get-answers or www.easya-z.com

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Go down

get-answers or www.easya-z.com

Post by jonnieboy on Mon 19 Dec 2011, 12:08 am

Hi

When surfacing if I put something in the google toolbar and press search it takes me to get-answers or [You must be registered and logged in to see this link.] It as also took me to a couple of other sites but I can't remember which they are.

Regards jonnieboy Jon



jonnieboy

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2011-12-18
Operating System : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Mon 19 Dec 2011, 3:24 am

Having a problem with aswmbr cannot get it to open

jonnieboy

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2011-12-18
Operating System : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by houndmom on Mon 19 Dec 2011, 5:37 am

Hello, Welcome to GeekPolice!

I'm Houndmom and I will be helping you get your computer cleaned up.
Please note the following information about the malware forum:
* Only Tech Officers, Global Moderators, Administrators, Malware Advisors and Tech Advisors are allowed to give advice on removing malware from your computer.
* From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
* Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
* If you have already asked for help somewhere, please post the link to the topic you were helped.
* We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

Reply to this topic with the word BUMP, or
see [You must be registered and logged in to see this link.]

* Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Please stick with me in this topic until its close, and your computer is declared clean.

I am a student and need to get approval for each step. I appreciate your patience, and will return with the first step.

houndmom

Tech Advisor
Tech Advisor

Posts : 1053
Joined : 2010-04-28
Operating System : 7 ultimate

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Mon 19 Dec 2011, 5:42 am

didn't read post fully and understand sorry


Last edited by jonnieboy on Mon 19 Dec 2011, 7:01 pm; edited 1 time in total (Reason for editing : didn't read post fully and understand)

jonnieboy

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2011-12-18
Operating System : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by houndmom on Tue 20 Dec 2011, 10:25 am

That's fine. We can begin now.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

Second:

  • Download OTL.exe onto your desktop
  • Open the program by double clicking on OTL icon.


  • Copy the following quote box and Paste it in the Custom Scans/Fixes box as shown below..


    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Do not change any settings. Click the Run Scan button. OTL will now perform a scan, it won't take long.

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These files are saved at the same location as OTL.
  • Please copy and paste these results into your next post.




houndmom

Tech Advisor
Tech Advisor

Posts : 1053
Joined : 2010-04-28
Operating System : 7 ultimate

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Tue 20 Dec 2011, 7:14 pm

Malwarebytes' Anti-Malware 1.51.2.1300
[You must be registered and logged in to see this link.]

Database version: 8401

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

20/12/2011 08:08:23
mbam-log-2011-12-20 (08-08-23).txt

Scan type: Quick scan
Objects scanned: 185115
Time elapsed: 11 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jonnieboy

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2011-12-18
Operating System : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Tue 20 Dec 2011, 8:17 pm

OTL logfile created on: 12/18/2011 3:21:42 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jon\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.14 Gb Available Physical Memory | 7.89% Memory free
3.49 Gb Paging File | 1.15 Gb Available in Paging File | 32.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.22 Gb Total Space | 174.58 Gb Free Space | 79.64% Space Free | Partition Type: NTFS
Drive D: | 13.37 Gb Total Space | 2.22 Gb Free Space | 16.63% Space Free | Partition Type: NTFS

Computer Name: JON-PC | User Name: jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/18 15:21:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jon\Desktop\OTL.com
PRC - [2011/12/13 17:36:37 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
PRC - [2011/11/06 22:49:56 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/06/21 14:57:14 | 007,120,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/13 22:19:07 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/13 22:18:27 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/13 22:18:04 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/13 22:17:59 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/13 22:17:59 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011/10/13 22:17:28 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/13 22:17:11 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 22:17:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 22:17:03 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 22:16:20 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/15 18:29:59 | 000,098,872 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework.Logging\1.0.0.0__a5a013d267b3a679\HP.SupportFramework.Logging.dll
MOD - [2011/09/15 18:29:58 | 000,073,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportAssistant.Common\6.0.1.1__41bdec5abf54f6dc\HP.SupportAssistant.Common.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/21 18:57:42 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/20 13:21:42 | 000,016,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe -- (FCSAM)
SRV:64bit: - [2009/07/22 01:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/02 18:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/03/02 21:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/22 19:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/13 14:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/04/16 05:14:10 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 09:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/02 15:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/22 01:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/02 18:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/24 19:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 20:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 20:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 20:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 10:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/23 06:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/05 05:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 15:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/03/09 13:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {77f40091-495b-4c46-9068-2b24c4133157} - C:\Program Files (x86)\Messenger_Plus_Live_UK\tbMess.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {77f40091-495b-4c46-9068-2b24c4133157} - C:\Program Files (x86)\Messenger_Plus_Live_UK\tbMess.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/18 14:51:25 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Messenger Plus Live UK Toolbar) - {77f40091-495b-4c46-9068-2b24c4133157} - C:\Program Files (x86)\Messenger_Plus_Live_UK\tbMess.dll (Conduit Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live UK Toolbar) - {77f40091-495b-4c46-9068-2b24c4133157} - C:\Program Files (x86)\Messenger_Plus_Live_UK\tbMess.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live UK Toolbar) - {77F40091-495B-4C46-9068-2B24C4133157} - C:\Program Files (x86)\Messenger_Plus_Live_UK\tbMess.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} [You must be registered and logged in to see this link.] (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [You must be registered and logged in to see this link.] (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39917632-BF97-4E7D-97F2-CA9305ABBE63}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F421CA39-9852-40BA-852C-A83496C9B819}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

jonnieboy

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2011-12-18
Operating System : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Tue 20 Dec 2011, 8:18 pm

NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

MsConfig:64bit - StartUpFolder: C:^Users^jon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Easybits Recovery - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: HPADVISOR - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: Microsoft Forefront Client Security Antimalware Service - hkey= - key= - c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: PC Optimizer Pro - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: QlbCtrl.exe - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
MsConfig:64bit - StartUpReg: QPService - hkey= - key= - C:\Program Files (x86)\HP\QuickPlay\QPService.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
MsConfig:64bit - StartUpReg: SysTrayApp - hkey= - key= - C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UpdatePRCShortCut - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: Windows Mobile Device Center - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: WirelessAssistant - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Company)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: FCSAM - c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: FCSAM - c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)

jonnieboy

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2011-12-18
Operating System : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Tue 20 Dec 2011, 8:19 pm

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/18 15:20:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\jon\Desktop\OTL.com
[2011/12/18 15:04:04 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{B06BFB5A-45F4-4303-A880-FBF76E191340}
[2011/12/18 15:03:38 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{5B94A995-C8FD-45EA-9C34-46F66D564772}
[2011/12/18 08:35:17 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{8F1F0BBE-FF2D-4DEB-B584-5B7D506EB8DA}
[2011/12/18 08:35:02 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{ADB3E98A-9002-4B44-A8AA-7C8DEB56D023}
[2011/12/17 19:58:46 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{CDBEC91B-688B-4B7B-812D-CE1061A49306}
[2011/12/17 19:56:36 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{A3206A43-EA54-4CED-A7AC-486487C707BF}
[2011/12/17 12:48:09 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Roaming\Malwarebytes
[2011/12/17 12:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/17 07:55:56 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{DD66D6BA-EE78-495A-B846-3561E2A739C4}
[2011/12/17 07:55:46 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{CCA054FB-73B9-4001-B628-0FCF6D94DF71}
[2011/12/16 19:52:58 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{57345002-A66E-40EE-9E25-082790EB20FC}
[2011/12/16 19:52:01 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{EF2A0B93-D979-44F0-9438-609037D51312}
[2011/12/16 17:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/16 16:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/12/16 07:50:59 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{4BF2D94E-A6C3-40BF-AA8A-4BEB5B19FE41}
[2011/12/16 07:50:47 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{029ED588-8396-4882-B1CB-FE3B0CBC22DA}
[2011/12/15 19:49:35 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{B0575C17-91E6-485E-8B38-F5C3FFC8613C}
[2011/12/15 19:49:04 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{87C49397-5A68-4B9F-A871-0A1209F3DCD2}
[2011/12/15 08:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/12/15 07:48:24 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{63B8CEE1-63C4-4E0F-9BDE-61AEFAFC9074}
[2011/12/15 07:48:00 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{A49BFF0C-E205-45E4-A73A-B0A7397BC191}
[2011/12/13 17:59:44 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{863A8E29-4CB3-4F7C-9804-B249CD1184DC}
[2011/12/13 17:59:29 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{0825CC4C-E3D8-472F-92B3-B9642F2DE7BD}
[2011/12/13 17:37:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2011/12/13 17:36:57 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2011/12/13 17:36:41 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2011/12/13 17:36:41 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2011/12/13 17:36:40 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011/12/13 17:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/12/13 17:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/12/13 16:45:13 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{0DF0F546-8D63-4F07-895C-1AF9036A71A9}
[2011/12/13 16:45:02 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{975BCD31-1200-45A8-B746-AD1AA63A4056}
[2011/12/12 23:39:54 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
[2011/12/12 16:50:22 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{5C7A5847-B987-4BB7-A40B-534271E834F3}
[2011/12/12 16:50:11 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{5A4BD468-5EC9-401F-BF2F-0120E4A852A6}
[2011/12/11 20:24:33 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{C8382C8C-8568-4EA4-86D9-E357EC33CC2F}
[2011/12/11 20:24:22 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{B10B48B4-9BAE-4C71-B97E-14B54F6A084F}
[2011/12/11 08:23:49 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{75EB5DC4-BE1F-467A-B7BD-E55FADB51268}
[2011/12/11 08:23:37 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{FDDFCB82-BEC1-47AE-B634-2C749002C76D}
[2011/12/10 16:56:43 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{14F3F221-3D92-428E-BA1F-B0023C906BA7}
[2011/12/10 16:56:25 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{83431C49-6187-414F-AB77-748CD006F219}
[2011/12/10 05:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2011/12/10 05:59:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF
[2011/12/10 04:55:51 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{7AFA70E0-5D41-4596-A55C-CEA9E83F3CF9}
[2011/12/10 04:55:40 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{D5A6DB03-488C-4B35-AAFD-C9485007E623}
[2011/12/09 09:16:10 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{AF1971EB-F740-4478-B0BF-DBD6D2A3B6F3}
[2011/12/09 09:15:59 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{4D34B021-9A0C-489E-AB92-6EE705249F83}
[2011/12/08 21:15:28 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{81D52494-31F6-4758-8C8E-D7CD35BA7131}
[2011/12/08 21:15:17 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{E1D3D07A-CA90-48F9-BDC9-CD86F24E1862}
[2011/12/08 08:35:27 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{663E1277-0F31-44AD-A314-F54A41745436}
[2011/12/08 08:35:16 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{06307C1D-EC05-44FD-A77D-03A273BBC6A2}
[2011/12/07 11:28:17 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{06602827-1C33-489B-8816-7AD7683ABDE5}
[2011/12/07 11:28:06 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{A58660D4-9090-483D-ACA7-B7402A9A6C44}
[2011/12/06 23:27:36 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{D3D1E0EB-A3C9-47FA-AC73-200C9DF74235}
[2011/12/06 23:27:25 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{700C0E23-25E5-46A3-A689-78D07D366B9B}
[2011/12/06 10:31:27 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{0583D135-6A92-4091-AD9C-DCA5989A35EE}
[2011/12/06 10:31:16 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{B499EE98-808F-43E3-AF7B-C1D2CFB6639D}
[2011/12/05 20:43:26 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{270CB042-4B81-404A-BC5F-7AC3DF4ED80C}
[2011/12/05 20:40:19 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{C841A4A0-A2F4-494D-87FE-84517733B929}
[2011/12/05 08:39:49 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{71F7BD62-F436-47D8-B893-9AA108F0CBB8}
[2011/12/05 08:39:37 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{2FE2CEA2-521D-4C6D-91CF-DE15A4C415A9}
[2011/12/04 19:17:42 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{DF000240-B76B-4F83-9C36-65E227840326}
[2011/12/04 19:17:31 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{2C55B472-ABA7-488A-B6B3-AD2B45E1E2C1}
[2011/12/04 07:17:15 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{30E538D8-CC73-4B43-BAA4-53EA593ABEEB}
[2011/12/04 07:17:04 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{40F329B5-533D-420C-B73D-AAF596DAE7EE}
[2011/12/03 20:28:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Met Office Desktop Widget
[2011/12/03 18:51:55 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{7ADA6AA7-1C8A-45E4-9159-4D3522E2ED8F}
[2011/12/03 18:51:43 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{8E075C16-C1CA-4F35-8977-1DA4BE7675DC}
[2011/12/03 06:51:12 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{A383C437-011B-4141-9737-3DCC184857A5}
[2011/12/03 06:51:01 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{44ED1B6B-33E6-4144-BE02-AAF2C290D032}
[2011/12/02 15:33:26 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{4B1CE9B2-3504-45B2-A94C-AB29B1D5D5FC}
[2011/12/02 15:33:14 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{E6C97B38-5004-41B8-BC72-4097D8FEAAD5}
[2011/12/01 22:17:13 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{30C32184-3002-4580-8510-B87E220EB843}
[2011/12/01 22:17:01 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{6A9F7A1C-C5E1-4528-B151-01E8C924D863}
[2011/12/01 06:25:34 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{62CE2358-1465-4CC1-B331-5BB131A3C447}
[2011/12/01 06:25:24 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{0BB0A185-B19A-4655-B734-0FF7C8B28B67}
[2011/11/30 18:09:03 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{4C7A3F48-657A-40F4-8918-CDB98954EE6F}
[2011/11/30 18:08:52 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{67D06AF6-980D-4ED5-B2F1-7A49B5F95AA6}
[2011/11/30 06:08:23 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{0872C0BF-7C70-4A77-8CDC-7A170800BB8D}
[2011/11/30 06:08:12 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{C6FC555E-E04D-405F-9655-70DF7C7FE1DC}
[2011/11/29 16:48:42 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{047E836A-0554-4378-A0B9-D8E83CFE7176}
[2011/11/29 16:48:29 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{E1F173E0-341A-498E-8375-E9F5315D8FD8}
[2011/11/28 21:54:19 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{C7EC194A-247F-4747-BFA3-CCFBD22507B6}
[2011/11/28 21:54:07 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{B15F3D61-B8B6-4290-A6DF-28C9304BE3A3}
[2011/11/28 21:23:14 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{2C7CD7E0-28D2-4AAA-975A-C541FF78A8E8}
[2011/11/28 20:45:22 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{0E4A3E23-76BA-4611-A904-4903473CDF9F}
[2011/11/28 08:04:41 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{53CFB9D8-F5FD-4F56-8CFD-BBBFC73EB988}
[2011/11/28 08:04:28 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{17093D43-92A4-4AE4-BABC-9400DBA65AEC}
[2011/11/27 20:03:21 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{47596AA7-F38C-4085-8FBC-84B0667569D6}
[2011/11/27 20:03:09 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{9380C12A-A91A-45C9-BEBD-30A85422A71C}
[2011/11/27 08:02:38 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{93A69AA3-ABED-4B39-9FD6-71C17635BAB6}
[2011/11/27 08:02:27 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{BF5F641A-EE36-4621-9060-CC0B28C3247E}
[2011/11/26 20:01:58 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{973D6241-D68A-4A62-8E52-B5CD8C25FD2C}
[2011/11/26 20:01:43 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{5FD9E031-620F-4703-85BB-54FA5892A239}
[2011/11/26 07:59:35 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{79667194-165B-43AD-93CA-5BCE56864419}
[2011/11/26 07:59:23 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{38BF0332-050D-4A7B-8EF5-F8F83EA62F87}
[2011/11/25 23:30:02 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\Sothink
[2011/11/25 23:29:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SourceTec
[2011/11/25 19:58:53 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{432640B3-A922-4245-817A-52107A4E91DD}
[2011/11/25 19:58:42 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{0653ABC7-99FC-4EF3-A3DA-4E7C38CD0E53}
[2011/11/25 07:58:27 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{CAE73EC7-8207-4102-9E4F-299DC0A3B64D}
[2011/11/25 07:58:15 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{D94920ED-452B-401D-B8D3-E150D7440AB3}
[2011/11/24 20:30:56 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Roaming\PrimoPDF
[2011/11/24 20:30:37 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Roaming\Nitro PDF
[2011/11/24 20:30:17 | 000,028,976 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2011/11/24 20:30:17 | 000,017,200 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2011/11/24 20:30:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\Nitro PDF
[2011/11/24 20:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF
[2011/11/24 20:29:05 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Roaming\OpenCandy
[2011/11/24 20:29:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF
[2011/11/24 19:57:46 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{CFF4F793-A70F-46E4-819A-F52831239D17}
[2011/11/24 19:57:35 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{A0F0B1EF-7DC8-47C9-A073-C8523B2AAD9D}
[2011/11/24 18:32:19 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{77D4D9A1-8524-4DAD-A900-E5ABA49D5C95}
[2011/11/24 06:31:24 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{6C7B014B-21E0-467E-B8C0-8A35329CE8FD}
[2011/11/24 06:31:13 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{E218A85C-D176-4FD3-BBE1-8FA6422F28A2}
[2011/11/23 18:30:43 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{C532CE85-99E8-47EF-86A3-C0F51712DB00}
[2011/11/23 18:30:07 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{4435BC3F-70C9-443B-A207-723AA9537AE8}
[2011/11/23 06:29:34 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{C09468C2-62FA-4E1D-A59C-3A2971D73DE5}
[2011/11/23 06:29:10 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{0530BA9D-C9B6-4FC1-927B-0B2E6664679A}
[2011/11/22 17:56:08 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{B94049A1-37E7-4CA9-BF53-25B759B1955A}
[2011/11/22 17:55:56 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{E2D6B859-44AC-41B3-8616-E00FBCBD7EFA}
[2011/11/22 05:55:27 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{99A81EFC-AEC2-4694-B318-5641E69AEC3A}
[2011/11/22 05:55:14 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{54C1C1B6-CDBB-4EE6-AAA2-0F13880F85EB}
[2011/11/21 16:56:40 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{60E23CA2-6671-4C33-8743-390F26FD29CE}
[2011/11/21 16:56:28 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{386EA2FC-A0D6-407F-AB6C-4A872216D931}
[2011/11/20 19:44:14 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{EE2964D6-8C7E-4114-944B-4E397058B15A}
[2011/11/20 19:44:01 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{B4E0C470-101B-418A-9DDA-DF0A02FB7A2D}
[2011/11/20 07:43:34 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{57751E98-76EF-4CD7-823B-5EDD7BE6E14C}
[2011/11/20 07:43:23 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{E2384603-6EC3-44B9-9B62-98D04AF6C815}
[2011/11/19 19:03:05 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{8E76B888-ADBB-4A64-86BA-8BE01A6EE32C}
[2011/11/19 19:02:54 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{6DD9C1CF-BBC4-4302-AE85-0F7269D6B759}
[2011/11/19 07:02:25 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{22C7FEE8-34B6-4097-9237-20384D9CBE90}
[2011/11/19 07:02:13 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{5F9079F0-1CF5-414F-BBC2-887CDD0A196E}
[2011/11/18 18:29:22 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{33B73D6A-B1AD-4DF6-8BB0-1DD0D8413604}
[2011/11/18 18:29:10 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{2C488C56-B967-438C-9788-703DFA03F903}

========== Files - Modified Within 30 Days ==========

[2011/12/18 15:21:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jon\Desktop\OTL.com
[2011/12/18 15:13:41 | 000,000,476 | ---- | M] () -- C:\Users\jon\Desktop\Local Disk (C) - Shortcut.lnk
[2011/12/18 15:03:13 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/18 15:03:13 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/18 15:03:13 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/18 15:02:24 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/18 15:02:24 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/18 15:01:30 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/18 14:54:54 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/18 14:54:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/18 14:53:53 | 1406,296,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/13 17:37:36 | 000,001,912 | ---- | M] () -- C:\Users\Public\Desktop\Free Offers.lnk
[2011/12/13 17:37:36 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/12/13 17:36:57 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2011/12/13 17:36:41 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2011/12/13 17:36:41 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2011/12/13 17:36:40 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011/12/13 17:33:26 | 000,002,219 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/13 17:33:26 | 000,002,203 | ---- | M] () -- C:\Users\jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/12 23:41:39 | 000,000,448 | -H-- | M] () -- C:\ProgramData\sgSJjtJANLgitE
[2011/12/12 23:39:55 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~sgSJjtJANLgitE
[2011/12/12 23:39:55 | 000,000,224 | -H-- | M] () -- C:\ProgramData\~sgSJjtJANLgitEr
[2011/12/10 19:37:23 | 000,000,494 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for jon.job
[2011/12/10 06:02:33 | 000,033,983 | -H-- | M] () -- C:\Users\jon\Documents\club rules.pdf
[2011/12/10 05:59:58 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Nitro PDF Reader.lnk
[2011/12/10 05:58:52 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2011/12/10 05:58:44 | 000,000,326 | ---- | M] () -- C:\Windows\primopdf.ini
[2011/12/03 20:28:43 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\Met Office Desktop Widget.lnk
[2011/11/29 17:53:25 | 000,230,560 | -H-- | M] () -- C:\Users\jon\Documents\Sports Action Grant application form_tcm44-192242 rev 1.pdf
[2011/11/26 18:36:08 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForjon.job
[2011/11/24 20:32:34 | 000,084,061 | -H-- | M] () -- C:\Users\jon\Documents\2010-2011.pdf

========== Files Created - No Company Name ==========

[2011/12/18 15:13:40 | 000,000,476 | ---- | C] () -- C:\Users\jon\Desktop\Local Disk (C) - Shortcut.lnk
[2011/12/13 17:37:36 | 000,001,912 | ---- | C] () -- C:\Users\Public\Desktop\Free Offers.lnk
[2011/12/13 17:37:36 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/12/13 17:33:26 | 000,002,219 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/13 17:33:26 | 000,002,203 | ---- | C] () -- C:\Users\jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/12 23:39:55 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~sgSJjtJANLgitE
[2011/12/12 23:39:55 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~sgSJjtJANLgitEr
[2011/12/12 23:39:48 | 000,000,448 | -H-- | C] () -- C:\ProgramData\sgSJjtJANLgitE
[2011/12/10 06:02:19 | 000,033,983 | -H-- | C] () -- C:\Users\jon\Documents\club rules.pdf
[2011/12/10 05:59:58 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Reader 2.lnk
[2011/12/10 05:59:58 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\Nitro PDF Reader.lnk
[2011/12/03 20:28:43 | 000,001,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Met Office Desktop Widget.lnk
[2011/12/03 20:28:43 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\Met Office Desktop Widget.lnk
[2011/11/24 20:32:22 | 000,084,061 | -H-- | C] () -- C:\Users\jon\Documents\2010-2011.pdf
[2011/11/24 20:29:15 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2011/11/24 20:29:08 | 000,095,008 | ---- | C] () -- C:\Windows\SysNative\Primomonnt.dll
[2011/10/24 15:33:05 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/08/14 20:53:18 | 000,000,017 | -H-- | C] () -- C:\Users\jon\AppData\Local\resmon.resmoncfg
[2011/02/10 04:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2011/01/05 06:31:07 | 000,001,940 | ---- | C] () -- C:\Users\jon\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/12/23 08:26:15 | 000,001,854 | -H-- | C] () -- C:\Users\jon\AppData\Roaming\GhostObjGAFix.xml
[2010/02/13 21:39:31 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/02/13 21:39:31 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/02/13 21:39:31 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/02/13 21:39:31 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/02/13 21:39:31 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/02/13 21:39:31 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/02/13 21:39:31 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/02/13 21:39:31 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/02/13 21:39:31 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/02/13 21:39:31 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010/02/13 21:39:31 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/02/13 21:39:31 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/02/13 21:39:31 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/02/13 21:39:31 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/02/13 21:39:31 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/02/13 21:39:31 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010/02/13 21:39:31 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010/02/13 21:39:31 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/02/13 21:39:31 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/02/13 21:28:25 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2010/02/11 21:26:22 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/02/08 21:16:01 | 000,000,182 | -H-- | C] () -- C:\Users\jon\AppData\Roaming\wklnhst.dat
[2009/10/25 21:27:20 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/10/20 08:48:06 | 000,002,868 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/08/22 11:39:34 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2009/08/22 09:27:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/05/29 22:42:20 | 000,309,248 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2009/03/11 19:01:28 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\DirectCOM.dll
[2008/09/03 11:25:06 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\ddcvt.exe
[2005/06/07 07:05:43 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\zlibwapi.dll

jonnieboy

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2011-12-18
Operating System : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Tue 20 Dec 2011, 8:20 pm


========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2010/03/01 06:35:26 | 001,923,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\jon\install_flash_player.exe

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2011/12/03 20:28:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2009/10/20 08:25:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AMD
[2011/09/10 13:10:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ask.com
[2010/09/16 05:40:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Atheros
[2009/10/20 08:23:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2011/05/14 18:15:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2011/10/24 15:36:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Chrome
[2010/07/02 10:48:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco
[2011/12/18 14:51:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/02/11 09:58:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
[2009/10/20 08:50:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2010/09/25 18:14:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX
[2011/11/06 13:07:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Docudesk
[2011/11/10 19:27:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Driving Test Success - All Tests 2011 Edition
[2010/09/22 18:26:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EA SPORTS
[2010/02/13 21:43:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\epson
[2011/09/10 13:10:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FoxTabFLVPlayer
[2011/12/18 14:51:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2011/12/18 14:51:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2011/09/15 18:29:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2011/12/18 14:51:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hp
[2011/10/28 17:23:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
[2011/10/05 18:17:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iLivid
[2011/09/15 18:36:13 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/12/18 14:52:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2011/06/18 05:55:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010/02/11 09:58:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Messenger Plus! Live
[2010/02/11 09:58:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Messenger_Plus_Live_UK
[2011/12/03 20:28:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Met Office Desktop Widget
[2011/10/16 15:52:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2011/04/15 21:43:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Forefront
[2011/12/18 14:40:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2009/08/22 10:48:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
[2010/10/30 19:46:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SDKs
[2011/10/13 22:00:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2009/10/20 08:57:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/12/15 08:49:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/10/30 19:46:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2011/12/18 14:51:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/10/25 22:29:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/02/08 21:46:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2009/10/20 08:51:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\muvee Technologies
[2011/12/18 14:51:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nitro PDF
[2010/04/20 05:59:25 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
[2011/12/18 14:51:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Real
[2009/10/20 08:25:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2011/09/10 13:10:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SopCast
[2011/04/19 17:18:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Symantec
[2009/07/14 04:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/10/09 21:03:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Veetle
[2010/05/22 20:03:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Veoh Networks
[2009/07/14 05:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/10/05 13:25:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows iLivid Toolbar
[2011/07/16 15:44:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2011/06/15 15:30:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/06/15 15:30:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011/06/15 15:30:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2011/06/15 15:30:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/06/15 15:30:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar


< MD5 for: AGP440.SYS >
[2009/07/14 01:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 01:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 01:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 01:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: DISK.SYS >
[2009/07/14 01:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/14 01:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 01:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 01:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 13:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 13:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 12:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 12:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 01:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 01:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 06:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 06:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 06:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 06:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 06:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 06:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 13:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 13:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/13 23:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/13 23:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/13 23:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2011/06/13 23:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/11 15:10:30 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/11 15:10:30 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/11 15:10:30 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/05/11 15:10:34 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/05/11 15:10:34 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2011/06/13 23:52:23 | 001,011,768 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2011/06/13 23:52:23 | 001,011,768 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2011/06/13 23:52:23 | 001,011,768 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2011/06/13 23:52:23 | 001,011,768 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/11 15:10:22 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/11 15:10:22 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/11 15:10:22 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/05/11 15:10:34 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/05/11 15:10:34 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

jonnieboy

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2011-12-18
Operating System : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Tue 20 Dec 2011, 8:21 pm

OTL Extras logfile created on: 12/18/2011 3:21:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jon\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.14 Gb Available Physical Memory | 7.89% Memory free
3.49 Gb Paging File | 1.15 Gb Available in Paging File | 32.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.22 Gb Total Space | 174.58 Gb Free Space | 79.64% Space Free | Partition Type: NTFS
Drive D: | 13.37 Gb Total Space | 2.22 Gb Free Space | 16.63% Space Free | Partition Type: NTFS

Computer Name: JON-PC | User Name: jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{46AE421C-BF1B-4B62-BE0E-62FE09C6D5B5}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6C47240C-016E-03B5-D13E-AECAED09F2E3}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A22989EE-AE7A-42F8-A0C0-9C99CFB644FB}" = Microsoft Forefront Client Security Antimalware Service
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADEB3402-CFBD-00E2-0EE6-F6A3F1AFACF0}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D12CCBE2-1EC9-41EE-ABF2-D149D05FCE53}" = Nitro PDF Reader 2
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"EPSON Printer and Utilities" = EPSON Printer Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07E49BC1-24FF-4D7A-AC74-727BE95801AF}" = LightScribe System Software
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{09CC0D0E-061D-3C7B-3881-D2EB53A8AAFC}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26606D8F-3133-DBE2-8AF5-AB28F300860A}" = CCC Help Chinese Standard
"{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A5C7EED-1A45-C2B6-2E39-E58BD6955E1D}" = Met Office Desktop Widget
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33C17B75-EA9C-0687-9CED-03D92637B042}" = CCC Help Hungarian
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3FBDB7B8-7472-E895-2E5D-99D190B2D1B6}" = Catalyst Control Center InstallProxy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{546937C5-0529-333E-0D5E-FE3C53108806}" = CCC Help Japanese
"{55C70B62-5EF1-D527-7CAB-E50D8B3B4990}" = Catalyst Control Center Graphics Full New
"{577ED77E-25D9-1A76-4EF0-773B9C173758}" = CCC Help Portuguese
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DB4EA68-A509-D408-585C-C9D045FADF72}" = Catalyst Control Center Graphics Previews Vista
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D335F78-1F4F-7826-56DD-4F350EA6EADD}" = CCC Help Greek
"{6EF04EAE-0354-9919-E757-F1203E6F422B}" = CCC Help Italian
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{7028B245-30A2-BD8C-31B9-6008216FBDC2}" = CCC Help French
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779D3256-84D0-936F-18F9-A154DC85B4B4}" = Catalyst Control Center Localization All
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F4DA5B8-6884-47F2-AEBA-D9111E420C63}" = CCC Help Danish
"{7F9A8D27-A1B9-164F-FCB1-0B64C88629CF}" = CCC Help Norwegian
"{803263F7-8CAC-DC6D-3288-8128865A7472}" = CCC Help German
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC47AA0-5774-61FC-6A59-7E1C936DB753}" = ccc-core-static
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A28867B-109A-5BBF-85C0-FC1BAA98CA1C}" = CCC Help Russian
"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8BCC9E4-9036-3029-F2BC-AA73A62DA73D}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B5C746E6-D961-445C-3768-5B6FAF6A1A31}" = CCC Help Spanish
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{C0769946-2CF1-9E8D-009B-5C413B3F01D1}" = CCC Help Czech
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4F7EEE5-3D99-8552-7483-B2F412838B2A}" = Catalyst Control Center Graphics Previews Common
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D4C41D27-A2D5-94C6-1D08-3D470A12EAF0}" = CCC Help Swedish
"{D9D6A848-1BFD-592B-5F9D-0BA8692FDF0B}" = CCC Help Finnish
"{DCD91C2F-3A86-B328-59A0-5EED6190D983}" = Catalyst Control Center Graphics Full Existing
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5F5CAA5-84ED-DE41-40D0-8926FE7E5F4D}" = Catalyst Control Center Graphics Light
"{E6CE345D-BF83-1242-9E4D-3D60A5036D87}" = CCC Help English
"{EC155897-712F-5637-A5DA-6C7CE7CB5521}" = CCC Help Korean
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0580F64-44A1-C607-9364-887912B74F4D}" = CCC Help Thai
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F3F9A4E5-CD9F-4657-CF99-5CE3F7729909}" = Catalyst Control Center Core Implementation
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5B1D41A-05B9-98E2-C350-E69D4A444CB4}" = CCC Help Chinese Traditional
"{FCF0F615-6E70-B949-028F-88D32C55C2BC}" = CCC Help Dutch
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CX4300_5500_DX4400 manual" = CX4300_5500_DX4400 manual
"Driving Test Success - All Tests_is1" = Driving Test Success - All Tests 2011 Edition
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_UK Toolbar" = Messenger_Plus_Live_UK Toolbar
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"RealPlayer 15.0" = RealPlayer
"SopCast" = SopCast 3.3.2
"uk.gov.meto.pws.air" = Met Office Desktop Widget
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/13/2011 12:49:15 PM | Computer Name = jon-PC | Source = ESENT | ID = 488
Description = wlmail (3164) C:\Users\jon\AppData\Local\Microsoft\Windows Live Mail\Calendars\jon.storey@hotmail.co.uk\:
An attempt to create the file "C:\Users\jon\AppData\Local\Microsoft\Windows Live
Mail\Calendars\jon.storey@hotmail.co.uk\DBStore\WLCalendarStore.pat" failed with
system error 5 (0x00000005): "Access is denied. ". The create file operation will
fail with error -1032 (0xfffffbf8).

Error - 12/13/2011 12:49:15 PM | Computer Name = jon-PC | Source = ESENT | ID = 217
Description = wlmail (3164) C:\Users\jon\AppData\Local\Microsoft\Windows Live Mail\Calendars\jon.storey@hotmail.co.uk\:
Error (-1032) during backup of a database (file C:\Users\jon\AppData\Local\Microsoft\Windows
Live Mail\Calendars\jon.storey@hotmail.co.uk\DBStore\WLCalendarStore.edb). The
database will be unable to restore.

Error - 12/13/2011 12:49:15 PM | Computer Name = jon-PC | Source = ESENT | ID = 215
Description = wlmail (3164) C:\Users\jon\AppData\Local\Microsoft\Windows Live Mail\Calendars\jon.storey@hotmail.co.uk\:
The backup has been stopped because it was halted by the client or the connection
with the client failed.

Error - 12/13/2011 12:49:38 PM | Computer Name = jon-PC | Source = ESENT | ID = 488
Description = wlcomm (2788) C:\Users\jon\AppData\Local\Microsoft\Windows Live\Contacts\jon.storey@hotmail.co.uk\15.4\:
An attempt to create the file "C:\Users\jon\AppData\Local\Microsoft\Windows Live\Contacts\jon.storey@hotmail.co.uk\15.4\DBStore\contacts.pat"
failed with system error 5 (0x00000005): "Access is denied. ". The create file
operation will fail with error -1032 (0xfffffbf8).

Error - 12/13/2011 12:49:38 PM | Computer Name = jon-PC | Source = ESENT | ID = 217
Description = wlcomm (2788) C:\Users\jon\AppData\Local\Microsoft\Windows Live\Contacts\jon.storey@hotmail.co.uk\15.4\:
Error (-1032) during backup of a database (file C:\Users\jon\AppData\Local\Microsoft\Windows
Live\Contacts\jon.storey@hotmail.co.uk\15.4\DBStore\contacts.edb). The database
will be unable to restore.

Error - 12/13/2011 12:49:38 PM | Computer Name = jon-PC | Source = ESENT | ID = 215
Description = wlcomm (2788) C:\Users\jon\AppData\Local\Microsoft\Windows Live\Contacts\jon.storey@hotmail.co.uk\15.4\:
The backup has been stopped because it was halted by the client or the connection
with the client failed.

Error - 12/15/2011 12:54:02 PM | Computer Name = jon-PC | Source = Application Error | ID = 1000
Description = Faulting application name: GoogleToolbarUser_32.exe, version: 7.2.2318.1946,
time stamp: 0x4ec6bd6a Faulting module name: GoogleToolbarDynamic_32_9F5D286_unloaded,
version: 0.0.0.0, time stamp: 0x4ec6b9ba Exception code: 0xc0000005 Fault offset:
0x635e33ca Faulting process id: 0x1188 Faulting application start time: 0x01ccbb487e225dc0
Faulting
application path: C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
Faulting
module path: GoogleToolbarDynamic_32_9F5D286 Report Id: 6383fa7d-273d-11e1-abce-00269eaa85c2

Error - 12/16/2011 1:19:50 PM | Computer Name = jon-PC | Source = MsiInstaller | ID = 11730
Description =

Error - 12/17/2011 3:36:54 PM | Computer Name = jon-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary szkg5. System Error: The system cannot find the file specified. .

Error - 12/18/2011 11:19:18 AM | Computer Name = jon-PC | Source = Application Hang | ID = 1002
Description = The program HPSF.exe version 6.0.5.4 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 5f8 Start Time:
01ccbd965e7baf67 Termination Time: 738 Application Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\HPSF.exe Report Id: 507ea7f8-298b-11e1-8234-964ce5464faa

[ Hewlett-Packard Events ]
Error - 7/14/2011 2:47:05 PM | Computer Name = jon-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071114074656.xml
File not created by asset agent

Error - 7/21/2011 3:18:43 PM | Computer Name = jon-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071121081835.xml
File not created by asset agent

Error - 8/11/2011 3:19:32 PM | Computer Name = jon-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081111081921.xml
File not created by asset agent

Error - 9/1/2011 2:44:53 PM | Computer Name = jon-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091101074442.xml
File not created by asset agent

Error - 9/22/2011 1:09:07 PM | Computer Name = jon-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/0040a9f1_59e0_488e_8177_40696fd4fdb4/efkmpryy9bru8ytwrlkm85rj_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1788 Ram Utilization: 50 TargetSite: Void UpdateDetail(System.String)

Error - 10/20/2011 1:06:27 PM | Computer Name = jon-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146232828 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSFConfigReader.ConfigHelper.loadXML() at HPSFConfigReader.ConfigHelper..ctor()

at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Message: Exception has been thrown by the target of an invocation. StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSFConfigReader.ConfigHelper.loadXML() at HPSFConfigReader.ConfigHelper..ctor()

at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Source: mscorlib InnerException.Message: Could not find file 'C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\Resources\Translations\en-US\localize_en-US.xml'.

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 1788 Ram Utilization: 60 TargetSite: System.Object
CreateInstance(System.RuntimeType, Boolean, Boolean, Boolean ByRef, System.RuntimeMethodHandle
ByRef, Boolean ByRef)

Error - 12/8/2011 2:46:12 PM | Computer Name = jon-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/c71b7dad_8db5_4fb4_974b_2d32ff057455/ogicmspsnhmq6qri+e7ugoi__5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1788 Ram Utilization: 50 TargetSite: Void UpdateDetail(System.String)

Error - 12/15/2011 2:16:14 PM | Computer Name = jon-PC | Source = hpsa_service.exe | ID = 2000
Description =

Error - 12/15/2011 2:18:40 PM | Computer Name = jon-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 12/15/2011 2:18:40 PM | Computer Name = jon-PC | Source = HPSF.exe | ID = 4000
Description =

[ Media Center Events ]
Error - 11/21/2011 2:29:55 AM | Computer Name = jon-PC | Source = MCUpdate | ID = 0
Description = 06:29:54 - Error connecting to the internet. 06:29:54 - Unable
to contact server..

Error - 11/21/2011 2:30:30 AM | Computer Name = jon-PC | Source = MCUpdate | ID = 0
Description = 06:30:24 - Error connecting to the internet. 06:30:24 - Unable
to contact server..

Error - 11/21/2011 8:00:58 AM | Computer Name = jon-PC | Source = MCUpdate | ID = 0
Description = 12:00:58 - Failed to retrieve Directory (Error: The remote name could
not be resolved: 'data.tvdownload.microsoft.com')

Error - 11/21/2011 8:01:34 AM | Computer Name = jon-PC | Source = MCUpdate | ID = 0
Description = 12:01:27 - Error connecting to the internet. 12:01:27 - Unable
to contact server..

Error - 11/30/2011 2:00:35 AM | Computer Name = jon-PC | Source = MCUpdate | ID = 0
Description = 06:00:35 - Error connecting to the internet. 06:00:35 - Unable
to contact server..

Error - 11/30/2011 2:00:53 AM | Computer Name = jon-PC | Source = MCUpdate | ID = 0
Description = 06:00:41 - Error connecting to the internet. 06:00:41 - Unable
to contact server..

Error - 12/6/2011 1:31:42 AM | Computer Name = jon-PC | Source = MCUpdate | ID = 0
Description = 05:31:42 - Error connecting to the internet. 05:31:42 - Unable
to contact server..

Error - 12/6/2011 1:32:29 AM | Computer Name = jon-PC | Source = MCUpdate | ID = 0
Description = 05:32:21 - Error connecting to the internet. 05:32:21 - Unable
to contact server..

Error - 12/8/2011 9:12:38 PM | Computer Name = jon-PC | Source = MCUpdate | ID = 0
Description = 01:12:17 - Failed to retrieve MCEClientUX (Error: Unable to connect
to the remote server)

Error - 12/8/2011 9:12:46 PM | Computer Name = jon-PC | Source = MCUpdate | ID = 0
Description = 01:12:38 - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

[ OSession Events ]
Error - 10/24/2011 1:28:46 PM | Computer Name = jon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2795
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/17/2011 5:53:20 AM | Computer Name = jon-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 09:51:50 on ?17/?12/?2011 was unexpected.

Error - 12/17/2011 7:50:45 AM | Computer Name = jon-PC | Source = Service Control Manager | ID = 7034
Description = The Easybits Shared Services for Windows service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/17/2011 8:11:18 AM | Computer Name = jon-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HP
Support Assistant Service service to connect.

Error - 12/17/2011 8:11:18 AM | Computer Name = jon-PC | Source = Service Control Manager | ID = 7000
Description = The HP Support Assistant Service service failed to start due to the
following error: %%1053

Error - 12/17/2011 8:33:07 AM | Computer Name = jon-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the szserver service.

Error - 12/17/2011 3:36:46 PM | Computer Name = jon-PC | Source = DCOM | ID = 10010
Description =

Error - 12/18/2011 4:26:28 AM | Computer Name = jon-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 12/18/2011 7:10:19 AM | Computer Name = jon-PC | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 12/18/2011 7:10:26 AM | Computer Name = jon-PC | Source = bowser | ID = 8003
Description =

Error - 12/18/2011 10:54:32 AM | Computer Name = jon-PC | Source = FCSAM | ID = 2004
Description = %%830 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%825

Error
Code: 0x8050a001 Error description: The program can't find definition files that
help detect unwanted software. Check for updates to the definition files, and then
try again. For information on installing updates, see Help and Support. Signatures
loading: %%826 Loading signature version: 1.117.1260.0;1.117.1260.0 Loading engine
version: 1.1.7903.0


< End of report >

jonnieboy

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2011-12-18
Operating System : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by houndmom on Fri 23 Dec 2011, 5:33 am

Sorry for the wait!!
Please run OTL.exe.


Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


Code:
 :killall
    :otl
    O4 - HKLM..\Run: [] File not found
    :files
    C:\Program Files (x86)\Ask.com
    C:\Program Files (x86)\Free Offers from Freeze.com
    :commands
    [reboot]
Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

Then:

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


houndmom

Tech Advisor
Tech Advisor

Posts : 1053
Joined : 2010-04-28
Operating System : 7 ultimate

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Fri 23 Dec 2011, 6:40 am

Error: Unable to interpret <:killall> in the current context!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
File boot] not found.

OTL by OldTimer - Version 3.2.31.0 log created on 12222011_193853

jonnieboy

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2011-12-18
Operating System : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Fri 23 Dec 2011, 9:17 am

ComboFix 11-12-22.04 - jon 22/12/2011 20:05:55.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1788.537 [GMT 0:00]
Running from: c:\users\jon\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~sgSJjtJANLgitE
c:\programdata\~sgSJjtJANLgitEr
c:\programdata\sgSJjtJANLgitE
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{2F3E1802-7078-4D9D-847E-F5D7CAE24E83}\Setup.exe
c:\users\jon\AppData\Local\assembly\tmp
c:\windows\Fonts\ftrabd__.ttf
c:\windows\Fonts\ftrabk__.ttf
c:\windows\Fonts\ftrabki_.ttf
c:\windows\Fonts\ftrahv__.ttf
c:\windows\Fonts\ftralt__.ttf
c:\windows\Fonts\ftramd__.ttf
c:\windows\system32\java.exe
c:\windows\SysWow64\csftxctl.ocx
c:\windows\SysWow64\zlibwapi.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-11-22 to 2011-12-22 )))))))))))))))))))))))))))))))
.
.
2011-12-22 20:58 . 2011-12-22 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-22 19:38 . 2011-12-22 19:38 -------- d-----w- C:\_OTL
2011-12-22 15:26 . 2011-12-22 15:26 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2011-12-22 09:19 . 2011-12-22 09:19 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-12-22 09:18 . 2011-12-22 09:19 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-20 07:55 . 2011-12-20 07:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-18 15:40 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-18 15:38 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-18 15:38 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-18 15:38 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-18 15:35 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-18 15:35 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-17 12:48 . 2011-12-17 12:48 -------- d-----w- c:\users\jon\AppData\Roaming\Malwarebytes
2011-12-17 12:47 . 2011-12-17 12:47 -------- d-----w- c:\programdata\Malwarebytes
2011-12-16 17:18 . 2011-12-18 11:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-16 16:27 . 2011-12-16 17:08 -------- d-----w- c:\programdata\PC Tools
2011-12-15 08:49 . 2011-12-15 08:49 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-12-13 17:37 . 2011-12-18 14:51 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-12-13 17:36 . 2011-12-13 17:36 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-12-13 17:36 . 2011-12-13 17:36 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-11-25 23:30 . 2011-11-25 23:30 -------- d--h--w- c:\users\jon\AppData\Local\Sothink
2011-11-25 23:29 . 2011-11-25 23:31 -------- d-----w- c:\program files (x86)\Common Files\SourceTec
2011-11-24 20:30 . 2011-12-10 05:54 -------- d--h--w- c:\users\jon\AppData\Roaming\PrimoPDF
2011-11-24 20:30 . 2011-12-20 09:55 -------- d--h--w- c:\users\jon\AppData\Roaming\Nitro PDF
2011-11-24 20:30 . 2011-06-21 18:56 17200 ----a-w- c:\windows\system32\nitrolocalui2.dll
2011-11-24 20:30 . 2011-06-21 18:56 28976 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2011-11-24 20:30 . 2011-11-24 20:30 -------- d--h--w- c:\programdata\Nitro PDF
2011-11-24 20:29 . 2011-02-28 22:37 95008 ----a-w- c:\windows\system32\Primomonnt.dll
2011-11-24 20:29 . 2011-12-18 14:52 -------- d-----w- c:\users\jon\AppData\Roaming\OpenCandy
2011-11-24 20:29 . 2011-12-22 15:24 -------- d-----w- c:\program files (x86)\Nitro PDF
.
.
.

jonnieboy

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2011-12-18
Operating System : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Fri 23 Dec 2011, 9:18 am

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-22 21:05 . 2011-12-22 09:20 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B3C2C27-06E5-4679-AFC7-B15D81E22F9E}\offreg.dll
2011-12-22 09:37 . 2011-12-22 09:37 35664 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B3C2C27-06E5-4679-AFC7-B15D81E22F9E}\MpKslc4e98500.sys
2011-12-22 09:20 . 2011-12-22 09:21 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6BB5735B-F8CA-42B5-8A1F-7932C81F9ECC}\gapaengine.dll
2011-12-09 07:03 . 2011-10-13 16:41 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-12-09 07:03 . 2011-10-13 16:40 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-12-06 06:33 . 2010-02-09 02:33 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-12-06 06:33 . 2011-11-21 13:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-12-06 06:33 . 2010-02-09 02:32 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-04 07:15 . 2011-10-13 16:40 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-21 03:40 . 2011-12-22 09:20 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B3C2C27-06E5-4679-AFC7-B15D81E22F9E}\mpengine.dll
2011-11-15 06:16 . 2011-08-13 05:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-29 16:29 . 2011-11-08 22:55 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{77f40091-495b-4c46-9068-2b24c4133157}"= "c:\program files (x86)\Messenger_Plus_Live_UK\tbMess.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{77f40091-495b-4c46-9068-2b24c4133157}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{77f40091-495b-4c46-9068-2b24c4133157}]
2009-12-31 11:53 2349080 ----a-w- c:\program files (x86)\Messenger_Plus_Live_UK\tbMess.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{77f40091-495b-4c46-9068-2b24c4133157}"= "c:\program files (x86)\Messenger_Plus_Live_UK\tbMess.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{77f40091-495b-4c46-9068-2b24c4133157}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-12-13 296056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 135664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 MpKslc4e98500;MpKslc4e98500;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B3C2C27-06E5-4679-AFC7-B15D81E22F9E}\MpKslc4e98500.sys [2011-12-22 35664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 12:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 02:15]
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 02:15]
.
2011-11-26 c:\windows\Tasks\HPCeeScheduleForjon.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uLocal Page = c:\windows\system32\blank.htm
mStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
WebBrowser-{77F40091-495B-4C46-9068-2B24C4133157} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.

jonnieboy

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2011-12-18
Operating System : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Fri 23 Dec 2011, 9:19 am

--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2011-12-22 21:37:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-22 21:37
.
Pre-Run: 187,295,875,072 bytes free
Post-Run: 188,834,516,992 bytes free
.
- - End Of File - - 97BF837EA8BAB1AB4A91BAA9103098E9

jonnieboy

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2011-12-18
Operating System : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by houndmom on Wed 28 Dec 2011, 9:02 am

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Killall::
    Reglock::
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


How's your computer running?

houndmom

Tech Advisor
Tech Advisor

Posts : 1053
Joined : 2010-04-28
Operating System : 7 ultimate

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Wed 28 Dec 2011, 9:22 am

Hi its seems to getting worse

Killall::
Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]


jonnieboy

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2011-12-18
Operating System : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Wed 28 Dec 2011, 9:25 am

When i mixed the files that was the result

jonnieboy

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2011-12-18
Operating System : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Wed 28 Dec 2011, 11:53 am

Hi

Downloaded combofix.exe again then followed instructions

jonnieboy

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2011-12-18
Operating System : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Wed 28 Dec 2011, 10:35 pm

Hi

Surfed for a good hour with no redirection. Then worked on Microsoft Word, after 10 minutes got a small pop up in chinese for Facebook. Cancelled it. 10 minutes later went back online to copy the work I done on Microsoft Word onto Sport England website and got redirected to [You must be registered and logged in to see this link.] Don;t know if this helps or hinders.

Jonnieboy

jonnieboy

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2011-12-18
Operating System : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by houndmom on Fri 30 Dec 2011, 1:49 am

Command switches used :: c:\users\jon\Desktop\CFScript.txt - Shortcut.lnk
When you ran Combofix, it was run from your downloads file. You need to open your downloads file and either copy/paste or save to desktop the Combofix file .
Using the shortcut.Ink will not allow the step to work. This is why the fix was not applied and the symptoms are getting worse.
After you get the above step completed we need to run it again.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Killall::
    Reglock::
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)



  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


houndmom

Tech Advisor
Tech Advisor

Posts : 1053
Joined : 2010-04-28
Operating System : 7 ultimate

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Fri 30 Dec 2011, 5:32 am

ComboFix 11-12-29.04 - jon 29/12/2011 16:35:57.3.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1788.394 [GMT 0:00]
Running from: c:\users\jon\Desktop\Combofix.exe
Command switches used :: c:\users\jon\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
.
.
2011-12-29 17:25 . 2011-12-29 17:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-29 16:08 . 2011-12-29 16:08 -------- d-----w- C:\Commy
2011-12-29 15:39 . 2011-12-29 17:28 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D290CF2F-8303-470F-924D-3FFA03CB143F}\offreg.dll
2011-12-29 10:21 . 2011-11-30 02:21 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D290CF2F-8303-470F-924D-3FFA03CB143F}\mpengine.dll
2011-12-28 10:49 . 2011-12-28 10:49 -------- d-----w- c:\program files (x86)\Microsoft ActiveSync
2011-12-28 09:11 . 2011-11-30 02:21 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-27 10:23 . 2011-11-15 14:29 222080 ------w- c:\windows\SysWow64\MpSigStub.exe
2011-12-27 09:07 . 2011-10-04 17:22 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A073D7A2-AFC5-424B-AB80-3FD54D201B3E}\gapaengine.dll
2011-12-27 09:04 . 2011-12-27 09:04 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FEE13CF-3F18-4747-B7E9-D80D37F6C9D3}\offreg.dll
2011-12-27 09:04 . 2011-11-30 02:21 8822856 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FEE13CF-3F18-4747-B7E9-D80D37F6C9D3}\mpengine.dll
2011-12-27 09:02 . 2011-12-27 09:02 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-12-27 09:01 . 2011-12-27 09:02 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-27 08:50 . 2011-12-27 08:50 -------- d--h--w- c:\programdata\Common Files
2011-12-27 08:49 . 2011-12-27 08:50 -------- d-----w- c:\programdata\MFAData
2011-12-26 11:42 . 2011-12-27 08:57 -------- dc----w- c:\programdata\{B49A644A-1076-4A3D-B124-DAA7862F2318}
2011-12-24 08:06 . 2011-12-24 08:49 -------- d-----w- c:\program files (x86)\PC Tools Security
2011-12-24 08:06 . 2011-12-24 08:08 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-12-24 08:06 . 2011-12-24 08:06 -------- d-----w- c:\users\jon\AppData\Roaming\PC Tools
2011-12-24 07:54 . 2011-12-24 07:54 -------- d-----w- c:\users\jon\AppData\Roaming\TestApp
2011-12-22 19:38 . 2011-12-22 19:38 -------- d-----w- C:\_OTL
2011-12-22 15:26 . 2011-12-22 15:26 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2011-12-22 08:31 . 2011-12-22 08:31 69000 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{A9E6196A-885A-4FFA-923F-BC6DD39B1FB2}\offreg.dll
2011-12-21 08:32 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{A9E6196A-885A-4FFA-923F-BC6DD39B1FB2}\mpengine.dll
2011-12-20 11:57 . 2011-12-24 08:49 -------- d-----w- c:\program files (x86)\Sky Broadband
2011-12-20 07:55 . 2011-12-20 07:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-18 15:40 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-18 15:38 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-18 15:38 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-18 15:38 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-18 15:35 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-18 15:35 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-17 12:48 . 2011-12-17 12:48 -------- d-----w- c:\users\jon\AppData\Roaming\Malwarebytes
2011-12-17 12:47 . 2011-12-17 12:47 -------- d-----w- c:\programdata\Malwarebytes
2011-12-16 17:18 . 2011-12-18 11:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-16 16:27 . 2011-12-24 08:06 -------- d-----w- c:\programdata\PC Tools
2011-12-15 08:49 . 2011-12-15 08:49 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-12-13 17:37 . 2011-12-18 14:51 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-12-13 17:36 . 2011-12-13 17:36 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-12-13 17:36 . 2011-12-13 17:36 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-12-10 05:59 . 2011-12-24 08:50 -------- d-----w- c:\program files\Common Files\Nitro PDF
2011-12-10 05:59 . 2011-12-24 08:49 -------- d-----w- c:\program files (x86)\Common Files\Nitro PDF
2011-12-03 20:28 . 2011-12-24 08:49 -------- d-----w- c:\program files (x86)\Met Office Desktop Widget
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-09 07:03 . 2011-10-13 16:41 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-12-09 07:03 . 2011-10-13 16:40 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-12-06 06:33 . 2010-02-09 02:33 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-12-06 06:33 . 2011-11-21 13:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-12-06 06:33 . 2010-02-09 02:32 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-04 07:15 . 2011-10-13 16:40 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-21 11:40 . 2011-04-16 06:57 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-15 14:29 . 2010-04-10 17:57 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-15 06:16 . 2011-08-13 05:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 05:54 . 2010-12-24 21:23 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-27_23.52.09 )))))))))))))))))))))))))))))))))))))))))
.

jonnieboy

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2011-12-18
Operating System : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Fri 30 Dec 2011, 5:33 am

.
+ 1998-06-17 18:08 . 1998-06-17 18:08 53248 c:\windows\SysWOW64\MFC42ENU.DLL
+ 1998-03-26 00:00 . 1998-03-26 00:00 38160 c:\windows\SysWOW64\MAPISRVR.EXE
+ 2001-01-22 03:25 . 2001-01-22 03:25 32768 c:\windows\SysWOW64\ATHPRXY.DLL
+ 2009-08-22 09:34 . 2011-12-29 17:30 72724 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-29 17:30 67538 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-09 01:58 . 2011-12-29 17:30 18196 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3587992434-3900482413-3266186353-1001_UserData.bin
- 2009-10-20 08:42 . 2011-12-27 19:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-20 08:42 . 2011-12-28 19:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-20 08:42 . 2011-12-27 19:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-20 08:42 . 2011-12-28 19:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-28 19:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-27 19:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-09 01:54 . 2011-12-29 08:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-09 01:54 . 2011-12-15 15:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-09 01:54 . 2011-12-29 08:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-09 01:54 . 2011-12-10 09:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-22 10:48 . 2011-12-29 11:31 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-08-22 10:48 . 2011-12-27 11:00 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-08-22 10:48 . 2011-12-29 11:31 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-08-22 10:48 . 2011-12-27 11:00 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-08-22 10:48 . 2011-12-27 11:00 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-08-22 10:48 . 2011-12-29 11:31 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-12-28 10:49 . 2011-12-29 09:17 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2011-12-28 10:49 . 2011-12-29 09:17 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2011-12-28 10:49 . 2011-12-29 09:17 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2011-12-28 10:49 . 2011-12-29 09:17 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2011-12-28 10:49 . 2011-12-29 09:17 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2011-12-28 10:49 . 2011-12-29 09:17 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2011-12-28 10:49 . 2011-12-29 09:17 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2009-07-14 05:38 . 2011-12-29 17:28 67584 c:\windows\bootstat(522).dat
- 2009-07-14 05:38 . 2011-12-27 23:49 67584 c:\windows\bootstat(522).dat
- 2011-12-27 23:50 . 2011-12-27 23:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-29 17:28 . 2011-12-29 17:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-29 17:28 . 2011-12-29 17:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-27 23:50 . 2011-12-27 23:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-28 10:49 . 2011-12-29 09:17 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2011-12-28 10:49 . 2011-12-29 09:17 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2011-12-28 10:49 . 2011-12-29 09:17 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2000-04-03 17:52 . 2000-04-03 17:52 151552 c:\windows\SysWOW64\RDOCURS.DLL
+ 1998-12-08 18:53 . 1998-12-08 18:53 212480 c:\windows\SysWOW64\PCDLIB32.DLL
+ 2000-05-11 13:06 . 2000-05-11 13:06 397312 c:\windows\SysWOW64\MSRDO20.DLL
+ 1998-10-01 12:00 . 1998-10-01 12:00 520128 c:\windows\SysWOW64\MAPI.DLL
+ 2010-02-09 15:56 . 2011-12-29 15:08 124446 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-12-29 16:20 632742 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-27 11:13 632742 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-29 16:20 632742 c:\windows\system32\perfh009(7767).dat
- 2009-07-14 02:36 . 2011-12-27 11:13 632742 c:\windows\system32\perfh009(7767).dat
- 2009-07-14 02:36 . 2011-12-27 11:13 114702 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-12-29 16:20 114702 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-12-27 11:13 114702 c:\windows\system32\perfc009(7763).dat
+ 2009-07-14 02:36 . 2011-12-29 16:20 114702 c:\windows\system32\perfc009(7763).dat
+ 2009-07-14 04:45 . 2011-12-29 15:39 374264 c:\windows\system32\FNTCACHE.DAT
- 2010-03-08 20:29 . 2011-12-10 09:56 262144 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-03-08 20:29 . 2011-12-29 08:49 262144 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2011-12-29 17:27 325424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-08-22 10:48 . 2011-12-27 11:00 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-08-22 10:48 . 2011-12-29 11:31 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-08-22 10:48 . 2011-12-27 11:00 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-08-22 10:48 . 2011-12-29 11:31 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-08-22 10:48 . 2011-12-29 11:31 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-08-22 10:48 . 2011-12-27 11:00 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-08-22 10:48 . 2011-12-27 11:00 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-08-22 10:48 . 2011-12-29 11:31 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-12-28 10:49 . 2011-12-29 09:17 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2011-12-28 10:49 . 2011-12-29 09:17 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2011-12-29 11:30 . 2011-12-29 11:30 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2011-12-27 10:58 . 2011-12-27 10:58 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2011-05-24 19:00 . 2011-12-28 22:26 2206192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3587992434-3900482413-3266186353-1001-12288.dat
+ 2001-03-01 23:38 . 2001-03-01 23:38 3485184 c:\windows\Installer\646d5c.msi
- 2009-08-22 10:48 . 2011-12-27 11:00 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-08-22 10:48 . 2011-12-29 11:31 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-10-22 21:20 . 2011-12-29 17:27 23979448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3587992434-3900482413-3266186353-1001-8192.dat
+ 2004-01-30 03:19 . 2004-01-30 03:19 56269996 c:\windows\Installer\9fb71.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-12-13 296056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

jonnieboy

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2011-12-18
Operating System : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Fri 30 Dec 2011, 5:33 am

.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 135664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 12:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 02:15]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 02:15]
.
2011-12-27 c:\windows\Tasks\HPCeeScheduleForjon.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uLocal Page = c:\windows\system32\blank.htm
mStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2011-12-29 17:55:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-29 17:55
.
Pre-Run: 190,699,151,360 bytes free
Post-Run: 190,785,257,472 bytes free
.
- - End Of File - - FFDAD7CA52A83C9E68FC0FD086864EEE

jonnieboy

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2011-12-18
Operating System : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by Sponsored content Today at 4:16 pm


Sponsored content


Back to top Go down

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum