptied: 48783275 bytes
    ->Temporary Internet Files folder emptied: 51241943 bytes
    ->Java cache emptied: 1701374 bytes
    ->FireFox cache emptied: 75243694 bytes
    ->Google Chrome cache emptied: 6372414 bytes
    ->Flash cache emptied: 7407 bytes

    %systemdrive% .tmp files removed: 24856 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 694704 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 176.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Wreck
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.26.1 log created on 08092011_150429

    Files\Folders moved on Reboot...
    C:\Users\Wreck\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...

    MALWAREBYTE REPORT

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7420

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    8/9/2011 3:46:52 PM
    mbam-log-2011-08-09 (15-46-52).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 394705
    Time elapsed: 37 minute(s), 4 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    magicalgritz, Aug 9, 2011
    #10
  12. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi magicalgritz

    Thanks, at least we are making some headway.

    Forget it.
    Sometime ago Ad-Aware was quite good, but now it's out of date and wouldn't do you any good.

    Let's look a little deeper and see if anything is trying to hide away from us.

    Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

    Link 1
    Link 2

    [​IMG]


    [​IMG]

    This is an example, you may rename ComboFix to anything you want.

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
      For more information read:
      How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

      Then:

      Double click on Combo-Fix.exe & follow the prompts.

      Vista/Win7 users should right click on the icon and select Run as Administrator.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

      If running Vista/Win7, you will not see the recovery console screens, they are for Win XP only
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    Click on Yes, to continue scanning for malware.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
     
