WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele

2 posters

descriptionsystem shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele Emptysystem shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele27th February 2012, 1:17 am

more_horiz
Hi, my daughter said her laptop just shut down on her, when she opened it back up it was like it was new again, it was asking her to set up her new computer. all of her music, pics, word programs with college papers were gone. I have tried to restore,but it would seem that it only goes back to when this happened, it like there are no restore points before this either. There is weatherbug program that is on here and I have tried to remove it but it doesn't want to be removed. Also when scrolling the screen goes half blue with each key stroke of typing or just scrolling up and down. I did as you requested below but am not good at this and seemed to misunderstand that I needed to copy the code to the OTL before I ran the scans, when I realized I had made an error I did it that way, so I'm guessing that is why it says scan 2.
Please and Thank you
sharon cedor

OTL logfile created on: 2/26/2012 4:40:23 PM - Run 2
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\Kearsti\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 43.11% Memory free
3.86 Gb Paging File | 2.56 Gb Available in Paging File | 66.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 215.59 Gb Total Space | 183.36 Gb Free Space | 85.05% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.92 Gb Free Space | 96.37% Space Free | Partition Type: FAT32

Computer Name: KEARSTI-PC | User Name: Kearsti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/26 16:02:52 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Kearsti\Desktop\OTL.com
PRC - [2011/11/01 20:13:14 | 000,210,744 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe
PRC - [2011/10/11 12:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2011/08/29 16:00:54 | 000,431,104 | ---- | M] (We-Care.com) -- C:\ProgramData\WeCareReminder\ReminderHelper.exe
PRC - [2011/07/15 20:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/16 14:01:48 | 000,341,280 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SAService.exe
PRC - [2009/08/25 09:57:52 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/08/25 09:57:44 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/07/27 14:32:56 | 000,076,344 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/07/27 07:52:16 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/07/15 16:49:10 | 000,291,064 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
PRC - [2009/07/15 16:49:00 | 000,221,024 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2009/07/13 17:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/18 08:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009/06/02 16:03:20 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
PRC - [2009/06/02 16:01:44 | 000,014,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
PRC - [2009/04/03 12:00:00 | 000,525,664 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/02/02 18:07:18 | 000,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10b.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/15 13:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/08/28 12:07:32 | 000,036,640 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SiteAdv.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/25 23:02:09 | 000,997,888 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\0794d7af09099432ebfb51af1d7f15ae\System.Management.ni.dll
MOD - [2012/02/25 22:59:19 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6954c7f14ea634672cdacf2cd793497e\PresentationFramework.Aero.ni.dll
MOD - [2012/02/25 22:59:13 | 014,322,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8435718626a24beaeefc98d45ae77127\PresentationFramework.ni.dll
MOD - [2012/02/25 22:58:55 | 012,216,320 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c0508b05f5c28e37711f447a66368e75\PresentationCore.ni.dll
MOD - [2012/02/25 22:58:55 | 000,185,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a3f989a61ab0468876629134c49514b2\UIAutomationTypes.ni.dll
MOD - [2012/02/25 22:58:55 | 000,060,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\fccf285ecdd9091a3f8d5e73d79c3300\UIAutomationProvider.ni.dll
MOD - [2012/02/25 22:58:41 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll
MOD - [2012/02/25 22:57:56 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d71769228ebe7732ae31ac194fe00ff0\Accessibility.ni.dll
MOD - [2012/02/25 22:57:55 | 012,431,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll
MOD - [2012/02/25 22:57:36 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll
MOD - [2012/02/25 22:57:33 | 006,618,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\c06a0517281bb4a9c7fcaeb58d38cd63\System.Data.ni.dll
MOD - [2012/02/25 22:57:18 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll
MOD - [2012/02/25 22:57:07 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MOD - [2012/02/25 22:57:06 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012/02/25 22:57:00 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2012/02/25 22:56:53 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/09/16 13:45:39 | 000,116,736 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2009/07/15 16:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/07/15 16:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/07/15 16:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/07/15 16:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/07/15 16:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/07/15 16:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/07/15 16:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/07/15 16:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/06/17 10:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/06/17 10:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/06/17 10:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/06/10 13:23:17 | 002,933,248 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2007/08/28 12:07:32 | 000,036,640 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
MOD - [2007/08/28 12:06:54 | 000,910,624 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SiteAdv.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/02/25 22:16:56 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/09/16 14:01:48 | 000,341,280 | ---- | M] () [Auto | Running] -- C:\Program Files\SiteAdvisor\6173\SAService.exe -- (SiteAdvisor Service)
SRV - [2009/08/25 09:57:52 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/07/27 07:52:16 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/07/20 01:10:00 | 000,282,624 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\System32\yk62x86.dll -- (yksvc)
SRV - [2009/07/15 16:49:00 | 000,221,024 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/18 08:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/13 10:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/02 16:03:20 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe -- (McShield)
SRV - [2009/06/02 16:01:44 | 000,014,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe -- (EngineServer)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/15 13:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)


