Constant Malware that won't stop.

jeffce · November 30, 2012

Thanks for reopening this LDTate.

Ellissa · November 30, 2012

Thanks! Yeah, so I'm noticing I'm still getting infected objects. I don't understand why they just keep on returning like every day! ): And it seems to be like the same name I've noticed.. I scanned twice today (Once this morning) got a detected object, and then just now and yet another..

Malwarebytes Anti-Malware (PRO) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.29.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Becka :: BECKA-PC [administrator]

Protection: Enabled

11/29/2012 7:02:00 PM

mbam-log-2012-11-29 (19-02-00).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 207174

Time elapsed: 1 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

jeffce · November 30, 2012

Download CKScanner by askey127 from Here & save it to your Desktop.

Right-click and Run as Administrator CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

----------

Ellissa · November 30, 2012

CKScanner 2.1 - Additional Security Risks - These are not necessarily bad

scanner sequence 3.MN.11.TJAPHC

----- EOF -----

Ellissa · November 30, 2012

And yet another. :l

Malwarebytes Anti-Malware (PRO) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.30.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Becka :: BECKA-PC [administrator]

Protection: Enabled

11/30/2012 1:40:38 PM

mbam-log-2012-11-30 (13-40-38).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 206971

Time elapsed: 1 minute(s), 24 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

jeffce · November 30, 2012

OTL

Download OTL to your desktop.
Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scan box paste this in

netsvcs
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

----------

Ellissa · November 30, 2012

OTL logfile created on: 11/30/2012 2:41:41 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Becka\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.27 Gb Available Physical Memory | 74.33% Memory free

11.50 Gb Paging File | 9.90 Gb Available in Paging File | 86.12% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 686.54 Gb Total Space | 570.08 Gb Free Space | 83.04% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Computer Name: BECKA-PC | User Name: Becka | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Becka\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)

PRC - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)

PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)

PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)

PRC - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer)

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV:64bit: - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (Updater Service) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer)

SRV:64bit: - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()

SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (LeapFrog Connect Device Service) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)

SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)

DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)

DRV:64bit: - (aswNdis2) -- C:\Windows\SysNative\drivers\aswNdis2.sys (AVAST Software)

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)

DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)

DRV:64bit: - (aswFW) -- C:\Windows\SysNative\drivers\aswFW.sys (AVAST Software)

DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)

DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)

DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)

DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\drivers\aswNdis.sys (ALWIL Software)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)

DRV:64bit: - (LeapFrog-USBLAN) -- C:\Windows\SysNative\drivers\btblan.sys (Belcarra Technologies)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (WN111v2) -- C:\Windows\SysNative\drivers\WN111v2x.sys (Atheros Communications, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 1D 95 03 9C C7 CD 01 [binary data]

IE - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_enUS368

IE - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"

FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/15 16:31:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 18:46:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/26 18:46:15 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 18:46:19 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/26 18:46:15 | 000,000,000 | ---D | M]

[2012/11/14 22:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Becka\AppData\Roaming\Mozilla\Extensions

[2012/11/20 21:21:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions

[2012/11/14 22:46:37 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}

[2012/11/29 17:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/11/15 16:31:03 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2012/10/26 18:46:19 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/08/11 09:16:27 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll

[2011/03/18 10:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll

[2011/03/18 10:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

[2012/08/29 18:32:24 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/10/13 07:57:24 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

O1 HOSTS File: ([2012/11/20 18:48:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL File not found

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)

O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1)

O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB99BCE6-F373-4F23-8A44-448AE2F507A3}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\ms-help - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/30 14:37:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Becka\Desktop\OTL.exe

[2012/11/29 19:08:07 | 000,000,000 | ---D | C] -- C:\Users\Becka\AppData\Local\{F2F401DA-0398-4609-A484-268D4F80A15C}

[2012/11/20 19:15:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/11/20 18:50:26 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/11/20 15:09:25 | 005,004,421 | R--- | C] (Swearware) -- C:\Users\Becka\Desktop\ComboFix.exe

[2012/11/20 14:22:31 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Becka\Desktop\aswMBR.exe

[2012/11/20 10:51:16 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Becka\Desktop\dds.scr

[2012/11/17 15:30:20 | 000,000,000 | ---D | C] -- C:\Users\Becka\AppData\Local\{971CEF98-0AE2-4802-B668-19A88A97FB31}

[2012/11/12 16:24:57 | 000,000,000 | ---D | C] -- C:\Users\Becka\AppData\Local\{AA3E3771-FEE0-4AF5-8B23-BF49E94AE33C}

[2012/11/11 19:21:40 | 000,000,000 | ---D | C] -- C:\Users\Becka\AppData\Local\{1F5F657C-3C9F-41C0-9424-BE2915B514F1}

[2012/11/10 17:35:56 | 000,000,000 | ---D | C] -- C:\Users\Becka\AppData\Local\{C34AA23B-12F7-4723-AEE4-368352342FDC}

[2012/11/08 15:44:49 | 000,000,000 | ---D | C] -- C:\Users\Becka\AppData\Local\{7EDD5EC3-593E-4130-B76C-058895A4DC83}

[2012/11/07 16:05:38 | 000,000,000 | ---D | C] -- C:\Users\Becka\AppData\Local\{BCD6057E-D299-44DC-88BE-F591A2558D5F}

[2012/11/01 17:52:51 | 000,000,000 | ---D | C] -- C:\Users\Becka\AppData\Local\{77403B00-B14C-483C-A446-A685860CF598}

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/30 14:37:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Becka\Desktop\OTL.exe

[2012/11/30 14:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/11/30 14:04:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/11/30 13:36:40 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/30 13:36:40 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/30 13:34:24 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/11/30 13:34:24 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/11/30 13:34:24 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/11/30 13:33:05 | 000,681,984 | ---- | M] () -- C:\Users\Becka\Desktop\CKScanner.exe

[2012/11/30 13:29:47 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/11/30 13:29:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/11/30 13:28:48 | 335,044,607 | -HS- | M] () -- C:\hiberfil.sys

[2012/11/21 17:09:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2012/11/20 18:48:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/11/20 15:09:49 | 005,004,421 | R--- | M] (Swearware) -- C:\Users\Becka\Desktop\ComboFix.exe

[2012/11/20 14:43:15 | 000,543,531 | ---- | M] () -- C:\Users\Becka\Desktop\AdwCleaner.exe

[2012/11/20 14:41:18 | 000,000,512 | ---- | M] () -- C:\Users\Becka\Desktop\MBR.dat

[2012/11/20 14:22:56 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Becka\Desktop\aswMBR.exe

[2012/11/20 10:51:19 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Becka\Desktop\dds.scr

[2012/11/15 15:25:22 | 000,405,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/11/13 13:32:48 | 545,582,378 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/30 13:33:03 | 000,681,984 | ---- | C] () -- C:\Users\Becka\Desktop\CKScanner.exe

[2012/11/20 14:43:10 | 000,543,531 | ---- | C] () -- C:\Users\Becka\Desktop\AdwCleaner.exe

[2012/11/20 14:41:18 | 000,000,512 | ---- | C] () -- C:\Users\Becka\Desktop\MBR.dat

[2012/11/15 15:17:27 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2012/11/15 15:09:04 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2012/02/07 18:48:47 | 000,003,584 | ---- | C] () -- C:\Users\Becka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

[2012/01/12 23:08:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/01/06 13:43:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/01/06 13:43:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/01/06 13:43:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/01/06 13:43:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/11/22 23:52:12 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat

[2010/03/29 14:28:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/03/27 01:18:08 | 000,000,000 | ---- | C] () -- C:\Users\Becka\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/08/11 09:16:27 | 000,000,000 | ---D | M] -- C:\Users\Becka\AppData\Roaming\Catalina Marketing Corp

[2010/07/31 16:16:39 | 000,000,000 | ---D | M] -- C:\Users\Becka\AppData\Roaming\LolClient

[2011/06/15 09:12:35 | 000,000,000 | ---D | M] -- C:\Users\Becka\AppData\Roaming\OpenOffice.org

[2010/02/23 02:37:42 | 000,000,000 | ---D | M] -- C:\Users\Becka\AppData\Roaming\Opera

[2010/03/27 01:18:09 | 000,000,000 | ---D | M] -- C:\Users\Becka\AppData\Roaming\Template

[2010/10/19 17:28:42 | 000,000,000 | ---D | M] -- C:\Users\Becka\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >

[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe

[2011/02/25 21:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2011/02/25 21:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe

[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe

[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe

[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011/02/25 22:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010/11/20 04:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2009/08/02 22:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2009/10/30 22:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2009/08/02 21:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2010/11/20 05:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[2009/10/30 22:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2009/08/02 21:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009/07/13 17:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2009/10/30 22:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2011/02/25 22:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

[2009/08/02 22:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >

[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe

[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe

[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe

[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe

[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >

[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe

[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe

[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >

[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe

[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009/07/13 17:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009/10/27 23:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009/10/27 22:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< End of report >

Ellissa · November 30, 2012

OTL Extras logfile created on: 11/30/2012 2:41:41 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Becka\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.27 Gb Available Physical Memory | 74.33% Memory free

11.50 Gb Paging File | 9.90 Gb Available in Paging File | 86.12% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 686.54 Gb Total Space | 570.08 Gb Free Space | 83.04% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Computer Name: BECKA-PC | User Name: Becka | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-142491608-2200593318-2864285238-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{024823C0-6063-41C7-AEC6-AA3CBC1EF9A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{09CC584F-7B97-4E82-9478-B4CB7D21086D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{18E844B6-C8FF-41F6-9480-46DA51E67543}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{190552C2-C502-4B69-8171-D9B142096EA5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1B6F4B8B-0DD0-462B-AF71-3F350B57BD27}" = rport=137 | protocol=17 | dir=out | app=system |

"{2A440964-704C-423F-8EB1-71FF2B3BDF8F}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |

"{3DD88915-A792-4E87-A05C-12B10C20B022}" = rport=10243 | protocol=6 | dir=out | app=system |

"{425AA163-5C7E-4692-A6FB-936BC757AC5F}" = lport=8379 | protocol=6 | dir=in | name=league of legends launcher |

"{4E187C28-FA42-42FC-8824-C69A378049C1}" = lport=138 | protocol=17 | dir=in | app=system |

"{4EAE8CC5-7086-4E3A-9BB1-1D77AFBBE190}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{59E45A91-8C5C-47BA-A7AC-22A7975C5232}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{70B64418-3459-4F9E-AF31-04FF82990550}" = lport=10243 | protocol=6 | dir=in | app=system |

"{7D36A0F5-A99A-42ED-90C0-02AAD5660FFC}" = lport=137 | protocol=17 | dir=in | app=system |

"{839793D0-2496-429A-9478-8AB78E2A3484}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{8648C5B5-0378-435D-B3A3-3DDC08065F51}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{97203EE6-A248-4298-AD26-35B69E6708BA}" = rport=139 | protocol=6 | dir=out | app=system |

"{98C4737C-2ABB-4D42-A4F2-3E0DED137B65}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |

"{9FE2BBC7-24B3-42C5-AAB1-10A2AC53B4E2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{AD89203E-4EB5-4134-9026-2549647984A1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B7BD89AC-476A-45C7-BA2E-0A6F2EAD7663}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{B9B01263-BF2D-41C6-BE81-4124AE63EE8F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{BB67960C-46A8-451E-848F-9FF1A523B588}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{BFB9F810-2F56-4F7F-BF08-93D3D7256477}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{E70B10C9-4678-4BD2-987F-7B111F471579}" = lport=139 | protocol=6 | dir=in | app=system |

"{ECE6AA7E-EAB5-4F8E-86F6-263D968D614C}" = rport=445 | protocol=6 | dir=out | app=system |

"{EFBC2437-A083-4325-85DD-2B15598ADEDB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F13AF13D-8FA6-417F-A176-0CD7C8F27F13}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F247C884-9AC0-470A-8C01-3981800A1508}" = rport=138 | protocol=17 | dir=out | app=system |

"{F3D6C1C8-5EF5-4AD6-986A-5CCB2C9B368D}" = lport=445 | protocol=6 | dir=in | app=system |

"{F7D2608E-1CAA-4322-B2E8-058F63409544}" = lport=2869 | protocol=6 | dir=in | app=system |

"{FFB51C50-D5A4-4EF5-A0C8-31E907147A55}" = lport=8379 | protocol=17 | dir=in | name=league of legends launcher |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0801F5A5-D8FC-4C1E-9609-A354508B6535}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |

"{0DE7F6A8-BFE2-4AD7-8A0A-70E7A4F226A3}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{14608430-45EA-49C2-B41C-09E1EAAEBFB9}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |

"{16426491-B9A7-4A02-A200-D551E29B8802}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{1670F1FD-10B4-4A48-858C-269AF7FA9D2D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{178D321E-05E7-416A-85A6-4AC5EAA933D6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{1853EC1E-160E-4102-8466-49A1B1B0726F}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |

"{19B30759-E0B6-4862-8B73-B484432DD3E0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{202DECCA-59FD-45BA-B748-1CABED2E30CE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{2539575F-0F7C-4048-B316-5BB7CC3B2BB9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{28FB07E3-998B-4B35-8E5F-C8F4DF8AA137}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{2C4B213C-5829-4889-9F25-DF6417575DD3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |

"{2DDEBFC4-D88F-4653-80D2-4A0FFC483026}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |

"{312AB102-8F30-4B7C-B564-15FD202A9478}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{3166CF43-89F6-49C4-B39C-0A0FD499FD3C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{3234117F-B79F-49B3-8260-FB5D58C7D62E}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |

"{369F3116-4FEA-46D8-ADB9-02151D3D0980}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{3A233E6C-4A7B-4F8C-B6CF-BEA7C05096D9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{3F6202DB-6FAE-4175-8BD0-FF16E8D10F2F}" = protocol=17 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe |

"{40259C42-59D5-46EF-8091-0508ABBD4FD1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{45752E7B-E85D-448B-95E3-1FBA2BE884A3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{46328489-4F5D-49FE-8EFB-55CD4280C558}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |

"{47748FD5-493A-4263-9EF6-A2A801F873F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{4A1BE8C2-D7C1-487E-9B16-41FEDD824433}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{4AD044A6-BB81-4EF3-ACA8-490A6F71DD1F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |

"{4BCAC1A3-5D87-49A5-9B17-A7740E16EDCB}" = protocol=6 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe |

"{55DD2109-A3CE-4A2A-B3FB-71A68FBA57DB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{5DADF97B-6639-4A13-8903-7EE87FBE761F}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |

"{620A7C68-725B-4FFC-A14F-1CA1E649AB3D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{630C48E6-782A-410E-A976-E55FD45E8424}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |

"{73662517-EF0E-4E25-96CE-D9272A82FB4A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{76329621-489D-48C2-A816-9765483A063D}" = protocol=6 | dir=out | app=system |

"{780A5DBE-57CC-4B1B-AF21-4DBFF104388D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{806A0E14-1C2C-45BE-9D6B-2B17BB4DBA66}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |

"{8083CB00-E9A0-481F-874F-2430D86636B1}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |

"{84A16E12-0431-4220-9587-0C34E58389A3}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |

"{85639C07-2808-433E-8BE7-C63E759DC931}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |

"{887CB5A8-2292-4871-AF8E-0DF8028D2BA0}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |

"{8C3F635F-4C2D-4DED-B968-BF4E76507137}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |

"{A235CA36-CDE1-4D2D-89F8-03C2AC370764}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{A309A51D-4B22-4B2B-AAAE-4016A97B4D62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A52917F6-8390-49E1-8F29-75E1CFBDAA44}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |

"{A704A6D3-C0BC-4CB7-80F0-BB5B4E0C43BD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{A9E6ACD1-B55B-41AE-867C-8D805C209092}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{AAC1547C-C7D4-43FB-9AA3-7A3CCF193D50}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |

"{C0D50F59-504A-422C-A824-2145664EA488}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |

"{CEDC012A-8340-43CE-A32A-C178864172D1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |

"{D7229583-3D5C-4681-9F81-36A48EBAC5AF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{D841DEA8-AD29-4FFF-A635-24DB6B580FEA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{DDCECDE3-A09E-4037-B002-056D3A12C92A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E00EEAAA-8856-4AF5-9BE2-3A85ECD95313}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{E63DCC46-C65B-4957-AF81-A6F703B1BB5D}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |

"{EAED0060-7368-429F-8502-B856DACE5183}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{EC97F248-A4B7-4530-BC25-CABA415DF78D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F79970A2-0084-4531-B904-8880CC893CFF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{F7E45B6C-2DFA-4C74-AFE0-E102A848EC45}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{F84264E4-4FB6-4563-B241-41C3943412EB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |

"{FD6AA6D2-33D1-44AF-9600-ED6302AD28F3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{FF13F71A-1923-4B19-A2C7-53A96E12D5F4}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |

"TCP Query User{0044CE06-4444-4355-A047-9DFF058EFAA1}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |

"TCP Query User{059A8F6F-D0DE-4833-9AA8-8EE66EE5410D}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |

"TCP Query User{1BEDE7A5-9838-4466-BE14-26097F6BE1DC}C:\users\becka\desktop\becky's folder\e04fed1f4ff6498eacbf627cb5f33b18_pod8_en-us.exe" = protocol=6 | dir=in | app=c:\users\becka\desktop\becky's folder\e04fed1f4ff6498eacbf627cb5f33b18_pod8_en-us.exe |

"TCP Query User{1F18149C-2896-40F7-A386-A4C319E38510}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |

"TCP Query User{2CA2AD4C-FCA2-40A9-83BC-AE381E1E03FD}C:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe |

"TCP Query User{3D90BD36-EA26-46E8-A298-B85EF7A4FDA1}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |

"TCP Query User{4915117C-95A0-4DC1-A6F6-0701C8E8546F}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe |

"TCP Query User{496FEC59-762C-4DAE-9F89-181E00C27D15}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |

"TCP Query User{543F4428-155D-40D9-9DB5-ABCF1BC8726E}C:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |

"TCP Query User{5830A141-36EE-4398-B1FE-DBED768AE065}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |

"TCP Query User{5E3AA963-C080-4F4D-89E6-16CCF0A8629C}C:\users\public\games\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |

"TCP Query User{6128165B-F7A2-4644-A4B1-6B714E930573}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |

"TCP Query User{6C31CF63-88F2-4081-82C4-D15192689C4F}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe |

"TCP Query User{7B904E51-78C4-451F-BA49-582B0A586E5B}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |

"TCP Query User{84CA689A-D112-4E86-8F70-F285EF94A2BC}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |

"TCP Query User{89FA6B15-AFEE-43D4-A0E0-03345678A2D2}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe |

"TCP Query User{AD2FE13C-AA88-41B4-A434-3AD487E96D5C}C:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe" = protocol=6 | dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |

"TCP Query User{CB26FB98-7AC3-4CE3-B2DA-6762452E8BD2}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |

"TCP Query User{CC909F9C-D936-4735-B57A-2C0FBA090087}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

"TCP Query User{D6A82079-4F2F-4D49-AE87-16CF816CB03F}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |

"TCP Query User{EF699AAD-4A04-4937-8C17-7B6400B94165}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |

"UDP Query User{1C8A41E6-321A-43B6-A60C-B98DE57A0A0E}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe |

"UDP Query User{1E09D9E6-965E-4772-A953-C6AC446C4D3D}C:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe |

"UDP Query User{1E9C81D3-8E98-4DA9-870C-EEDF19F7DCEC}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |

"UDP Query User{2A9114FF-FA3C-487B-8687-B0A4CB1F9C4F}C:\users\becka\desktop\becky's folder\e04fed1f4ff6498eacbf627cb5f33b18_pod8_en-us.exe" = protocol=17 | dir=in | app=c:\users\becka\desktop\becky's folder\e04fed1f4ff6498eacbf627cb5f33b18_pod8_en-us.exe |

"UDP Query User{3EE75D02-BB7B-47E0-B3A5-0194909E8034}C:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |

"UDP Query User{436DB05B-93FD-4330-B078-CA675209356F}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |

"UDP Query User{49259ED3-F066-4375-A7E7-76B1B0ED98F7}C:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe" = protocol=17 | dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |

"UDP Query User{6F448BB7-D8D1-48A0-BEBA-C5816C35315F}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |

"UDP Query User{761020FD-62F2-4A12-9C1C-B20F6B083819}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |

"UDP Query User{7ABF1183-49CE-4A68-9915-202A22C635A6}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

"UDP Query User{903963CD-A279-4730-9200-3B996C31B472}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe |

"UDP Query User{90707D8E-F2EC-4060-93F1-CB094893DA1B}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |

"UDP Query User{91BF02DC-45E7-45A2-A9D9-4C549BDAF96D}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |

"UDP Query User{A8AF0260-83B7-4D95-9824-17FFA331C640}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |

"UDP Query User{A8D7850C-E853-486E-8BB9-0B64B5AE3C5A}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |

"UDP Query User{BC8902C1-DB35-4D59-84F7-5C07092948CF}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe |

"UDP Query User{C891D4EE-6391-48F3-920C-B15AD1311B5A}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |

"UDP Query User{D1FBDBB0-7BD1-4914-B4D9-C49D6800F78B}C:\users\public\games\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |

"UDP Query User{D7834F3B-AD80-4CCB-AD72-523575F9A883}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |

"UDP Query User{E1BF1957-3742-4187-A0FA-FC571AA02472}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |

"UDP Query User{F731CBA8-7531-4602-B91F-741A5D7B4558}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1111706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 (64-bit)

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{2222706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 SDK (64-bit)

"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java 7 Update 2 (64-bit)

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{64A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java SE Development Kit 7 Update 2 (64-bit)

"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager

"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SingleImage_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-1000-0000000FF1CE}_Office14.SingleImage_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010

"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010

"{90140000-0043-0409-1000-0000000FF1CE}_Office14.SingleImage_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{06C84AD5-A13A-43CC-B20C-D1D5E7BA2658}" = LeapFrog Leapster Explorer Plugin

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0F8276C4-986F-43E5-968C-8D696DE98EAF}" = Aion

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help

"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress

"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management

"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{98534730-efc9-4cf6-8dbb-43d23a99aad6}" = Nero 9 Essentials

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI

"{B124E3EA-59C5-462B-98EF-374099EA7A61}" = LeapFrog LeapPad Explorer Plugin

"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center

"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends

"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter

"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D54640A3-2C2B-4CB1-9666-01E55F54E7F5}" = NCsoft Launcher

"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help

"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter

"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife

"{F9233F02-5617-4BDC-8EC6-4B798EDFE6F4}" = LeapFrog Connect

"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"avast" = avast! Internet Security

"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows

"eMachines Registration" = eMachines Registration

"eMachines Screensaver" = eMachines ScreenSaver

"eMachines Welcome Center" = Welcome Center

"ESET Online Scanner" = ESET Online Scanner v3

"Furcadia" = Furcadia

"Identity Card" = Identity Card

"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager

"LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)

"LeapsterExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"Messenger Plus!" = Messenger Plus! 6

"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"UPCShell" = LeapFrog Connect

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"WinLiveSuite" = Windows Live Essentials

"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-142491608-2200593318-2864285238-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"090215de958f1060" = Curse Client

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 11/27/2012 12:54:44 PM | Computer Name = Becka-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/27/2012 12:54:44 PM | Computer Name = Becka-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/27/2012 12:54:44 PM | Computer Name = Becka-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/29/2012 4:41:46 PM | Computer Name = Becka-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 11/29/2012 4:41:52 PM | Computer Name = Becka-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "c:\program files (x86)\ESET\eset

online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/29/2012 4:42:53 PM | Computer Name = Becka-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/29/2012 4:42:53 PM | Computer Name = Becka-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/29/2012 4:42:53 PM | Computer Name = Becka-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/29/2012 4:42:53 PM | Computer Name = Becka-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/30/2012 5:32:22 PM | Computer Name = Becka-PC | Source = Application Hang | ID = 1002

Description = The program firefox.exe version 16.0.2.4680 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 9b4 Start

Time: 01cdcf4218aaead0 Termination Time: 10 Application Path: C:\Program Files (x86)\Mozilla

Firefox\firefox.exe Report Id: 6677c941-3b35-11e2-9798-98ba286c14aa

[ System Events ]

Error - 11/13/2012 5:32:55 PM | Computer Name = Becka-PC | Source = BugCheck | ID = 1001

Description =

Error - 11/20/2012 7:14:50 PM | Computer Name = Becka-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 11/20/2012 7:17:16 PM | Computer Name = Becka-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 11/20/2012 10:45:05 PM | Computer Name = Becka-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 11/20/2012 10:47:18 PM | Computer Name = Becka-PC | Source = Application Popup | ID = 1060

Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility

with this system. Please contact your software vendor for a compatible version

of the driver.

Error - 11/20/2012 10:48:47 PM | Computer Name = Becka-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 11/21/2012 8:12:37 PM | Computer Name = Becka-PC | Source = NetBT | ID = 4321

Description = The name "BECKA-PC :0" could not be registered on the interface

with IP address 192.168.1.30. The computer with the IP address 192.168.1.32 did

not allow the name to be claimed by this computer.

Error - 11/21/2012 8:12:42 PM | Computer Name = Becka-PC | Source = NetBT | ID = 4321

Description = The name "BECKA-PC :0" could not be registered on the interface

with IP address 192.168.1.33. The computer with the IP address 192.168.1.32 did

not allow the name to be claimed by this computer.

Error - 11/21/2012 8:12:55 PM | Computer Name = Becka-PC | Source = NetBT | ID = 4321

Description = The name "BECKA-PC :20" could not be registered on the interface

with IP address 192.168.1.33. The computer with the IP address 192.168.1.32 did

not allow the name to be claimed by this computer.

Error - 11/21/2012 8:12:57 PM | Computer Name = Becka-PC | Source = Server | ID = 2505

Description = The server could not bind to the transport \Device\NetBT_Tcpip_{CB99BCE6-F373-4F23-8A44-448AE2F507A3}

because another computer on the network has the same name. The server could not

start.

< End of report >

jeffce · December 1, 2012

Hi,

I see that this is residing in Google Chrome....the fastest and easiest way to remove entries from Chrome is to uninstall Google Chrome completely and then install a fresh copy.

Please do that and then see if you are still receiving the warnings.

Ellissa · December 1, 2012

I saw that name in there and thought it to be weird.. Cause I don't have Google Chrome installed nor do I use (Or have ever.) I only use firefox. ): I've tried finding it on my computer and see it no where.

jeffce · December 1, 2012

I certainly apologize....I misread the log. How embarrassing...

Run OTL.exe

Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL

:Services
:OTL
O2:64bit: - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL File not found
:Commands
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

----------

Ellissa · December 1, 2012

No worries, lol. I thought I read it in there somewhere too. Here's OTL's log that popped up after rebooting. I'll also scan with MBAM.

All processes killed

========== SERVICES/DRIVERS ==========

========== OTL ==========

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}\ deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Becka

->Temp folder emptied: 615009 bytes

->Temporary Internet Files folder emptied: 56058020 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 158727583 bytes

->Opera cache emptied: 17340040 bytes

->Flash cache emptied: 3342 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 129728 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 16160 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 222.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11302012_201508

Files\Folders moved on Reboot...

C:\Users\Becka\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Ellissa · December 1, 2012

Err, wait, you wanted me to run another OTL scan? (OTL same as before except without LOP and Purity unchecked?) Or MBAM?

jeffce · December 1, 2012

I'll also scan with MBAM.

Post that too when complete. Let me know how your system is running.

OTL scan? Or MBAM?

Actually do both.

Ellissa · December 1, 2012

Okay, so OTL, "Run Scan", with "All Users", "Minimal Output" and LOP on Purity unchecked. Correct? (Lol, sorry, I like to be sure..)

jeffce · December 1, 2012

Okay, so OTL, "Run Scan", with "All Users", "Minimal Output" and LOP on Purity unchecked. Correct? (Lol, sorry, I like to be sure..)

Yes please.

Ellissa · December 1, 2012

Okay. This was the only log I got.

OTL logfile created on: 11/30/2012 8:25:29 PM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Becka\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.47 Gb Available Physical Memory | 77.73% Memory free

11.50 Gb Paging File | 10.14 Gb Available in Paging File | 88.22% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 686.54 Gb Total Space | 571.73 Gb Free Space | 83.28% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Computer Name: BECKA-PC | User Name: Becka | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days