    starbuck, Aug 9, 2011
    #11
  13. magicalgritz

    magicalgritz Registered Members

    Joined:
    Dec 9, 2010
    Messages:
    15
    Location:
    charlotte
    Operating System:
    Windows 8
    ComboFix 11-08-09.02 - Wreck 08/09/2011 16:48:43.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6078.3807 [GMT -7:00]
    Running from: c:\users\Wreck\Downloads\ComboFix.exe
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\hpe339A.dll
    c:\windows\system32\no
    c:\windows\system32\no\DPCrProv.dll.mui
    c:\windows\system32\no\DPFPApiUI.dll.mui
    c:\windows\system32\no\DPPassFilter.dll.mui
    c:\windows\system32\SV
    c:\windows\system32\SV\DPCrProv.dll.mui
    c:\windows\system32\SV\DPFPApiUI.dll.mui
    c:\windows\system32\SV\DPPassFilter.dll.mui
    c:\windows\SysWow64\no
    c:\windows\SysWow64\no\DPCrProv.dll.mui
    c:\windows\SysWow64\no\DPFPApiUI.dll.mui
    c:\windows\SysWow64\no\DPPassFilter.dll.mui
    c:\windows\SysWow64\SV
    c:\windows\SysWow64\SV\DPCrProv.dll.mui
    c:\windows\SysWow64\SV\DPFPApiUI.dll.mui
    c:\windows\SysWow64\SV\DPPassFilter.dll.mui
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-09 23:53 . 2011-08-09 23:53 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-08-09 23:26 . 2011-08-09 23:26 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-08-09 23:23 . 2011-08-09 23:23 -------- dc----w- c:\windows\system32\DRVSTORE
    2011-08-09 23:23 . 2011-07-21 21:59 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-08-09 23:23 . 2011-08-09 23:23 -------- d-----w- c:\programdata\Lavasoft
    2011-08-09 23:23 . 2011-08-09 23:23 -------- d-----w- c:\program files (x86)\Lavasoft
    2011-08-09 22:04 . 2011-08-09 22:04 -------- d-----w- C:\_OTL
    2011-08-09 17:00 . 2011-08-09 17:00 388096 ----a-r- c:\users\Wreck\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-08-09 17:00 . 2011-08-09 17:00 -------- d-----w- c:\program files (x86)\Trend Micro
    2011-08-09 12:51 . 2011-08-09 12:51 -------- d-----w- c:\users\Wreck\AppData\Local\Sony
    2011-08-09 12:48 . 2011-08-09 12:51 -------- d-----w- c:\users\Wreck\AppData\Roaming\Sony
    2011-07-30 07:21 . 2011-08-09 14:42 -------- d-----w- c:\program files (x86)\Heroes of Newerth
    2011-07-27 09:32 . 2011-08-05 08:40 -------- d-----w- c:\users\Wreck\riotsGamesLogs
    2011-07-22 04:45 . 2011-07-22 04:45 -------- d-----w- c:\program files\CCleaner
    2011-07-21 22:47 . 2011-07-21 22:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-07-21 22:47 . 2011-08-09 20:47 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-07-21 22:46 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
    2011-07-21 22:46 . 2011-08-09 20:36 -------- d-----w- c:\programdata\AVAST Software
    2011-07-21 22:46 . 2011-07-21 22:46 -------- d-----w- c:\program files\AVAST Software
    2011-07-16 00:11 . 2011-07-16 10:32 -------- d-----w- c:\programdata\VirtualizedApplications
    2011-07-15 21:53 . 2011-07-21 22:32 -------- d-----w- c:\users\Wreck\AppData\Roaming\SoftGrid Client
    2011-07-15 21:53 . 2011-07-15 21:53 -------- d-----w- c:\users\Wreck\AppData\Local\SoftGrid Client
    2011-07-15 21:52 . 2011-07-16 10:01 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
    2011-07-15 21:51 . 2011-07-15 21:53 -------- d-----w- c:\users\Wreck\AppData\Roaming\TP
    2011-07-12 17:49 . 2011-06-02 06:45 362496 ----a-w- c:\windows\system32\wow64win.dll
    2011-07-12 17:49 . 2011-06-02 06:44 214528 ----a-w- c:\windows\system32\winsrv.dll
    2011-07-12 17:49 . 2011-06-02 06:35 338944 ----a-w- c:\windows\system32\conhost.exe
    2011-07-12 17:49 . 2011-06-02 06:45 243200 ----a-w- c:\windows\system32\wow64.dll
    2011-07-12 17:49 . 2011-06-02 06:42 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2011-07-12 17:49 . 2011-06-02 05:59 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2011-07-12 17:49 . 2011-06-02 05:56 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2011-07-12 17:49 . 2011-06-02 06:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2011-07-12 17:49 . 2011-06-02 03:51 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2011-07-12 17:49 . 2011-06-02 05:54 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2011-07-12 17:49 . 2011-06-02 03:50 2048 ----a-w- c:\windows\SysWow64\user.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-07 02:52 . 2011-05-17 06:28 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-07 02:52 . 2011-05-15 22:53 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-19 23:42 . 2011-06-19 23:42 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2011-06-19 23:42 . 2011-06-19 23:42 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2011-06-19 23:42 . 2011-06-19 23:42 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2011-06-19 23:32 . 2011-06-19 23:32 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2011-06-17 00:22 . 2011-06-17 00:22 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2011-06-17 00:21 . 2011-06-17 00:21 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2011-06-17 00:21 . 2011-06-17 00:21 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2011-06-17 00:21 . 2011-06-17 00:21 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-06-07 17:10 . 2011-07-01 18:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CA80A7E5-C297-450C-B7D5-B5BA7CFC4D0C}\mpengine.dll
    2011-06-04 06:53 . 2011-05-15 23:42 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-06-02 05:56 . 2011-07-12 17:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-05-28 03:25 . 2011-06-16 03:29 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-05-28 03:00 . 2011-06-16 03:29 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-05-25 02:14 . 2011-05-15 23:07 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-05-24 11:21 . 2011-06-29 01:30 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
    2011-05-24 10:34 . 2011-06-29 01:30 64512 ----a-w- c:\windows\SysWow64\devobj.dll
    2011-05-24 10:34 . 2011-06-29 01:30 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
    2011-05-24 10:34 . 2011-06-29 01:30 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
    2011-05-24 10:32 . 2011-06-29 01:30 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
    2011-05-16 04:30 . 2011-05-16 04:30 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
    "Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe" [2009-11-30 240472]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
    "HP Envy Guides AutoPlay"="c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe" [2010-03-24 76584]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-07 98304]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    c:\users\Wreck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    Auto Shutdown.lnk - c:\program files (x86)\Auto Shutdown\AutoShutdown.exe [2011-7-5 468480]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2011-6-7 2586736]
    LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2011-5-3 202240]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
    R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\u_sf\GameGuard\dump_wmimmc.sys [x]
    R3 hpdoccardsvc;HP Documention Flash Card Detection Service;c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-03-24 83240]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-08-09 17152]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\DRIVERS\PTUMWBus.sys [x]
    R3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\DRIVERS\PTUMWCDF.sys [x]
    R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\DRIVERS\PTUMWFLT.sys [x]
    R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\DRIVERS\PTUMWMdm.sys [x]
    R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\DRIVERS\PTUMWNET.sys [x]
    R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMWVsp.sys [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    R4 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-02-08 338168]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2009-03-03 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-01-16 127984]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-07-21 2151640]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
    S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-06 2184496]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-09 c:\windows\Tasks\HPCeeScheduleForWreck.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix"="c:\combofix\CF25519.cfxxe" [X]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-14 487424]
    "HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
    "HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
    "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://bing.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Wreck\AppData\Roaming\Mozilla\Firefox\Profiles\z7nj0khn.default\
    FF - prefs.js: browser.startup.homepage - bing.com
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\DigitalPersona\Bin\DPAgent.exe
    c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2011-08-09 16:59:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-08-09 23:59
    .
    Pre-Run: 350,986,067,968 bytes free
    Post-Run: 350,250,557,440 bytes free
    .
    - - End Of File - - 23F7AEC5E7EA11CF84EF04D41F6E8F6D
     
    magicalgritz, Aug 9, 2011
    #12
  14. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi magicalgritz,

    I see you have installed Ad-Aware free, whilst this isn't the best AV it's certainly better than nothing.

    Step 1
    Close any open browsers.
    Close/disable all anti virus, firewall and anti malware programs so they do not interfere with the running of ComboFix:

    Open Notepad - it must be Notepad, not Wordpad.
    Copy the text below in the code box by highlighting all the text and pressing Ctrl+C
    Code:
    RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    Go to the Notepad window and click Edit >> Paste
    Then click File >> Save
    Name the file "CFScript.txt" (including the quotes)
    Save the file to your Desktop

    The main ComboFix.exe program should be on your Desktop
    Drag the file you just created... CFScript.txt and drop it on the main ComboFix.exe icon
    as below.
    [​IMG]

    Now please wait for ComboFix to finish running.

    Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash


    Step 2
    Please run the F-Secure Online Scanner

    Instructions for use with Internet Explorer

    Follow the Instruction here for installation.
    Accept the License Agreement.
    Once the ActiveX installs, Click Full System Scan
    Once the download completes, the scan will begin automatically.
    The scan will take some time to finish, so please be patient.
    When the scan completes, click the Automatic cleaning (recommended) button.

    Click the Show Report button and Copy & Paste the entire report in your next reply.

    Instructions for use with Firefox

    If you see the box:
    Click on the license terms to read them, if you agree.....
    put a tick in the box and then click on 'Install'.
    Once the Add on installs, Click Full System Scan
    Once the download completes, the scan will begin automatically.
    The scan will take some time to finish, so please be patient.
    When the scan completes, click the Automatic cleaning (recommended) button.

    Click the Show Report button and Copy & Paste the entire report in your next reply.


    In your next reply, please submit:
    New Combofix.txt
    F Secure scan report


    Thanks.
     
    starbuck, Aug 10, 2011
    #13
  15. magicalgritz

    magicalgritz Registered Members

    Joined:
    Dec 9, 2010
    Messages:
    15
    Location:
    charlotte
    Operating System:
    Windows 8
    yea i installed AD Aware before you told me it sucked, i am going to uninstall it though.

    COMBOFIX REPORT

    ComboFix 11-08-10.03 - Wreck 08/10/2011 17:01:48.2.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6078.4330 [GMT -7:00]
    Running from: c:\users\Wreck\Downloads\ComboFix.exe
    Command switches used :: c:\users\Wreck\Desktop\CFScript.txt
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-11 to 2011-08-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-11 00:08 . 2011-08-11 00:08 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-08-09 23:26 . 2011-08-09 23:26 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-08-09 23:23 . 2011-08-09 23:23 -------- dc----w- c:\windows\system32\DRVSTORE
    2011-08-09 23:23 . 2011-07-21 21:59 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-08-09 23:23 . 2011-08-09 23:23 -------- d-----w- c:\programdata\Lavasoft
    2011-08-09 23:23 . 2011-08-09 23:23 -------- d-----w- c:\program files (x86)\Lavasoft
    2011-08-09 22:04 . 2011-08-09 22:04 -------- d-----w- C:\_OTL
    2011-08-09 17:00 . 2011-08-09 17:00 388096 ----a-r- c:\users\Wreck\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-08-09 17:00 . 2011-08-09 17:00 -------- d-----w- c:\program files (x86)\Trend Micro
    2011-08-09 12:51 . 2011-08-09 12:51 -------- d-----w- c:\users\Wreck\AppData\Local\Sony
    2011-08-09 12:48 . 2011-08-09 12:51 -------- d-----w- c:\users\Wreck\AppData\Roaming\Sony
    2011-07-30 07:21 . 2011-08-09 14:42 -------- d-----w- c:\program files (x86)\Heroes of Newerth
    2011-07-27 09:32 . 2011-08-05 08:40 -------- d-----w- c:\users\Wreck\riotsGamesLogs
    2011-07-22 04:45 . 2011-07-22 04:45 -------- d-----w- c:\program files\CCleaner
    2011-07-21 22:47 . 2011-07-21 22:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-07-21 22:47 . 2011-08-09 20:47 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-07-21 22:46 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
    2011-07-21 22:46 . 2011-08-09 20:36 -------- d-----w- c:\programdata\AVAST Software
    2011-07-21 22:46 . 2011-07-21 22:46 -------- d-----w- c:\program files\AVAST Software
    2011-07-16 00:11 . 2011-07-16 10:32 -------- d-----w- c:\programdata\VirtualizedApplications
    2011-07-15 21:53 . 2011-07-21 22:32 -------- d-----w- c:\users\Wreck\AppData\Roaming\SoftGrid Client
    2011-07-15 21:53 . 2011-07-15 21:53 -------- d-----w- c:\users\Wreck\AppData\Local\SoftGrid Client
    2011-07-15 21:52 . 2011-07-16 10:01 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
    2011-07-15 21:51 . 2011-07-15 21:53 -------- d-----w- c:\users\Wreck\AppData\Roaming\TP
    2011-07-12 17:49 . 2011-06-02 06:45 362496 ----a-w- c:\windows\system32\wow64win.dll
    2011-07-12 17:49 . 2011-06-02 06:44 214528 ----a-w- c:\windows\system32\winsrv.dll
    2011-07-12 17:49 . 2011-06-02 06:35 338944 ----a-w- c:\windows\system32\conhost.exe
    2011-07-12 17:49 . 2011-06-02 06:45 243200 ----a-w- c:\windows\system32\wow64.dll
    2011-07-12 17:49 . 2011-06-02 06:42 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2011-07-12 17:49 . 2011-06-02 05:59 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2011-07-12 17:49 . 2011-06-02 05:56 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2011-07-12 17:49 . 2011-06-02 06:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2011-07-12 17:49 . 2011-06-02 03:51 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2011-07-12 17:49 . 2011-06-02 05:54 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2011-07-12 17:49 . 2011-06-02 03:50 2048 ----a-w- c:\windows\SysWow64\user.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-07 02:52 . 2011-05-17 06:28 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-07 02:52 . 2011-05-15 22:53 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-19 23:42 . 2011-06-19 23:42 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2011-06-19 23:42 . 2011-06-19 23:42 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2011-06-19 23:42 . 2011-06-19 23:42 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2011-06-19 23:32 . 2011-06-19 23:32 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2011-06-17 00:22 . 2011-06-17 00:22 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2011-06-17 00:21 . 2011-06-17 00:21 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2011-06-17 00:21 . 2011-06-17 00:21 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2011-06-17 00:21 . 2011-06-17 00:21 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-06-07 17:10 . 2011-07-01 18:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CA80A7E5-C297-450C-B7D5-B5BA7CFC4D0C}\mpengine.dll
    2011-06-04 06:53 . 2011-05-15 23:42 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-06-02 05:56 . 2011-07-12 17:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-05-28 03:25 . 2011-06-16 03:29 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-05-28 03:00 . 2011-06-16 03:29 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-05-25 02:14 . 2011-05-15 23:07 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-05-24 11:21 . 2011-06-29 01:30 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
    2011-05-24 10:34 . 2011-06-29 01:30 64512 ----a-w- c:\windows\SysWow64\devobj.dll
    2011-05-24 10:34 . 2011-06-29 01:30 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
    2011-05-24 10:34 . 2011-06-29 01:30 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
    2011-05-24 10:32 . 2011-06-29 01:30 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
    2011-05-16 04:30 . 2011-05-16 04:30 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-08-09_23.55.19 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-08-11 00:09 . 2011-08-11 00:09 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    - 2011-08-09 23:54 . 2011-08-09 23:54 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    - 2009-07-14 04:54 . 2011-08-09 23:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-08-11 00:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-08-11 00:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2011-08-09 23:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 05:10 . 2011-08-10 16:26 43160 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-05-15 22:42 . 2011-08-10 16:26 10738 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4243567348-4056380194-3654015192-1001_UserData.bin
    - 2011-05-15 22:51 . 2011-08-09 23:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-05-15 22:51 . 2011-08-10 16:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:46 . 2011-08-10 21:34 80184 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2011-05-15 22:51 . 2011-08-10 16:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-05-15 22:51 . 2011-08-09 23:55 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-05-15 22:51 . 2011-08-10 16:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-05-15 22:51 . 2011-08-09 23:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-05-15 22:42 . 2011-08-11 00:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-05-15 22:42 . 2011-08-09 23:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-05-15 22:42 . 2011-08-11 00:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-05-15 22:42 . 2011-08-09 23:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-08-09 23:54 . 2011-08-09 23:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-08-11 00:09 . 2011-08-11 00:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-08-11 00:09 . 2011-08-11 00:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-08-09 23:54 . 2011-08-09 23:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 04:54 . 2011-08-09 23:54 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-08-11 00:09 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-05-16 05:29 . 2011-08-10 21:23 235932 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-07-14 05:01 . 2011-08-11 00:09 234640 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2011-08-09 23:54 234640 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 02:34 . 2011-08-10 21:44 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    - 2009-07-14 02:34 . 2011-08-09 22:29 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2011-05-15 22:47 . 2011-08-11 00:09 23318052 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4243567348-4056380194-3654015192-1001-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
    "Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe" [2009-11-30 240472]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
    "HP Envy Guides AutoPlay"="c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe" [2010-03-24 76584]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-07 98304]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    c:\users\Wreck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    Auto Shutdown.lnk - c:\program files (x86)\Auto Shutdown\AutoShutdown.exe [2011-7-5 468480]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2011-6-7 2586736]
    LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2011-5-3 202240]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
    R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\u_sf\GameGuard\dump_wmimmc.sys [x]
    R3 hpdoccardsvc;HP Documention Flash Card Detection Service;c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-03-24 83240]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-08-09 17152]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\DRIVERS\PTUMWBus.sys [x]
    R3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\DRIVERS\PTUMWCDF.sys [x]
    R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\DRIVERS\PTUMWFLT.sys [x]
    R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\DRIVERS\PTUMWMdm.sys [x]
    R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\DRIVERS\PTUMWNET.sys [x]
    R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMWVsp.sys [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    R4 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-02-08 338168]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2009-03-03 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-01-16 127984]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-07-21 2151640]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
    S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-06 2184496]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-09 c:\windows\Tasks\HPCeeScheduleForWreck.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-14 487424]
    "HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
    "HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
    "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://bing.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Wreck\AppData\Roaming\Mozilla\Firefox\Profiles\z7nj0khn.default\
    FF - prefs.js: browser.startup.homepage - bing.com
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2011-08-10 17:13:56 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-08-11 00:13
    ComboFix2.txt 2011-08-09 23:59
    .
    Pre-Run: 349,962,862,592 bytes free
    Post-Run: 349,923,495,936 bytes free
    .
    - - End Of File - - C8621C0D5BE6CF7614B39880792665F3



    F-Secure REPORT




    Scanning Report

    Wednesday, August 10, 2011 17:35:31 - 17:56:28

    Computer name: WRECK-PC
    Scanning type: Scan system for malware, spyware and rootkits
    Target: C:\ D:\ E:\ Q:\
    4 malware found

    TrackingCookie.Atdmt (spyware)
    • System (Disinfected)
    TrackingCookie.Doubleclick (spyware)
    • System (Disinfected)
    TrackingCookie.Revsci (spyware)
    • System (Disinfected)
    TrackingCookie.Fastclick (spyware)
    • System (Disinfected)
    Statistics

    Scanned:
    • Files: 94299
    • System: 5813
    • Not scanned: 107
    Actions:
    • Disinfected: 4
    • Renamed: 0
    • Deleted: 0
    • Not cleaned: 0
    • Submitted: 0
    Files not scanned:
    • C:\HIBERFIL.SYS
    • C:\PAGEFILE.SYS
    • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    • C:\WINDOWS\SYSTEM32\CONFIG\SAM
    • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
    • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
    • C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
    • C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
    • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\33DDC05BDC4EF413F4E5F47F3E31F65533AE4169.HOMEGROUPCLASSIFIER\CB81081EC6800312FDFA52FDC1098E62\GROUPING\DB.MDB
    • C:\USERS\WRECK\APPDATA\LOCAL\TEMP\HSPERFDATA_WRECK\4308
    • C:\SYSTEM VOLUME INFORMATION\{2C238837-BE13-11E0-8516-AE323616B20D}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{42652DFD-C2AE-11E0-BEA7-A721DB4ACB75}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{42652E03-C2AE-11E0-BEA7-A721DB4ACB75}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{42652E60-C2AE-11E0-BEA7-A721DB4ACB75}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{42652E64-C2AE-11E0-BEA7-A721DB4ACB75}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{42ED01EA-BA30-11E0-BB28-AE215A7A3C70}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{42ED023B-BA30-11E0-BB28-AE215A7A3C70}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{C5866D97-C2D9-11E0-B062-B8CF3CF1E770}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{C5866D93-C2D9-11E0-B062-B8CF3CF1E770}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{E7329E63-C2A7-11E0-B51A-8F0F52DC5C71}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{E7329E5E-C2A7-11E0-B51A-8F0F52DC5C71}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\QOOBOX\BACKENV\SETPATH.BAT
    • C:\QOOBOX\BACKENV\VIKPEV00
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\03CB9E8849A720279ADCF71D6DC90762_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\07B307246D52B60833323C0481FBA00D_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1353222A73D35C4D5FDD479DDB1B3DD7_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\176464D13BA25E1D2887672C6385035F_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1799E58AFB708FFA245180B34CB4D001_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1A21412B286A3780F9D012CA979A1D8B_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1A8AAB7D45FBC5DA840EFDA45A2E74AD_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1BE38B7B4031C9202D311FC7E5AF5DA5_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1CEC41DD429BAD24A38CE34EE6964669_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\23B6E8234A504D593B155C78F53FE936_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\254D24C8DA39A7FA77657574E31FB986_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\289D1715BCC879FC99CA5DC56AE658EE_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\28C9372766502B54DEF03A704BCAD21B_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\29D0A8BD658155740329054E42C6558D_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2BADB9643FACB1C62792AB628B44616E_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F3134CEB38154D0B41A6ACB0418AEBF_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\36AAB5D693009CFA626F21ACA9354CC5_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3D4D7FE2C86ECB8D70AF02DA5A4764BE_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3F637FB3C08F3C63426B4DF484F53EB3_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3FFBF1F5185E5ED897C218F01C5553EB_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4270EA55B75624A3B8A3C6B35B890792_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\433CEFE9F52C2A0D87BE9E99CC9703A6_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43EE3C37F0CA8D2034742144389643EB_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D73E18BB7DA7C0F054D3B43D5075B31_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F10ADE99125A1DD07D77820081FB960_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F80369626A1535B933BCBAE6532D4AC_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4FE68303043A614E2F308FD43C12514A_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\50F40CC494DB19FAB7A837E6B0FC4F65_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\545FF0780506152FE7E2AC2DE6A57A8E_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5ACBD51440A205C8162620DB52638683_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\631876AD2989CC786A7EEB66A22C616C_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\64EF9321AED73D1DC09C073548D85D56_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\664093830804BF23C0F982E26646D8BF_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\669FEA3543EC24B6AB957D9818EF56E4_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\632774950956F5DDC800C8BDE834DA9C_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\684948D0824E0988BD36F80B69C6A4EE_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6CB8AAECCE8359FD73A33947DCF64327_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6B0C5DA1FF1E3B647879315432DEE053_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7C655E169214C1298924CC1412FEDDF4_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8C696F34878AE079EF8CEB710F668DBB_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7DC93EE8CDE51B0DDDA8CE88D573D394_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8CA9D1F020DBEDCB691EEE226855DDE9_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\93C1D6EC8B6E6E185565DF1486ACB1DD_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\872DADB952B6C5112EC31DE38649F97E_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\96DD77702D24A5BBD2030530610FC213_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5FA2684E6B78D0C5699165B9BACF732_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A2BB0437A88574D8A29A8F5C1E3FBE56_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A1C859F2A256396E4F30A17F738BFBB0_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA626DD40DD62CAC3E0D34F6E98D2F26_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AAAD82352A3694ADD01E79635BE6F8DF_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ADCACFEB59A3F78466CBD3CCC1592F53_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AB767C073B0DC8271511C753023759B9_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B44103763B3EB2A988048BEB17C372A0_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B40D17E98718959C275AF06EF1FD95AD_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B6E63974DCDD873797A109AA691D456D_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BD73AFCDDFE0D53116964023B68ABE24_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BF7971CFBEC8158BA4DAAB8942D0AC39_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C0F480E9D6C3A9A195DF181BB0470922_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C3709846608B3E87B67CD4295D8FB2D0_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C95D72E97D09C07BED5DB02889CCCCE2_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C9EDB7D7F41F880226AD89DC2772B7F9_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CBB654BAEC2D083C7CC4F1BDF742A19C_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC01D116765C8B3151DFB22F7B9DF19B_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D066F80A38260EF62C52ADF205E8A676_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D54059E400D9BF1B6327B7D32E7ABB57_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D58C50033ED49A556FBA40660168C08B_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DB0EC44AE4A33BFE989FB0EAEC73A645_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E19FB4001B24E1897B61A830DC3BF1A2_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E2C22D4E65A5C671E0702460A7E63707_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E5BD3AAAA6D4212C456CFA336932FF68_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DB18B4563E793B083E34C2C018974C0E_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ECEED04FC33B06ABAC461CCE25B74C6B_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F53CB79A6469F453E9F825FDF5986440_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F48B23574EB8218D0898930E0CE1A655_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FD3778DCF3F26EA57155E239DC079072_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED20B8B54C78A9D279A4F91313602A0A_A60873AF-834F-4E06-9482-CD26C70431AE
    • C:\PROGRAMDATA\LAVASOFT\AD-AWARE\MINIMESSAGE\3
    Options

    Scanning engines: Scanning options:
    • Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
    • Use advanced heuristics
     
    magicalgritz, Aug 10, 2011
    #14
  16. magicalgritz

    magicalgritz Registered Members

    Joined:
    Dec 9, 2010
    Messages:
    15
    Location:
    charlotte
    Operating System:
    Windows 8
    The computer is running a lot faster, its almost running as fast as a fresh reformat, honestly i am really satisfied with how the computer is running now, i just logged into my profile and it used to take literally about 25 secs saying Welcome and then when it got into windows it would of taken about 40 more seconds to load everything sometimes longer. Now it only takes 3 secs saying Welcome and only about 6 secs for everything to load. Its up to you to if you would like to dig deeper, but i am very happy with the results so far and would be content if its left like this. I want to Thank you so much for helping me with the problem man, its a huge difference!
     
    magicalgritz, Aug 10, 2011
    #15
  17. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi magicalgritz,

    Glad to hear everything is running well now and that you are satisfied with the result.

    F Secure only found a few tracking cookies so that's good.
    Everything looks good now, so we can finish off the cleaning.

    Step 1
    Restart MBAM.
    Click on the Quarantine tab
    If there are items in quarantine.....
    Make sure everything is selected and then click Delete All.
    Close MBAM.

    Step 2
    Please uninstall ComboFix by
    Clicking on Start ...then run ... and type in combofix /uninstall (don't forget there's is a gap between x and /) Then press Ok
    .

    This action will uninstall Combofix and also perform a few cleanup measures



    Step 3
    • Please double-click OTL.exe to run it.
    • You should see a CleanUp! button, press that button,

      [​IMG]
    • This will cleanup an assortment of tools used during malware removal, plus itself

    Note:
    MBAM will not be removed


    Step 4
    Now you should set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    Click on Start... Control Panel... System and Maintenance... System
    Click on System Protection in the left-hand task list.
    Uncheck the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section.

    When you uncheck a disk you will be presented with a screen.
    You should click on the Turn System Protection Off button.
    Click Apply and then OK.

    Reboot your computer.

    Now:
    Click on Start... Control Panel... System and Maintenance... System
    Click on System Protection in the left-hand task list.
    Put a checkmark in the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section.
    Click Apply and then OK.

    Your System restore will now be active again... starting with a new restore point.

    To find out how you may have been infected....read this topic:
    How did i get infected?

    Not all of the following information will be applicable to you, but it's still best to read it all.

    Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
    • Use an AntiVirus Software
      Note*:
      Avira now includes the Ask.com Toolbar unless you choose not to install it. This means it is pre-checked by default and it is recommended that you uncheck that option during installation.

      Note**:
      Upon installation MS Security Essentials will check that your OS is a legal copy.

      Only install one AntiVirus program
    • Update your AntiVirus Software regularly
    • Use a 3rd party Firewall NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option.

      Only install one software Firewall

      Some 3rd party Firewalls will turn off the windows firewall when they are installed.
      It's always best to check that the Windows Firewall is turned off:

      How to turn off Windows Firewall:
      Start ... Control Panel ...click on 'Classic View'.
      now select Windows Firewall.
      When the Windows Firewall box opens, put a tick against .. Off (not recommended) and then click Ok
    • Scan regularly with a 'Stand Alone' Anti-Malware scanner:
      Installing another scanner that you can run once or twice a week is always beneficial.
      Something like:
      Malwarebytes Anti-Malware
      SUPERAntiSypware
      Remember to update these programs each time before running.
      You can install more than one of these if you only run them as stand alone programs.
    • Use an alternative browser:
      Some excellent alternatives to MS Internet Explorer are:

      Firefox
      For added security, add the NoScript extension to this browser:
      Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks
      also consider adding:
      WOT - Safe Browsing Tool

      Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web.
      Btw: you don't have to make a contribution.

      Opera

      They offer better security, more stability, and better speed.
    • Keep a backup of your registry
      Keeping a regular backup of your registry will help when something goes wrong.
      Use a program like:
      Erunt

      A full tutorial on how to set up and use Erunt can be found here:
      Erunt tutorial
    • Keep your system clean of temp files etc, using a 'Cleaner':

      Cleaners are programs that will help to clean out your:
      Windows temp files
      Current user temp files
      Cookies
      Temporary Internet flies
      Browser history
      Recycle bin
      Etc.......
      In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc.
      Programs like:
      TFC by OldTimer
      ATF Cleaner
    • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

      A tutorial on installing & using this product can be found here:
      Using and installing SpywareBlaster
    • Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.
    Follow this list and your potential for being infected again will reduce dramatically.

    Glad I was able to help.

    Safe surfing. [​IMG]
     
    Last edited by a moderator: Feb 4, 2014
    starbuck, Aug 11, 2011
    #16
  18. Envitanig

    Envitanig Banned

    Joined:
    Nov 15, 2012
    Messages:
    1
    Location:
    Kaohsiung Municipality
    Envitanig, Nov 15, 2012
    #17

Share This Page