========== Driver Services (SafeList) ==========

DRV - [2009/07/27 07:52:14 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/20 01:10:00 | 000,313,856 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 15:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 14:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 14:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/08 12:48:38 | 000,025,656 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2009/07/08 12:48:22 | 000,033,848 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV - [2009/06/30 14:01:14 | 000,118,656 | ---- | M] (Ricoh co.,Ltd.) [2 MP series] [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U876.sys -- (5U876UVC)
DRV - [2009/05/25 15:12:00 | 000,122,368 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2009/05/15 17:15:14 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/05/15 17:15:14 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/05/15 17:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/05/15 17:15:14 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009/05/15 17:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=92&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=92&bd=all&pf=cmnb
IE - HKLM\..\URLSearchHook: {93130a67-a674-4177-952a-7d803ce57924} - C:\Program Files\RawCoupon\prxtbRawC.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=92&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {93130a67-a674-4177-952a-7d803ce57924} - C:\Program Files\RawCoupon\prxtbRawC.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp1950@crossrider.com: C:\Users\Kearsti\AppData\Local\RewardsArcadeSuite\1950\Firefox [2012/02/25 19:36:10 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 13:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Reg Error: Value error.) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (RawCoupon Toolbar) - {93130a67-a674-4177-952a-7d803ce57924} - C:\Program Files\RawCoupon\prxtbRawC.dll (Conduit Ltd.)
O2 - BHO: (RewardsArcadeSuite) - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (RawCoupon Toolbar) - {93130a67-a674-4177-952a-7d803ce57924} - C:\Program Files\RawCoupon\prxtbRawC.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (RawCoupon Toolbar) - {93130A67-A674-4177-952A-7D803CE57924} - C:\Program Files\RawCoupon\prxtbRawC.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfee Managed Services Tray] C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.Exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: http://about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{050B5FEE-8609-4734-80F7-FCB720CAD8F2}: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.2.329.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/26 16:30:32 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Kearsti\Desktop\aswMBR.exe
[2012/02/26 16:02:45 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Users\Kearsti\Desktop\OTL.com
[2012/02/25 22:53:46 | 000,000,000 | ---D | C] -- C:\windows\System32\Wat
[2012/02/25 22:34:45 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationHost.exe
[2012/02/25 22:34:45 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationHostProxy.dll
[2012/02/25 22:34:45 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netfxperf.dll
[2012/02/25 22:17:00 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ks.sys
[2012/02/25 21:51:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dnscacheugc.exe
[2012/02/25 21:51:47 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2012/02/25 21:51:47 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2012/02/25 21:51:39 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\ir32_32.dll
[2012/02/25 21:51:39 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\windows\System32\iccvid.dll
[2012/02/25 21:51:37 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\t2embed.dll
[2012/02/25 21:51:27 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdri.dll
[2012/02/25 21:51:19 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\psisdecd.dll
[2012/02/25 21:51:19 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSNP.ax
[2012/02/25 21:51:19 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\psisrndr.ax
[2012/02/25 21:51:18 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Mpeg2Data.ax
[2012/02/25 21:51:18 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSDvbNP.ax
[2012/02/25 21:51:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/02/25 21:51:09 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\windows\System32\GEARAspi.dll
[2012/02/25 21:51:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2012/02/25 21:51:09 | 000,000,000 | ---D | C] -- C:\windows\System32\DRVSTORE
[2012/02/25 21:50:33 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskschd.dll
[2012/02/25 21:50:33 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmicmiplugin.dll
[2012/02/25 21:50:32 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskcomp.dll
[2012/02/25 21:50:32 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schtasks.exe
[2012/02/25 21:49:47 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CertEnroll.dll
[2012/02/25 21:49:46 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winload.exe
[2012/02/25 21:49:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/02/25 21:49:43 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winresume.exe
[2012/02/25 21:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/02/25 21:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/02/25 21:49:35 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\asycfilt.dll
[2012/02/25 21:49:27 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc40.dll
[2012/02/25 21:49:27 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc40u.dll
[2012/02/25 21:49:20 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmploc.DLL
[2012/02/25 21:49:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\packager.dll
[2012/02/25 21:48:53 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSCOVER.exe
[2012/02/25 21:48:48 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fontsub.dll
[2012/02/25 21:48:39 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\EncDec.dll
[2012/02/25 21:48:29 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll
[2012/02/25 21:48:28 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2012/02/25 21:48:26 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\csrsrv.dll
[2012/02/25 21:48:25 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mciavi32.dll
[2012/02/25 21:48:23 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CPFilters.dll
[2012/02/25 21:48:22 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sbe.dll
[2012/02/25 21:48:22 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mpg2splt.ax
[2012/02/25 21:48:18 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\quartz.dll
[2012/02/25 21:48:17 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdvd.dll
[2012/02/25 21:48:05 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\conhost.exe
[2012/02/25 21:48:05 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll
[2012/02/25 21:48:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/02/25 21:48:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/02/25 21:48:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/02/25 21:48:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/02/25 21:48:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/02/25 21:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/02/25 21:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/02/25 21:48:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/02/25 21:48:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/02/25 21:48:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/02/25 21:48:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/02/25 21:48:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/02/25 21:48:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/02/25 21:48:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/02/25 21:48:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/02/25 21:48:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/02/25 21:48:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/02/25 21:48:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/02/25 21:48:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/02/25 21:48:00 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/02/25 21:48:00 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/02/25 21:48:00 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/02/25 21:48:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/02/25 21:48:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/02/25 21:48:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/02/25 21:48:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/02/25 21:48:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/02/25 21:47:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/02/25 21:47:43 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbcjt32.dll
[2012/02/25 21:47:43 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbctrac.dll
[2012/02/25 21:47:43 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccp32.dll
[2012/02/25 21:47:43 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccu32.dll
[2012/02/25 21:47:43 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccr32.dll
[2012/02/25 21:47:37 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2012/02/25 21:47:33 | 003,957,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2012/02/25 21:47:33 | 003,901,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2012/02/25 21:47:21 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll
[2012/02/25 21:47:21 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2012/02/25 21:47:21 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll
[2012/02/25 21:47:20 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mf.dll
[2012/02/25 21:47:19 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL
[2012/02/25 21:47:19 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2012/02/25 21:47:18 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ExplorerFrame.dll
[2012/02/25 21:47:18 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfreadwrite.dll
[2012/02/25 21:47:18 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsRasterService.dll
[2012/02/25 21:47:01 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wscapi.dll
[2012/02/25 21:47:01 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\slwga.dll
[2012/02/25 21:46:51 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpmde.dll
[2012/02/25 21:46:49 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\consent.exe
[2012/02/25 21:46:47 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc.dll
[2012/02/25 21:46:47 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_isv.dll
[2012/02/25 21:46:47 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_isv.exe
[2012/02/25 21:46:47 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate.exe
[2012/02/25 21:46:47 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp_isv.dll
[2012/02/25 21:46:46 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp.dll
[2012/02/25 21:46:45 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp.exe
[2012/02/25 21:46:45 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp_isv.exe
[2012/02/25 21:46:28 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2012/02/25 21:46:28 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/02/25 21:46:27 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2012/02/25 21:46:27 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2012/02/25 21:46:27 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2012/02/25 21:46:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/02/25 21:46:26 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2012/02/25 21:46:25 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2012/02/25 21:46:25 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/02/25 21:46:25 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/02/25 21:46:25 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2012/02/25 21:46:24 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/02/25 21:46:17 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42.dll
[2012/02/25 21:46:16 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42u.dll
[2012/02/25 21:46:07 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prevhost.exe
[2012/02/25 21:45:57 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tquery.dll
[2012/02/25 21:45:57 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssrch.dll
[2012/02/25 21:45:57 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssvp.dll
[2012/02/25 21:45:56 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssph.dll
[2012/02/25 21:45:56 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssphtb.dll
[2012/02/25 21:45:56 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msscntrs.dll
[2012/02/25 21:45:53 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2012/02/25 21:45:48 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\timedate.cpl
[2012/02/25 21:45:32 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\poqexec.exe
[2012/02/25 21:45:31 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\Diskdump.sys
[2012/02/25 21:39:24 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webio.dll
[2012/02/25 21:39:23 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sspisrv.dll
[2012/02/25 21:35:48 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\dxgmms1.sys
[2012/02/25 21:35:47 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cdd.dll
[2012/02/25 21:32:57 | 002,340,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/02/25 18:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Memeo
[2012/02/25 18:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Seagate
[2012/02/25 18:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2012/02/25 18:40:46 | 000,000,000 | -HSD | C] -- C:\windows\ftpcache
[2012/02/05 12:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/02/05 12:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/02/05 10:53:45 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbport.sys
[2012/02/05 10:53:43 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbd.sys
[2012/02/05 10:50:11 | 000,000,000 | ---D | C] -- C:\Users\Kearsti\AppData\Local\Apple Computer
[2012/02/05 10:50:10 | 000,000,000 | ---D | C] -- C:\Users\Kearsti\AppData\Roaming\Apple Computer
[2012/02/05 10:49:02 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2012/02/05 10:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/02/05 10:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/02/05 10:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/02/05 10:47:20 | 000,000,000 | ---D | C] -- C:\Users\Kearsti\AppData\Local\Apple
[2012/02/05 10:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/02/05 10:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

========== Files - Modified Within 30 Days ==========

[2012/02/26 16:32:34 | 000,000,512 | ---- | M] () -- C:\Users\Kearsti\Desktop\MBR.dat
[2012/02/26 16:30:36 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Kearsti\Desktop\aswMBR.exe
[2012/02/26 16:02:52 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Kearsti\Desktop\OTL.com
[2012/02/26 15:48:37 | 000,019,536 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/26 15:48:37 | 000,019,536 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/26 15:26:13 | 000,624,178 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/02/26 15:26:13 | 000,106,522 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/02/26 15:21:09 | 000,001,573 | ---- | M] () -- C:\us
[2012/02/26 15:16:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/02/26 15:16:33 | 1554,198,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/26 15:15:30 | 000,456,632 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/02/25 21:51:15 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/25 19:39:45 | 000,000,330 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForKearsti.job
[2012/02/25 18:50:39 | 000,000,162 | ---- | M] () -- C:\MemeoSendAddin

========== Files Created - No Company Name ==========

[2012/02/26 16:32:34 | 000,000,512 | ---- | C] () -- C:\Users\Kearsti\Desktop\MBR.dat
[2012/02/26 15:21:09 | 000,001,573 | ---- | C] () -- C:\us
[2012/02/25 21:51:15 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/25 21:47:52 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/02/25 18:50:39 | 000,000,162 | ---- | C] () -- C:\MemeoSendAddin
[2012/01/25 23:15:40 | 000,000,880 | ---- | C] () -- C:\windows\HBCIKRNL.INI
[2012/01/25 23:14:26 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/02/26 16:30:36 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Kearsti\Desktop\aswMBR.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2012/02/25 19:36:03 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2012/02/25 19:36:03 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2012/02/25 21:47:51 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2012/02/25 19:25:40 | 000,000,000 | ---D | M] -- C:\Program Files\AWS
[2012/02/25 21:47:03 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2012/02/25 19:25:40 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2012/02/25 19:36:04 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2012/02/25 19:36:05 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2009/09/16 14:25:10 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2012/02/25 19:25:59 | 000,000,000 | ---D | M] -- C:\Program Files\Freeze.com
[2012/02/05 12:42:59 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2012/02/25 19:26:03 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2012/02/25 19:26:04 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/09/16 13:37:06 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2012/02/25 22:54:14 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2012/02/25 21:49:44 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2012/02/25 21:51:08 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2012/02/25 19:36:05 | 000,000,000 | ---D | M] -- C:\Program Files\LSI SoftModem
[2009/09/16 13:37:20 | 000,000,000 | ---D | M] -- C:\Program Files\Marvell
[2009/09/16 14:01:32 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2012/02/25 18:50:38 | 000,000,000 | ---D | M] -- C:\Program Files\Memeo
[2012/02/25 19:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/07/27 03:09:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/09/16 13:53:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/09/16 14:02:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Suite Activation Assistant
[2009/09/16 13:53:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2012/02/25 23:33:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/09/16 13:52:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/07/13 20:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2012/01/26 12:07:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/09/16 13:44:29 | 000,000,000 | ---D | M] -- C:\Program Files\PDF Complete
[2012/02/25 19:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\RawCoupon
[2009/07/13 20:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2012/02/25 19:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\RewardsArcadeSuite
[2009/09/16 14:00:25 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2012/02/25 17:19:20 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2012/02/25 19:26:49 | 000,000,000 | ---D | M] -- C:\Program Files\SCM Microsystems
[2012/02/25 19:36:01 | 000,000,000 | ---D | M] -- C:\Program Files\Seagate
[2012/02/25 19:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\Setup Support for RawCoupon
[2009/09/16 14:01:49 | 000,000,000 | ---D | M] -- C:\Program Files\SiteAdvisor
[2012/02/25 19:36:06 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2012/01/25 22:51:43 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2009/07/13 20:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2012/02/25 19:26:49 | 000,000,000 | ---D | M] -- C:\Program Files\W3i
[2012/02/25 19:36:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2012/02/25 19:38:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2012/02/25 19:26:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2012/02/25 19:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2012/02/25 22:54:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2012/02/25 22:54:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/13 20:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2012/01/25 23:58:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2012/02/25 19:38:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2012/02/25 19:36:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2012/02/25 19:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2012/02/25 19:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!


< MD5 for: AGP440.SYS >
[2009/07/13 17:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 17:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 17:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: DISK.SYS >
[2009/07/13 17:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
[2009/07/13 17:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/13 17:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

< MD5 for: IASTOR.SYS >
[2009/08/07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/08/07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\swsetup\Drivers\32\HDD\IaStor.sys
[2009/08/07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\swsetup\INTELMSM\Winall\Driver\IaStor.sys
[2009/08/07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\drivers\iaStor.sys
[2009/08/07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_1f2a8fa4448bd5bf\iaStor.sys
[2009/08/07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_e0df85a86191e9fe\iaStor.sys
[2009/08/07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/08/07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\swsetup\Drivers\64\HDD\IaStor.sys
[2009/08/07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\swsetup\INTELMSM\Winall\Driver64\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 04:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/03/10 21:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\SoftwareDistribution\Download\68a932b7d968000f163a56fce4f1c00f\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/10 21:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\SoftwareDistribution\Download\68a932b7d968000f163a56fce4f1c00f\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/10 21:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\SoftwareDistribution\Download\68a932b7d968000f163a56fce4f1c00f\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/10 21:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\SoftwareDistribution\Download\68a932b7d968000f163a56fce4f1c00f\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 04:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-02-26 23:26:19

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 17:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 17:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 17:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/12/16 00:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/12/16 00:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 17:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 17:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 17:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/12/16 00:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/12/16 00:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation)

< >

< End of report >

descriptionsystem shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EmptyRe: system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele27th February 2012, 1:18 am

more_horiz
2nd page

OTL logfile created on: 2/26/2012 4:40:23 PM - Run 2
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\Kearsti\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 43.11% Memory free
3.86 Gb Paging File | 2.56 Gb Available in Paging File | 66.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 215.59 Gb Total Space | 183.36 Gb Free Space | 85.05% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.92 Gb Free Space | 96.37% Space Free | Partition Type: FAT32

Computer Name: KEARSTI-PC | User Name: Kearsti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/26 16:02:52 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Kearsti\Desktop\OTL.com
PRC - [2011/11/01 20:13:14 | 000,210,744 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe
PRC - [2011/10/11 12:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2011/08/29 16:00:54 | 000,431,104 | ---- | M] (We-Care.com) -- C:\ProgramData\WeCareReminder\ReminderHelper.exe
PRC - [2011/07/15 20:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/16 14:01:48 | 000,341,280 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SAService.exe
PRC - [2009/08/25 09:57:52 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/08/25 09:57:44 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/07/27 14:32:56 | 000,076,344 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/07/27 07:52:16 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/07/15 16:49:10 | 000,291,064 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
PRC - [2009/07/15 16:49:00 | 000,221,024 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2009/07/13 17:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/18 08:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009/06/02 16:03:20 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
PRC - [2009/06/02 16:01:44 | 000,014,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
PRC - [2009/04/03 12:00:00 | 000,525,664 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/02/02 18:07:18 | 000,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10b.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/15 13:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/08/28 12:07:32 | 000,036,640 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SiteAdv.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/25 23:02:09 | 000,997,888 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\0794d7af09099432ebfb51af1d7f15ae\System.Management.ni.dll
MOD - [2012/02/25 22:59:19 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6954c7f14ea634672cdacf2cd793497e\PresentationFramework.Aero.ni.dll
MOD - [2012/02/25 22:59:13 | 014,322,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8435718626a24beaeefc98d45ae77127\PresentationFramework.ni.dll
MOD - [2012/02/25 22:58:55 | 012,216,320 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c0508b05f5c28e37711f447a66368e75\PresentationCore.ni.dll
MOD - [2012/02/25 22:58:55 | 000,185,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a3f989a61ab0468876629134c49514b2\UIAutomationTypes.ni.dll
MOD - [2012/02/25 22:58:55 | 000,060,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\fccf285ecdd9091a3f8d5e73d79c3300\UIAutomationProvider.ni.dll
MOD - [2012/02/25 22:58:41 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll
MOD - [2012/02/25 22:57:56 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d71769228ebe7732ae31ac194fe00ff0\Accessibility.ni.dll
MOD - [2012/02/25 22:57:55 | 012,431,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll
MOD - [2012/02/25 22:57:36 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll
MOD - [2012/02/25 22:57:33 | 006,618,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\c06a0517281bb4a9c7fcaeb58d38cd63\System.Data.ni.dll
MOD - [2012/02/25 22:57:18 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll
MOD - [2012/02/25 22:57:07 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MOD - [2012/02/25 22:57:06 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012/02/25 22:57:00 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2012/02/25 22:56:53 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/09/16 13:45:39 | 000,116,736 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2009/07/15 16:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/07/15 16:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/07/15 16:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/07/15 16:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/07/15 16:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/07/15 16:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/07/15 16:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/07/15 16:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/06/17 10:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/06/17 10:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/06/17 10:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/06/10 13:23:17 | 002,933,248 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2007/08/28 12:07:32 | 000,036,640 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
MOD - [2007/08/28 12:06:54 | 000,910,624 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SiteAdv.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/02/25 22:16:56 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/09/16 14:01:48 | 000,341,280 | ---- | M] () [Auto | Running] -- C:\Program Files\SiteAdvisor\6173\SAService.exe -- (SiteAdvisor Service)
SRV - [2009/08/25 09:57:52 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/07/27 07:52:16 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/07/20 01:10:00 | 000,282,624 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\System32\yk62x86.dll -- (yksvc)
SRV - [2009/07/15 16:49:00 | 000,221,024 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/18 08:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/13 10:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/02 16:03:20 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe -- (McShield)
SRV - [2009/06/02 16:01:44 | 000,014,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe -- (EngineServer)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/15 13:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)


========== Driver Services (SafeList) ==========

DRV - [2009/07/27 07:52:14 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/20 01:10:00 | 000,313,856 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 15:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 14:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 14:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/08 12:48:38 | 000,025,656 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2009/07/08 12:48:22 | 000,033,848 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV - [2009/06/30 14:01:14 | 000,118,656 | ---- | M] (Ricoh co.,Ltd.) [2 MP series] [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U876.sys -- (5U876UVC)
DRV - [2009/05/25 15:12:00 | 000,122,368 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2009/05/15 17:15:14 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/05/15 17:15:14 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/05/15 17:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/05/15 17:15:14 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009/05/15 17:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=92&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=92&bd=all&pf=cmnb
IE - HKLM\..\URLSearchHook: {93130a67-a674-4177-952a-7d803ce57924} - C:\Program Files\RawCoupon\prxtbRawC.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=92&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {93130a67-a674-4177-952a-7d803ce57924} - C:\Program Files\RawCoupon\prxtbRawC.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp1950@crossrider.com: C:\Users\Kearsti\AppData\Local\RewardsArcadeSuite\1950\Firefox [2012/02/25 19:36:10 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 13:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Reg Error: Value error.) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (RawCoupon Toolbar) - {93130a67-a674-4177-952a-7d803ce57924} - C:\Program Files\RawCoupon\prxtbRawC.dll (Conduit Ltd.)
O2 - BHO: (RewardsArcadeSuite) - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (RawCoupon Toolbar) - {93130a67-a674-4177-952a-7d803ce57924} - C:\Program Files\RawCoupon\prxtbRawC.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (RawCoupon Toolbar) - {93130A67-A674-4177-952A-7D803CE57924} - C:\Program Files\RawCoupon\prxtbRawC.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfee Managed Services Tray] C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.Exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: http://about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{050B5FEE-8609-4734-80F7-FCB720CAD8F2}: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.2.329.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/26 16:30:32 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Kearsti\Desktop\aswMBR.exe
[2012/02/26 16:02:45 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Users\Kearsti\Desktop\OTL.com
[2012/02/25 22:53:46 | 000,000,000 | ---D | C] -- C:\windows\System32\Wat
[2012/02/25 22:34:45 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationHost.exe
[2012/02/25 22:34:45 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationHostProxy.dll
[2012/02/25 22:34:45 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netfxperf.dll
[2012/02/25 22:17:00 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ks.sys
[2012/02/25 21:51:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dnscacheugc.exe
[2012/02/25 21:51:47 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2012/02/25 21:51:47 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2012/02/25 21:51:39 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\ir32_32.dll
[2012/02/25 21:51:39 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\windows\System32\iccvid.dll
[2012/02/25 21:51:37 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\t2embed.dll
[2012/02/25 21:51:27 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdri.dll
[2012/02/25 21:51:19 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\psisdecd.dll
[2012/02/25 21:51:19 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSNP.ax
[2012/02/25 21:51:19 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\psisrndr.ax
[2012/02/25 21:51:18 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Mpeg2Data.ax
[2012/02/25 21:51:18 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSDvbNP.ax
[2012/02/25 21:51:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/02/25 21:51:09 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\windows\System32\GEARAspi.dll
[2012/02/25 21:51:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2012/02/25 21:51:09 | 000,000,000 | ---D | C] -- C:\windows\System32\DRVSTORE
[2012/02/25 21:50:33 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskschd.dll
[2012/02/25 21:50:33 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmicmiplugin.dll
[2012/02/25 21:50:32 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskcomp.dll
[2012/02/25 21:50:32 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schtasks.exe
[2012/02/25 21:49:47 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CertEnroll.dll
[2012/02/25 21:49:46 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winload.exe
[2012/02/25 21:49:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/02/25 21:49:43 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winresume.exe
[2012/02/25 21:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/02/25 21:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/02/25 21:49:35 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\asycfilt.dll
[2012/02/25 21:49:27 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc40.dll
[2012/02/25 21:49:27 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc40u.dll
[2012/02/25 21:49:20 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmploc.DLL
[2012/02/25 21:49:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\packager.dll
[2012/02/25 21:48:53 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSCOVER.exe
[2012/02/25 21:48:48 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fontsub.dll
[2012/02/25 21:48:39 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\EncDec.dll
[2012/02/25 21:48:29 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll
[2012/02/25 21:48:28 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2012/02/25 21:48:26 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\csrsrv.dll
[2012/02/25 21:48:25 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mciavi32.dll
[2012/02/25 21:48:23 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CPFilters.dll
[2012/02/25 21:48:22 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sbe.dll
[2012/02/25 21:48:22 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mpg2splt.ax
[2012/02/25 21:48:18 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\quartz.dll
[2012/02/25 21:48:17 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdvd.dll
[2012/02/25 21:48:05 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\conhost.exe
[2012/02/25 21:48:05 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll
[2012/02/25 21:48:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/02/25 21:48:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/02/25 21:48:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/02/25 21:48:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/02/25 21:48:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/02/25 21:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/02/25 21:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/02/25 21:48:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/02/25 21:48:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/02/25 21:48:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/02/25 21:48:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/02/25 21:48:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/02/25 21:48:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/02/25 21:48:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/02/25 21:48:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/02/25 21:48:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/02/25 21:48:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/02/25 21:48:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/02/25 21:48:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/02/25 21:48:00 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/02/25 21:48:00 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/02/25 21:48:00 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/02/25 21:48:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/02/25 21:48:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/02/25 21:48:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/02/25 21:48:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/02/25 21:48:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/02/25 21:47:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/02/25 21:47:43 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbcjt32.dll
[2012/02/25 21:47:43 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbctrac.dll
[2012/02/25 21:47:43 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccp32.dll
[2012/02/25 21:47:43 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccu32.dll
[2012/02/25 21:47:43 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccr32.dll
[2012/02/25 21:47:37 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2012/02/25 21:47:33 | 003,957,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2012/02/25 21:47:33 | 003,901,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2012/02/25 21:47:21 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll
[2012/02/25 21:47:21 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2012/02/25 21:47:21 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll
[2012/02/25 21:47:20 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mf.dll
[2012/02/25 21:47:19 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL
[2012/02/25 21:47:19 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2012/02/25 21:47:18 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ExplorerFrame.dll
[2012/02/25 21:47:18 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfreadwrite.dll
[2012/02/25 21:47:18 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsRasterService.dll
[2012/02/25 21:47:01 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wscapi.dll
[2012/02/25 21:47:01 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\slwga.dll
[2012/02/25 21:46:51 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpmde.dll
[2012/02/25 21:46:49 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\consent.exe
[2012/02/25 21:46:47 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc.dll
[2012/02/25 21:46:47 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_isv.dll
[2012/02/25 21:46:47 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_isv.exe
[2012/02/25 21:46:47 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate.exe
[2012/02/25 21:46:47 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp_isv.dll
[2012/02/25 21:46:46 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp.dll
[2012/02/25 21:46:45 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp.exe
[2012/02/25 21:46:45 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp_isv.exe
[2012/02/25 21:46:28 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2012/02/25 21:46:28 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/02/25 21:46:27 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2012/02/25 21:46:27 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2012/02/25 21:46:27 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2012/02/25 21:46:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/02/25 21:46:26 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2012/02/25 21:46:25 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2012/02/25 21:46:25 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/02/25 21:46:25 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/02/25 21:46:25 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2012/02/25 21:46:24 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/02/25 21:46:17 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42.dll
[2012/02/25 21:46:16 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42u.dll
[2012/02/25 21:46:07 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prevhost.exe
[2012/02/25 21:45:57 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tquery.dll
[2012/02/25 21:45:57 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssrch.dll
[2012/02/25 21:45:57 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssvp.dll
[2012/02/25 21:45:56 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssph.dll
[2012/02/25 21:45:56 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssphtb.dll
[2012/02/25 21:45:56 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msscntrs.dll
[2012/02/25 21:45:53 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2012/02/25 21:45:48 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\timedate.cpl
[2012/02/25 21:45:32 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\poqexec.exe
[2012/02/25 21:45:31 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\Diskdump.sys
[2012/02/25 21:39:24 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webio.dll
[2012/02/25 21:39:23 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sspisrv.dll
[2012/02/25 21:35:48 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\dxgmms1.sys
[2012/02/25 21:35:47 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cdd.dll
[2012/02/25 21:32:57 | 002,340,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/02/25 18:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Memeo
[2012/02/25 18:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Seagate
[2012/02/25 18:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2012/02/25 18:40:46 | 000,000,000 | -HSD | C] -- C:\windows\ftpcache
[2012/02/05 12:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/02/05 12:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/02/05 10:53:45 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbport.sys
[2012/02/05 10:53:43 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbd.sys
[2012/02/05 10:50:11 | 000,000,000 | ---D | C] -- C:\Users\Kearsti\AppData\Local\Apple Computer
[2012/02/05 10:50:10 | 000,000,000 | ---D | C] -- C:\Users\Kearsti\AppData\Roaming\Apple Computer
[2012/02/05 10:49:02 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2012/02/05 10:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/02/05 10:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/02/05 10:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/02/05 10:47:20 | 000,000,000 | ---D | C] -- C:\Users\Kearsti\AppData\Local\Apple
[2012/02/05 10:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/02/05 10:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

========== Files - Modified Within 30 Days ==========

[2012/02/26 16:32:34 | 000,000,512 | ---- | M] () -- C:\Users\Kearsti\Desktop\MBR.dat
[2012/02/26 16:30:36 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Kearsti\Desktop\aswMBR.exe
[2012/02/26 16:02:52 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Kearsti\Desktop\OTL.com
[2012/02/26 15:48:37 | 000,019,536 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/26 15:48:37 | 000,019,536 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/26 15:26:13 | 000,624,178 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/02/26 15:26:13 | 000,106,522 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/02/26 15:21:09 | 000,001,573 | ---- | M] () -- C:\us
[2012/02/26 15:16:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/02/26 15:16:33 | 1554,198,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/26 15:15:30 | 000,456,632 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/02/25 21:51:15 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/25 19:39:45 | 000,000,330 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForKearsti.job
[2012/02/25 18:50:39 | 000,000,162 | ---- | M] () -- C:\MemeoSendAddin

========== Files Created - No Company Name ==========

[2012/02/26 16:32:34 | 000,000,512 | ---- | C] () -- C:\Users\Kearsti\Desktop\MBR.dat
[2012/02/26 15:21:09 | 000,001,573 | ---- | C] () -- C:\us
[2012/02/25 21:51:15 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/25 21:47:52 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/02/25 18:50:39 | 000,000,162 | ---- | C] () -- C:\MemeoSendAddin
[2012/01/25 23:15:40 | 000,000,880 | ---- | C] () -- C:\windows\HBCIKRNL.INI
[2012/01/25 23:14:26 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/02/26 16:30:36 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Kearsti\Desktop\aswMBR.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2012/02/25 19:36:03 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2012/02/25 19:36:03 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2012/02/25 21:47:51 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2012/02/25 19:25:40 | 000,000,000 | ---D | M] -- C:\Program Files\AWS
[2012/02/25 21:47:03 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2012/02/25 19:25:40 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2012/02/25 19:36:04 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2012/02/25 19:36:05 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2009/09/16 14:25:10 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2012/02/25 19:25:59 | 000,000,000 | ---D | M] -- C:\Program Files\Freeze.com
[2012/02/05 12:42:59 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2012/02/25 19:26:03 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2012/02/25 19:26:04 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/09/16 13:37:06 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2012/02/25 22:54:14 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2012/02/25 21:49:44 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2012/02/25 21:51:08 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2012/02/25 19:36:05 | 000,000,000 | ---D | M] -- C:\Program Files\LSI SoftModem
[2009/09/16 13:37:20 | 000,000,000 | ---D | M] -- C:\Program Files\Marvell
[2009/09/16 14:01:32 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2012/02/25 18:50:38 | 000,000,000 | ---D | M] -- C:\Program Files\Memeo
[2012/02/25 19:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/07/27 03:09:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/09/16 13:53:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/09/16 14:02:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Suite Activation Assistant
[2009/09/16 13:53:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2012/02/25 23:33:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/09/16 13:52:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/07/13 20:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2012/01/26 12:07:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/09/16 13:44:29 | 000,000,000 | ---D | M] -- C:\Program Files\PDF Complete
[2012/02/25 19:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\RawCoupon
[2009/07/13 20:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2012/02/25 19:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\RewardsArcadeSuite
[2009/09/16 14:00:25 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2012/02/25 17:19:20 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2012/02/25 19:26:49 | 000,000,000 | ---D | M] -- C:\Program Files\SCM Microsystems
[2012/02/25 19:36:01 | 000,000,000 | ---D | M] -- C:\Program Files\Seagate
[2012/02/25 19:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\Setup Support for RawCoupon
[2009/09/16 14:01:49 | 000,000,000 | ---D | M] -- C:\Program Files\SiteAdvisor
[2012/02/25 19:36:06 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2012/01/25 22:51:43 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2009/07/13 20:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2012/02/25 19:26:49 | 000,000,000 | ---D | M] -- C:\Program Files\W3i
[2012/02/25 19:36:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2012/02/25 19:38:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2012/02/25 19:26:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2012/02/25 19:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2012/02/25 22:54:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2012/02/25 22:54:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/13 20:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2012/01/25 23:58:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2012/02/25 19:38:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2012/02/25 19:36:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2012/02/25 19:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2012/02/25 19:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!


< MD5 for: AGP440.SYS >
[2009/07/13 17:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 17:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 17:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: DISK.SYS >
[2009/07/13 17:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
[2009/07/13 17:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/13 17:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

< MD5 for: IASTOR.SYS >
[2009/08/07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/08/07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\swsetup\Drivers\32\HDD\IaStor.sys
[2009/08/07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\swsetup\INTELMSM\Winall\Driver\IaStor.sys
[2009/08/07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\drivers\iaStor.sys
[2009/08/07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_1f2a8fa4448bd5bf\iaStor.sys
[2009/08/07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_e0df85a86191e9fe\iaStor.sys
[2009/08/07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/08/07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\swsetup\Drivers\64\HDD\IaStor.sys
[2009/08/07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\swsetup\INTELMSM\Winall\Driver64\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 04:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/03/10 21:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\SoftwareDistribution\Download\68a932b7d968000f163a56fce4f1c00f\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/10 21:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\SoftwareDistribution\Download\68a932b7d968000f163a56fce4f1c00f\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/10 21:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\SoftwareDistribution\Download\68a932b7d968000f163a56fce4f1c00f\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/10 21:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\SoftwareDistribution\Download\68a932b7d968000f163a56fce4f1c00f\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 04:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-02-26 23:26:19

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 17:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 17:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 17:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/12/16 00:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/12/16 00:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 17:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 17:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 17:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/12/16 00:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/12/16 00:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation)

< >

< End of report >

descriptionsystem shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EmptyRe: system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele27th February 2012, 1:19 am

more_horiz
page 3

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-26 16:30:39
-----------------------------
16:30:39.805 OS Version: Windows 6.1.7600
16:30:39.805 Number of processors: 2 586 0x170A
16:30:39.805 ComputerName: KEARSTI-PC UserName: Kearsti
16:30:41.162 Initialize success
16:31:29.040 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:31:29.040 Disk 0 Vendor: WDC_WD25 12.0 Size: 238475MB BusType: 3
16:31:29.087 Disk 0 MBR read successfully
16:31:29.087 Disk 0 MBR scan
16:31:29.087 Disk 0 Windows 7 default MBR code
16:31:29.103 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
16:31:29.103 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 220765 MB offset 616448
16:31:29.134 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15360 MB offset 452743168
16:31:29.149 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 2048 MB offset 484200448
16:31:29.149 Disk 0 scanning sectors +488394752
16:31:29.181 Disk 0 scanning C:\windows\system32\drivers
16:31:33.221 Service scanning
16:31:43.068 Modules scanning
16:31:50.852 Disk 0 trace - called modules:
16:31:50.868 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys iaStor.sys
16:31:50.883 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x869c6ac8]
16:31:50.883 3 CLASSPNP.SYS[8900559e] -> nt!IofCallDriver -> [0x869c5020]
16:31:50.899 5 hpdskflt.sys[89bc9090] -> nt!IofCallDriver -> [0x85fa3958]
16:31:50.899 7 ACPI.sys[88e2f3b2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85f55028]
16:31:50.915 Scan finished successfully
16:32:34.220 Disk 0 MBR has been saved successfully to "C:\Users\Kearsti\Desktop\MBR.dat"
16:32:34.267 The log file has been saved successfully to "C:\Users\Kearsti\Desktop\aswMBR.txt"


descriptionsystem shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EmptyRe: system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele27th February 2012, 2:09 am

more_horiz
Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************

  • Please download Unhide by Grinler from here and save it to your desktop.
  • Double click unhide.exe to run the tool.
  • It will take some time to go through all your files, so please be patient.
  • If this tool doesn´t fix the problem, please let me know.

*************************************************
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:

:OTL
O15 - HKLM\..Trusted Domains: http://about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: http://VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com (
[*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com (
[*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
:COMMANDS
[resethosts]
[purity]
[start explorer]


* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
*************************************************************
Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code:

C:\Program Files\RawCoupon\prxtbRawC.dll


* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
*********************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
**************************************************
system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele Mbamicontw5 Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

[color=red]If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.[/color

descriptionsystem shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EmptyRe: system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele4th March 2012, 4:56 am

more_horiz
ok I got the unhide and OTL done but the next part about Jotti's Malware would not work, it would not let me copy paste in the box. nor could I even type in the box. here are the log files from the first two.

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 03/03/2012 08:33:05 PM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 216476 files processed.

Processing the E:\ drive
Finished processing the E:\ drive. 34 files processed.

The C:\Users\Kearsti\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Program finished at: 03/03/2012 08:38:11 PM
Execution time: 0 hours(s), 5 minute(s), and 5 seconds(s)


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//about.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Exclude.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//LanguageSelection.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Message.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryCmd.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryNag.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyNotification.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//NOCLessUpdate.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//quarantine.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//ScanNow.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//strings.vbs/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Template.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Update.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//VirFound.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
File http in Trusted sites) not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
File https in Trusted sites) not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.33.1 log created on 03032012_204042

descriptionsystem shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EmptyRe: system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele4th March 2012, 7:45 pm

more_horiz
I would like to see the logs from SAS and MBAM.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [URL="herehttp://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications.html"]here[/URL[/url]] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:

system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele NSIS_disclaimer_ENG

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele NSIS_extraction

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele RcAuto1

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele Whatnext

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

descriptionsystem shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EmptyRe: system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele15th March 2012, 4:24 pm

more_horiz
super scan log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/15/2012 at 09:17 AM

Application Version : 5.0.1146

Core Rules Database Version : 8338
Trace Rules Database Version: 6150

Scan type : Quick Scan
Total Scan Time : 00:05:06

Operating System Information
Windows 7 Home Premium 32-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned : 662
Memory threats detected : 0
Registry items scanned : 27269
Registry threats detected : 0
File items scanned : 8487
File threats detected : 48

Adware.Tracking Cookie
C:\Users\Kearsti\AppData\Roaming\Microsoft\Windows\Cookies\kearsti@a1.interclick[1].txt [ /a1.interclick ]
C:\Users\Kearsti\AppData\Roaming\Microsoft\Windows\Cookies\kearsti@akamai.interclickproxy[2].txt [ /akamai.interclickproxy ]
C:\Users\Kearsti\AppData\Roaming\Microsoft\Windows\Cookies\kearsti@atdmt[2].txt [ /atdmt ]
C:\Users\Kearsti\AppData\Roaming\Microsoft\Windows\Cookies\kearsti@interclick[2].txt [ /interclick ]
C:\Users\Kearsti\AppData\Roaming\Microsoft\Windows\Cookies\kearsti@invitemedia[2].txt [ /invitemedia ]
C:\Users\Kearsti\AppData\Roaming\Microsoft\Windows\Cookies\1RL74THB.txt [ /zedo.com ]
C:\Users\Kearsti\AppData\Roaming\Microsoft\Windows\Cookies\WOTKK60A.txt [ /clickbooth.com ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\G0802RYG.txt [ Cookie:kearsti@fastclick.net/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\SK8IG41K.txt [ Cookie:kearsti@media6degrees.com/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\YTXOI6JA.txt [ Cookie:kearsti@advertising.com/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\IO0ZTNJQ.txt [ Cookie:kearsti@pointroll.com/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\VQOR867B.txt [ Cookie:kearsti@insightexpressai.com/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\1GRVLS2W.txt [ Cookie:kearsti@statcounter.com/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\B2U3PM1M.txt [ Cookie:kearsti@serving-sys.com/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kearsti@atdmt[2].txt [ Cookie:kearsti@atdmt.com/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\1MFPOBB4.txt [ Cookie:kearsti@invitemedia.com/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\6V3Q71TL.txt [ Cookie:kearsti@tacoda.at.atwola.com/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\K7QUWOSL.txt [ Cookie:kearsti@adbrite.com/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\C6PCQE48.txt [ Cookie:kearsti@ru4.com/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\EV239PBZ.txt [ Cookie:kearsti@lucidmedia.com/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kearsti@www.googleadservices[2].txt [ Cookie:kearsti@www.googleadservices.com/pagead/conversion/966355483/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\U7U41G9G.txt [ Cookie:kearsti@ads.pointroll.com/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\N52LQJXC.txt [ Cookie:kearsti@doubleclick.net/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\A0NRW12H.txt [ Cookie:kearsti@apmebf.com/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\R50ZZD7M.txt [ Cookie:kearsti@a1.interclick.com/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\QMN9SNXD.txt [ Cookie:kearsti@casalemedia.com/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\JBVP8S5R.txt [ Cookie:kearsti@pro-market.net/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\EOSSC6LT.txt [ Cookie:kearsti@mediaplex.com/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q539ITP1.txt [ Cookie:kearsti@atwola.com/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\U7XBFFUB.txt [ Cookie:kearsti@at.atwola.com/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\YB0D1JP4.txt [ Cookie:kearsti@interclick.com/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\TGLP02J3.txt [ Cookie:kearsti@kontera.com/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kearsti@c.atdmt[2].txt [ Cookie:kearsti@c.atdmt.com/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kearsti@clicksor[2].txt [ Cookie:kearsti@clicksor.com/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kearsti@yieldmanager[1].txt [ Cookie:kearsti@yieldmanager.net/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\4KTM7JP6.txt [ Cookie:kearsti@revsci.net/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kearsti@adultfriendfinder[1].txt [ Cookie:kearsti@adultfriendfinder.com/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\NKDH327J.txt [ Cookie:kearsti@tacoda.net/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\BWI8CAS8.txt [ Cookie:kearsti@ar.atwola.com/ ]
C:\USERS\KEARSTI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kearsti@histats[1].txt [ Cookie:kearsti@histats.com/ ]
C:\USERS\KEARSTI\Cookies\kearsti@atdmt[2].txt [ Cookie:kearsti@atdmt.com/ ]
C:\USERS\KEARSTI\Cookies\kearsti@invitemedia[2].txt [ Cookie:kearsti@invitemedia.com/ ]
C:\USERS\KEARSTI\Cookies\kearsti@a1.interclick[1].txt [ Cookie:kearsti@a1.interclick.com/ ]
C:\USERS\KEARSTI\Cookies\kearsti@akamai.interclickproxy[2].txt [ Cookie:kearsti@akamai.interclickproxy.com/ ]
C:\USERS\KEARSTI\Cookies\kearsti@interclick[2].txt [ Cookie:kearsti@interclick.com/ ]
C:\USERS\KEARSTI\Cookies\1RL74THB.txt [ Cookie:kearsti@zedo.com/ ]
C:\USERS\KEARSTI\Cookies\WOTKK60A.txt [ Cookie:kearsti@clickbooth.com/ ]

Trojan.Agent/Gen-Toggle
C:\USERS\KEARSTI\APPDATA\LOCAL\TEMP\PHXCD21.EXE

descriptionsystem shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EmptyRe: system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele15th March 2012, 5:48 pm

more_horiz
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.15.05

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Kearsti :: KEARSTI-PC [administrator]

3/15/2012 9:30:32 AM
mbam-log-2012-03-15 (10-45-07).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 366359
Time elapsed: 1 hour(s), 1 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\Cr_Installer\1950 (Adware.GamePlayLab) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

descriptionsystem shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EmptyRe: system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele15th March 2012, 6:25 pm

more_horiz
ComboFix 12-03-15.03 - Kearsti 03/15/2012 11:00:47.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1976.1156 [GMT -7:00]
Running from: c:\users\Kearsti\Desktop\ComboFix.exe
AV: McAfee® Total Protection™ for Small Business *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee® Total Protection™ for Small Business *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-15 to 2012-03-15 )))))))))))))))))))))))))))))))
.
.
2012-03-15 18:09 . 2012-03-15 18:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-15 17:58 . 2008-05-22 09:15 434 ----a-w- c:\windows\myClean.bat
2012-03-15 16:29 . 2012-03-15 16:29 -------- d-----w- c:\users\Kearsti\AppData\Roaming\Malwarebytes
2012-03-15 16:29 . 2012-03-15 16:29 -------- d-----w- c:\programdata\Malwarebytes
2012-03-15 16:29 . 2012-03-15 16:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-15 16:29 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-15 16:08 . 2012-03-15 16:08 -------- d-----w- c:\users\Kearsti\AppData\Roaming\SUPERAntiSpyware.com
2012-03-15 16:08 . 2012-03-15 16:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-15 16:08 . 2012-03-15 16:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-04 04:40 . 2012-03-04 04:40 -------- d-----w- C:\_OTL
2012-02-26 23:23 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-02-26 23:23 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-02-26 23:23 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-02-26 23:23 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
2012-02-26 23:23 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-02-26 23:23 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2012-02-26 23:23 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-02-26 23:23 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-02-26 23:23 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
2012-02-26 06:53 . 2012-02-26 06:53 -------- d-----w- c:\windows\system32\Wat
2012-02-26 06:41 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2012-02-26 06:34 . 2009-11-25 20:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-02-26 06:34 . 2009-11-25 20:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-02-26 06:34 . 2009-11-25 20:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-02-26 06:34 . 2009-11-25 20:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-02-26 06:34 . 2009-11-25 20:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-02-26 06:17 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2012-02-26 06:17 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2012-02-26 06:16 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2012-02-26 05:50 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2012-02-26 05:49 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
2012-02-26 05:48 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-02-26 05:47 . 2011-07-16 04:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-02-26 05:46 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2012-02-26 05:45 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2012-02-26 05:39 . 2011-11-17 05:39 224768 ----a-w- c:\windows\system32\schannel.dll
2012-02-26 05:39 . 2011-11-17 05:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2012-02-26 05:39 . 2011-11-17 05:48 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-02-26 05:39 . 2011-11-17 05:48 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-26 05:39 . 2011-11-17 05:42 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-02-26 05:39 . 2011-11-17 05:39 314368 ----a-w- c:\windows\system32\webio.dll
2012-02-26 05:39 . 2011-11-17 05:39 99840 ----a-w- c:\windows\system32\sspicli.dll
2012-02-26 05:39 . 2011-11-17 05:39 15360 ----a-w- c:\windows\system32\sspisrv.dll
2012-02-26 05:39 . 2011-11-17 05:39 22016 ----a-w- c:\windows\system32\secur32.dll
2012-02-26 05:39 . 2011-11-17 05:36 22528 ----a-w- c:\windows\system32\lsass.exe
2012-02-26 05:35 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-02-26 05:35 . 2010-11-02 04:46 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-02-26 05:35 . 2010-11-02 04:23 107520 ----a-w- c:\windows\system32\cdd.dll
2012-02-26 05:34 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-26 05:34 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2012-02-26 05:32 . 2012-01-14 03:48 2340864 ----a-w- c:\windows\system32\win32k.sys
2012-02-26 02:49 . 2012-02-26 02:50 -------- d-----w- c:\program files\Memeo
2012-02-26 02:41 . 2012-02-26 03:36 -------- d-----w- c:\program files\Seagate
2012-02-26 02:41 . 2012-02-26 02:41 -------- d-----w- c:\programdata\Seagate
2012-02-26 02:40 . 2012-02-26 02:40 -------- d-sh--w- c:\windows\ftpcache
2012-02-26 01:41 . 2012-02-26 01:41 140779848 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlcE81.tmp
2012-02-26 01:25 . 2012-02-26 03:38 -------- d-----w- c:\users\Kearsti.Kearsti-PC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 08:45 . 2012-01-26 08:45 18944 ----a-r- c:\users\Kearsti\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2012-01-26 08:45 . 2012-01-26 08:45 11264 ----a-r- c:\users\Kearsti\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A1630.exe
2012-01-26 07:14 . 2012-01-26 07:14 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-01-26 07:14 . 2012-01-26 07:14 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-01-26 07:14 . 2012-01-26 07:14 3862528 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-01-26 07:14 . 2012-01-26 07:14 3551232 ----a-w- c:\windows\system32\bcmihvui.dll
2012-01-26 07:14 . 2012-01-26 07:14 2506232 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{93130a67-a674-4177-952a-7d803ce57924}"= "c:\program files\RawCoupon\prxtbRawC.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{93130a67-a674-4177-952a-7d803ce57924}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93130a67-a674-4177-952a-7d803ce57924}]
2011-05-09 08:49 176936 ----a-w- c:\program files\RawCoupon\prxtbRawC.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{93130a67-a674-4177-952a-7d803ce57924}"= "c:\program files\RawCoupon\prxtbRawC.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{93130a67-a674-4177-952a-7d803ce57924}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{93130A67-A674-4177-952A-7D803CE57924}"= "c:\program files\RawCoupon\prxtbRawC.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{93130a67-a674-4177-952a-7d803ce57924}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-06-02 24264488]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-04-29 1652736]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-02 151064]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-31 460872]
"RunMVSMyClean"="c:\windows\myclean.bat" [2008-05-22 434]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-4-3 525664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-26 1343400]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 5U876UVC;HP Webcam [2 MP series];c:\windows\system32\DRIVERS\5U876.sys [2009-06-30 22:01 118656]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 122368]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-20 313856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-26 c:\windows\Tasks\HPCeeScheduleForKearsti.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-09-16 21:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=92&bd=all&pf=cmnb
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.10.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-15 11:20:23
ComboFix-quarantined-files.txt 2012-03-15 18:20
.
Pre-Run: 199,022,202,880 bytes free
Post-Run: 198,251,790,336 bytes free
.
- - End Of File - - 8A1BE0B68F76187AD68C2EC87FB8B497

descriptionsystem shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EmptyRe: system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele15th March 2012, 7:00 pm

more_horiz
The log shows that your AV is out-of-date. Please update it ASAP. If the subscription has expired please let me know.

Download BlueScreenView to your desktop.
BlueScreenView
unzip downloaded file and double click on BlueScreenView.exe to run the program.
when scanning is done, go to EDIT - Select All
Go to FILE - SAVE Selected Items, and save the report as BSOD.txt
Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply.
***************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

descriptionsystem shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EmptyRe: system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele15th March 2012, 7:12 pm

more_horiz
i dont currenty have an Anti virus on this system, the one that was on here was wiped and when we turned on the computer it re-loaded the one that came with the computer that is expired.

descriptionsystem shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EmptyRe: system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele15th March 2012, 7:20 pm

more_horiz
confusing......cant figure out what i'm downloading, nothing on this page says BlueScreenView. please help.


Download BlueScreenView to your desktop.
BlueScreenView
unzip downloaded file and double click on BlueScreenView.exe to run the program.
when scanning is done, go to EDIT - Select All
Go to FILE - SAVE Selected Items, and save the report as BSOD.txt
Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply

descriptionsystem shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EmptyRe: system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele15th March 2012, 7:26 pm

more_horiz
ok got it but it says 0 crashes there is nothing to save

descriptionsystem shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EmptyRe: system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele15th March 2012, 8:46 pm

more_horiz
SysProt Antirootkit
could not get this to work, kept getting error:
Failed to start service. SysProt AntiRootkit needs to be run with Admin privileges.

there is only one user on this system.

descriptionsystem shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EmptyRe: system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele15th March 2012, 8:48 pm

more_horiz
Also should I try uninstalling he weatherbug application from control panel now that all of these scans have been done?

descriptionsystem shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EmptyRe: system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele15th March 2012, 10:47 pm

more_horiz
Please download and install a new AV from the list below. I prefer MSE(MicroSoft Security Essentials) because of it's lite-weight, no hassles features. Next uninstall McAfee from your computer. If you have trouble uninstalling it, please use this Removal tool.

McAfee Consumer Products Removal Tool - Use on McAfee, AOL distributions of McAfee, CA distributions of McAfee - McAfee Consumer Products Removal tool (MCPR.exe)
**************************************************
Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition
7) ThreatFire

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
***************************************************
Also should I try uninstalling he weatherbug application from control panel now that all of these scans have been done?

Yes, if you don't want it.

* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

descriptionsystem shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EmptyRe: system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele18th March 2012, 12:35 am

more_horiz
could not run program

* RootRepeal

kept getting errors.

descriptionsystem shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EmptyRe: system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele18th March 2012, 12:44 am

more_horiz
I used the control panel and deleted the Weatherbug, it did let me and is not showing now. What about all the programs you had me download and run? should I remove them also?

descriptionsystem shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EmptyRe: system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele18th March 2012, 1:02 am

more_horiz
What about all the programs you had me download and run? should I remove them also?

We'll deal with them when we're finished cleaning. I have a few more scans to do.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

descriptionsystem shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EmptyRe: system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele8th April 2012, 5:35 am

more_horiz
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-07 22:32:33
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.12.0
Running: gmer.exe; Driver: C:\Users\Kearsti\AppData\Local\Temp\kgliafob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A845D9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AA9092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[6976] ADVAPI32.dll!RegSetValueExA 76611B96 5 Bytes JMP 1015CC10 C:\Users\Kearsti\AppData\LocalLow\RawCoupon\tbRawC.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6976] ADVAPI32.dll!RegSetValueExW 76611C82 5 Bytes JMP 1015CCD0 C:\Users\Kearsti\AppData\LocalLow\RawCoupon\tbRawC.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6976] ADVAPI32.dll!RegSetValueW 7662FA72 5 Bytes JMP 1015CB50 C:\Users\Kearsti\AppData\LocalLow\RawCoupon\tbRawC.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6976] ADVAPI32.dll!RegSetValueA 7665F529 5 Bytes JMP 1015CA90 C:\Users\Kearsti\AppData\LocalLow\RawCoupon\tbRawC.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6976] USER32.dll!CreateDialogParamW 76819BFF 5 Bytes JMP 1015CEA0 C:\Users\Kearsti\AppData\LocalLow\RawCoupon\tbRawC.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6976] USER32.dll!EnableWindow 7681A72E 5 Bytes JMP 6A9A9A14 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6976] USER32.dll!CreateDialogParamA 76833E79 5 Bytes JMP 1015D020 C:\Users\Kearsti\AppData\LocalLow\RawCoupon\tbRawC.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6976] USER32.dll!DialogBoxIndirectParamW 76844AA7 5 Bytes JMP 6AAF6336 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6976] USER32.dll!TrackPopupMenu 76844B3B 5 Bytes JMP 1015C180 C:\Users\Kearsti\AppData\LocalLow\RawCoupon\tbRawC.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6976] USER32.dll!DialogBoxParamW 7684564A 5 Bytes JMP 1015D200 C:\Users\Kearsti\AppData\LocalLow\RawCoupon\tbRawC.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6976] USER32.dll!TrackPopupMenuEx 76845F72 5 Bytes JMP 1015C2E0 C:\Users\Kearsti\AppData\LocalLow\RawCoupon\tbRawC.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6976] USER32.dll!DialogBoxParamA 7685CF6A 5 Bytes JMP 1015D110 C:\Users\Kearsti\AppData\LocalLow\RawCoupon\tbRawC.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6976] USER32.dll!DialogBoxIndirectParamA 7685D29C 5 Bytes JMP 6AAF639B C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6976] USER32.dll!MessageBoxIndirectA 7686E8C9 5 Bytes JMP 6AAF6258 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6976] USER32.dll!MessageBoxIndirectW 7686E9C3 5 Bytes JMP 6AAF61DF C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6976] USER32.dll!MessageBoxExA 7686EA29 5 Bytes JMP 6AAF617B C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6976] USER32.dll!MessageBoxExW 7686EA4D 5 Bytes JMP 6AAF6117 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6976] USER32.dll!MessageBoxA 7686EA71 5 Bytes JMP 1015D380 C:\Users\Kearsti\AppData\LocalLow\RawCoupon\tbRawC.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6976] USER32.dll!MessageBoxW 7686EABF 5 Bytes JMP 1015D460 C:\Users\Kearsti\AppData\LocalLow\RawCoupon\tbRawC.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] kernel32.dll!CreateThread 76A8279D 5 Bytes JMP 6A967303 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] USER32.dll!EnableWindow 7681A72E 5 Bytes JMP 6A9A9A14 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] USER32.dll!GetAsyncKeyState 7681C09A 5 Bytes JMP 6A94DD8D C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] USER32.dll!UnhookWindowsHookEx 7681CC7B 5 Bytes JMP 6A9EEB00 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] USER32.dll!CallNextHookEx 7681CC8F 5 Bytes JMP 6A9C7BAF C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] USER32.dll!DefWindowProcA 7681E0E4 7 Bytes JMP 6A96952D C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] USER32.dll!CreateWindowExA 7681E18A 5 Bytes JMP 6A973363 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] USER32.dll!CreateWindowExW 76820E51 5 Bytes JMP 6A9CFF87 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] USER32.dll!SetWindowsHookExW 7682210A 5 Bytes JMP 6A9A2194 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] USER32.dll!GetKeyState 76824FDA 5 Bytes JMP 6A94DC67 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] USER32.dll!IsDialogMessageW 76826F06 5 Bytes JMP 6AAF6E05 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] USER32.dll!DefWindowProcW 7682724B 7 Bytes JMP 6A9C7C12 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] USER32.dll!IsDialogMessage 7683407A 5 Bytes JMP 6AAF6DDD C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] USER32.dll!CreateDialogIndirectParamA 76839110 5 Bytes JMP 6AAF66D8 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] USER32.dll!CreateDialogIndirectParamW 768408AD 5 Bytes JMP 6AAF6710 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] USER32.dll!DialogBoxIndirectParamW 76844AA7 5 Bytes JMP 6AAF6336 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] USER32.dll!EndDialog 7684555C 5 Bytes JMP 6AAF70B4 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] USER32.dll!SetKeyboardState 76846B52 5 Bytes JMP 6AAF76D1 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] USER32.dll!SendInput 76847055 5 Bytes JMP 6AAF7679 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] USER32.dll!SetCursorPos 7685C1D8 5 Bytes JMP 6AAF7752 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] USER32.dll!DialogBoxIndirectParamA 7685D29C 5 Bytes JMP 6AAF639B C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] USER32.dll!MessageBoxIndirectA 7686E8C9 5 Bytes JMP 6AAF6258 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] USER32.dll!MessageBoxIndirectW 7686E9C3 5 Bytes JMP 6AAF61DF C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] USER32.dll!MessageBoxExA 7686EA29 5 Bytes JMP 6AAF617B C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] USER32.dll!MessageBoxExW 7686EA4D 5 Bytes JMP 6AAF6117 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] USER32.dll!keybd_event 7686EC9B 5 Bytes JMP 6AAF7636 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] SHELL32.dll!SHChangeNotification_Lock + 45BA 76C2B3D8 4 Bytes [CF, 01, A4, 73]
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] SHELL32.dll!SHChangeNotification_Lock + 45C2 76C2B3E0 8 Bytes [E0, 61, A3, 73, 79, F7, A3, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[7264] ole32.dll!OleLoadFromStream 76295BF6 5 Bytes JMP 6AAF6B0F C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[352] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75C35E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[352] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75C35E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[352] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75C35E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[352] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75C35E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[352] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75C35E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\windows\system32\msiexec.exe[5704] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75C35E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\windows\system32\msiexec.exe[5704] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75C35E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\windows\system32\msiexec.exe[5704] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75C35E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\windows\system32\msiexec.exe[5704] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75C35E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\windows\system32\msiexec.exe[5704] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75C35E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [73A347BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [73A4029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [73A35EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [73A47F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [73A4F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\USER32.dll [KERNEL32.dll!FindClose] [73A4F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [73A507CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [73A4FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [73A35E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [73A4ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [73A347BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [73A34E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [73A363E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [73A4B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [73A35EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [73A36D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [73A4BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [73A4C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [73A4029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [73A34E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [73A347BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [73A363E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [73A34E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [73A4C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [73A4E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [73A4AA37] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [73A4ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [73A4B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [73A36D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [73A35EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [73A4FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [73A507CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [73A4939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [73A363E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [73A4029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [73A35F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [73A49229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [73A3F1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [73A347BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [73A35E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [73A40ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [73A4F2BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [73A4F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [73A5072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [73A4F9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [73A51542] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [73A51C5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [73A3FA79] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [73A51191] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [73A3F725] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [73A3FB25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [73A51095] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [73A51F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [73A512D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [73A50DFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [73A40178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [73A51B2E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [73A5194A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [73A519EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [73A51233] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [73A3F86E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [73A3F472] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [73A527C3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [73A5136E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [73A51284] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [73A50F4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [73A52769] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [73A3F9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [73A52937] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [73A37430] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [73A3F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [73A3E265] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [73A35D08] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [73A5140A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [73A51590] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [73A51F83] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [73A40123] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [73A5218A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [73A51BC6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [73A3FACB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [73A3FC0B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [73A52B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [73A52028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [73A50F9F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [73A34927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [73A50D47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [73A3FA2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [73A518A2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [73A51CAC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [73A5171C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [73A517B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [73A34984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [73A520D3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [73A48C1A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [73A4CB0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [73A4D6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [73A4D11F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [73A36D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [73A4C49D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [73A4B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [73A4B245] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [73A4A89F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [73A4E0C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [73A34E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [73A4ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [73A4A249] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [73A49AF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [73A4E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [73A4E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [73A49F4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [73A4BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [73A4A56D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [73A34E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [73A36D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [73A3F6D1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [73A51F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [73A52028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [73A52B05] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [73A52B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [73A40178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetUSValueA] [73A364C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [73A34CAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [73A34927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [73A34984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [73A36528] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [73A347BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [73A347BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7264] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [73A347BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\ACPI_HAL \Device\00000070 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Windows\assembly\NativeImages_v4.0.30319_32\indexde.dat 0 bytes
File C:\Windows\assembly\NativeImages_v4.0.30319_32\indexe0.dat 0 bytes
File C:\Windows\Microsoft.NET\ngenservice_pri3_lock.dat 0 bytes

---- EOF - GMER 1.0.15 ----

descriptionsystem shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EmptyRe: system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele8th April 2012, 6:20 pm

more_horiz
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EsetOnline button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EsetSmartInstall to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EsetSmartInstallDesktopIcon-1 icon on your desktop.

•Check system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EsetAcceptTerms
•Click the system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EsetStart button.
•Accept any security warnings from your browser.
•Check system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EsetScanArchives
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EsetListThreats
•Push system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EsetExport, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EsetBack button.
•Push system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EsetFinish
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

descriptionsystem shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele EmptyRe: system shut down,now looks liked wiped all but OS,Weatherbug on system,cant dele

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum