knightmaster
-
Posts
21 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by knightmaster
-
-
Ok couple more questions then u can tell me how to close this thread. Do I keep TFC and CC Cleaner and run them periodically?
-
Running much better. May I ask how do you read the logs?
-
it says java 7 ver 5...???
-
Error msg is gone!
I have already uninstalled and reinstalled java. Do I need to do it again???
-
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-844235702-1577790273-2456796898-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pigxt deleted successfully.
C:\Users\Curt\AppData\Local\{fe3970b0-9556-099c-8ed4-59c2c1099070}\@ moved successfully.
========== FILES ==========
C:\Users\Curt\AppData\Local\{fe3970b0-9556-099c-8ed4-59c2c1099070}\U folder moved successfully.
C:\Users\Curt\AppData\Local\{fe3970b0-9556-099c-8ed4-59c2c1099070}\L folder moved successfully.
C:\Users\Curt\AppData\Local\{fe3970b0-9556-099c-8ed4-59c2c1099070} folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Curt\Desktop\cmd.bat deleted successfully.
C:\Users\Curt\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
User: All Users
User: Bekki
->Temp folder emptied: 0 bytes
User: Curt
->Temp folder emptied: 140319 bytes
->Temporary Internet Files folder emptied: 30232260 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 7844681 bytes
->Flash cache emptied: 506 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 89045 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 65435428 bytes
Total Files Cleaned = 99.00 mb
OTL by OldTimer - Version 3.2.53.0 log created on 07022012_092511
Files\Folders moved on Reboot...
C:\Users\Curt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\Curt\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
Running pretty good Thanks
-
No Extra txt doc was created.
OTL logfile created on: 7/2/2012 8:31:18 AM - Run 3
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Curt\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.75 Gb Total Physical Memory | 0.52 Gb Available Physical Memory | 29.55% Memory free
3.49 Gb Paging File | 1.87 Gb Available in Paging File | 53.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.11 Gb Total Space | 210.07 Gb Free Space | 73.94% Space Free | Partition Type: NTFS
Drive D: | 13.68 Gb Total Space | 1.96 Gb Free Space | 14.31% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 91.19 Mb Free Space | 91.80% Space Free | Partition Type: FAT32
Computer Name: LT | User Name: Curt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/06/28 13:43:53 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Curt\Desktop\OTL.exe
PRC - [2012/06/13 08:24:37 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Curt\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2012/02/01 17:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2012/02/01 17:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/04/08 08:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/05 16:11:52 | 000,081,920 | R--- | M] (Nero AG) -- C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe
PRC - [2010/02/26 19:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/02/08 10:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Curt\AppData\Roaming\Google\Google Talk\googletalk.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
========== Modules (No Company Name) ==========
MOD - [2012/02/01 17:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/24 16:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/04/05 14:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/02/05 13:50:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2010/01/12 18:44:24 | 000,019,968 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2012/06/23 09:19:41 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/02/01 17:55:58 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/05 16:11:52 | 000,081,920 | R--- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/19 02:54:11 | 000,081,920 | ---- | M] (Sage Software, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe -- (ACT! Scheduler)
SRV - [2010/05/06 13:23:56 | 000,090,296 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/26 19:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/08 10:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/01/25 13:58:02 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2012/01/25 13:57:50 | 000,030,720 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2012/01/25 13:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2012/01/25 13:57:38 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/11/08 12:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/06/17 20:54:22 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0151.sys -- (RsFx0151)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/22 12:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/20 02:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/20 01:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/22 16:00:12 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 23:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 23:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/23 22:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/21 18:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/07 14:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 14:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/29 17:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2007/11/02 15:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2006/12/05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0ED26115-6639-4D15-9D92-2EB2A4E20FE6}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{1ED53487-48A2-403C-ABD1-B704D85FEE66}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{906B07A0-4D8B-4FB3-A37D-4B3E5E393243}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
IE:64bit: - HKLM\..\SearchScopes\{98621C49-9EE4-46B2-8399-97FE456776E9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{1ED53487-48A2-403C-ABD1-B704D85FEE66}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{98621C49-9EE4-46B2-8399-97FE456776E9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-844235702-1577790273-2456796898-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://google.com/ [binary data]
IE - HKU\S-1-5-21-844235702-1577790273-2456796898-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-844235702-1577790273-2456796898-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-844235702-1577790273-2456796898-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-844235702-1577790273-2456796898-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-844235702-1577790273-2456796898-1000\..\SearchScopes\{0ED26115-6639-4D15-9D92-2EB2A4E20FE6}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-844235702-1577790273-2456796898-1000\..\SearchScopes\{1ED53487-48A2-403C-ABD1-B704D85FEE66}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE - HKU\S-1-5-21-844235702-1577790273-2456796898-1000\..\SearchScopes\{65F935D2-1683-4EA5-82D7-CEFEE9485117}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ111YYUS&apn_uid=7AC1BB0F-9DCC-464A-AC8A-9A8BC231E01D&apn_sauid=6347FB0A-E8D6-406F-BB9C-73CD67CD743C
IE - HKU\S-1-5-21-844235702-1577790273-2456796898-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GZAB_enUS457&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-844235702-1577790273-2456796898-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=EoRdJXrlxixdms6x-FQTE4SPZc8?q={searchTerms}
IE - HKU\S-1-5-21-844235702-1577790273-2456796898-1000\..\SearchScopes\{98621C49-9EE4-46B2-8399-97FE456776E9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-844235702-1577790273-2456796898-1000\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
IE - HKU\S-1-5-21-844235702-1577790273-2456796898-1000\..\SearchScopes\{E6D69A27-8DDF-4805-8DCB-8216DA7E2ADE}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-844235702-1577790273-2456796898-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Curt\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Curt\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/12 15:31:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/06 19:56:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011/12/22 14:20:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/02 17:54:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/06 19:56:53 | 000,000,000 | ---D | M]
[2012/05/21 16:03:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Curt\AppData\Roaming\Mozilla\Extensions
[2012/05/25 00:55:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Curt\AppData\Roaming\Mozilla\Firefox\Profiles\clxpvw2a.default\extensions
[2012/05/30 00:43:53 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Curt\AppData\Roaming\Mozilla\Firefox\Profiles\clxpvw2a.default\extensions\crossriderapp2258@crossrider.com
[2012/05/25 00:55:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Curt\AppData\Roaming\Mozilla\Firefox\Profiles\clxpvw2a.default\extensions\staged
[2012/05/30 00:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/21 07:38:10 | 000,000,000 | ---D | M] (FindXplorer) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}
[2012/05/30 00:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012/05/30 00:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012/05/30 00:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012/05/30 00:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/05/30 00:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/05/30 00:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2012/05/30 00:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Curt\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Curt\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Curt\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Curt\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Curt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: RoboForm Plugin for Google Chrome/Opera/etc. (Enabled) = C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Curt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Curt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Users\Curt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: AVG Do Not Track = C:\Users\Curt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Users\Curt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/06/29 21:47:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:64bit: - HKU\S-1-5-21-844235702-1577790273-2456796898-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-844235702-1577790273-2456796898-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-844235702-1577790273-2456796898-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [pigxt] "C:\Windows\System32\rundll32.exe" "C:\Users\Curt\AppData\Roaming\pigxt.dll",CreateAttributeDefinition File not found
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-844235702-1577790273-2456796898-1000..\Run: [googletalk] C:\Users\Curt\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-844235702-1577790273-2456796898-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Users\Curt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Curt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-844235702-1577790273-2456796898-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-844235702-1577790273-2456796898-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-844235702-1577790273-2456796898-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-844235702-1577790273-2456796898-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-844235702-1577790273-2456796898-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O15 - HKU\S-1-5-21-844235702-1577790273-2456796898-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-844235702-1577790273-2456796898-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://vnc.webex.com/client/T27L10NSP25EP3/webex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59F3D94F-E55E-484A-9A8B-5EA91ADBAE71}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/06/30 00:32:30 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Curt\Desktop\TFC.exe
[2012/06/29 22:07:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/29 19:13:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/29 19:12:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/29 19:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/06/29 16:20:03 | 000,000,000 | ---D | C] -- C:\MGtools
[2012/06/29 16:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/06/29 16:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/06/28 22:18:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/28 19:30:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/28 19:30:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/28 19:26:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/28 19:22:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/28 19:16:51 | 004,566,027 | R--- | C] (Swearware) -- C:\Users\Curt\Desktop\ComboFix.exe
[2012/06/28 18:31:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/28 17:20:31 | 000,000,000 | ---D | C] -- C:\Users\Curt\Desktop\RK_Quarantine
[2012/06/28 17:12:18 | 008,834,304 | ---- | C] (SurfRight B.V.) -- C:\Users\Curt\Desktop\HitmanPro36_x64.exe
[2012/06/28 17:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/06/28 15:03:10 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/06/28 15:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/06/28 15:01:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/06/28 13:43:53 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Curt\Desktop\OTL.exe
[2012/06/27 15:01:59 | 000,000,000 | ---D | C] -- C:\Windows\hpoj4500g510a-f
[2012/06/25 13:06:52 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/06/13 22:01:38 | 000,000,000 | ---D | C] -- C:\Users\Curt\Desktop\Private
[2012/06/12 23:16:17 | 000,000,000 | ---D | C] -- C:\Users\Curt\Documents\HELP US
[2012/06/12 15:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/06/05 08:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Sync
[2011/07/01 09:56:47 | 017,491,272 | ---- | C] (Sage Software ) -- C:\Users\Curt\AppData\Roaming\ACT2011Hotfix_SS.exe
========== Files - Modified Within 30 Days ==========
[2012/07/02 08:30:27 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/02 08:30:27 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/02 08:22:29 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/02 08:21:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/02 08:21:42 | 1405,276,160 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/01 21:17:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/01 21:12:48 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-844235702-1577790273-2456796898-1000UA.job
[2012/07/01 21:12:44 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/01 07:54:16 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-844235702-1577790273-2456796898-1000Core.job
[2012/07/01 05:50:04 | 100,891,471 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/30 11:27:12 | 000,165,376 | ---- | M] () -- C:\Users\Curt\Desktop\SystemLook_x64.exe
[2012/06/30 00:32:30 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Curt\Desktop\TFC.exe
[2012/06/29 22:03:18 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCurt.job
[2012/06/29 21:47:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/29 18:50:42 | 000,569,782 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/06/29 16:32:01 | 000,329,172 | ---- | M] () -- C:\MGlogs.zip
[2012/06/29 16:17:09 | 000,001,178 | ---- | M] () -- C:\Users\Curt\Desktop\hitmanpro.xml
[2012/06/28 19:16:52 | 004,566,027 | R--- | M] (Swearware) -- C:\Users\Curt\Desktop\ComboFix.exe
[2012/06/28 17:13:05 | 001,669,626 | ---- | M] () -- C:\Users\Curt\Desktop\MGtools.exe
[2012/06/28 17:12:22 | 008,834,304 | ---- | M] (SurfRight B.V.) -- C:\Users\Curt\Desktop\HitmanPro36_x64.exe
[2012/06/28 17:10:30 | 001,545,216 | ---- | M] () -- C:\Users\Curt\Desktop\RogueKiller.exe
[2012/06/28 17:05:12 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/28 13:43:53 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Curt\Desktop\OTL.exe
[2012/06/27 15:08:41 | 000,141,138 | ---- | M] () -- C:\Windows\hpwins27.dat
[2012/06/27 15:08:41 | 000,002,313 | ---- | M] () -- C:\Users\Public\Desktop\Add a Device - Officejet 4500 G510a-f.lnk
[2012/06/27 12:15:02 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/14 10:55:49 | 000,002,102 | ---- | M] () -- C:\Users\Curt\Desktop\Local Current.url
[2012/06/14 09:53:17 | 000,427,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/14 09:35:13 | 000,836,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/14 09:35:13 | 000,692,628 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/14 09:35:13 | 000,131,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/14 08:13:59 | 000,001,042 | ---- | M] () -- C:\Users\Curt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/14 08:13:29 | 000,001,008 | ---- | M] () -- C:\Users\Curt\Desktop\Dropbox.lnk
========== Files Created - No Company Name ==========
[2012/06/30 11:27:11 | 000,165,376 | ---- | C] () -- C:\Users\Curt\Desktop\SystemLook_x64.exe
[2012/06/29 19:19:09 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/06/29 16:20:05 | 000,329,172 | ---- | C] () -- C:\MGlogs.zip
[2012/06/29 16:17:08 | 000,001,178 | ---- | C] () -- C:\Users\Curt\Desktop\hitmanpro.xml
[2012/06/28 19:30:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/28 19:30:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/28 19:30:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/28 19:30:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/28 19:30:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/28 17:13:05 | 001,669,626 | ---- | C] () -- C:\Users\Curt\Desktop\MGtools.exe
[2012/06/28 17:10:29 | 001,545,216 | ---- | C] () -- C:\Users\Curt\Desktop\RogueKiller.exe
[2012/06/28 17:05:12 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/27 15:08:41 | 000,002,313 | ---- | C] () -- C:\Users\Public\Desktop\Add a Device - Officejet 4500 G510a-f.lnk
[2012/06/27 14:51:15 | 000,141,138 | ---- | C] () -- C:\Windows\hpwins27.dat
[2012/06/27 14:51:14 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat
[2012/06/27 12:15:02 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/14 10:55:46 | 000,002,102 | ---- | C] () -- C:\Users\Curt\Desktop\Local Current.url
[2012/01/20 17:48:48 | 000,007,597 | ---- | C] () -- C:\Users\Curt\AppData\Local\Resmon.ResmonCfg
[2012/01/11 10:55:38 | 000,002,048 | ---- | C] () -- C:\Users\Curt\AppData\Local\{fe3970b0-9556-099c-8ed4-59c2c1099070}\@
[2011/10/25 21:11:57 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/10/20 20:09:05 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp
[2011/09/07 13:02:49 | 000,207,317 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011/09/06 20:07:24 | 000,205,179 | ---- | C] () -- C:\Windows\hpwins26.dat.temp
[2011/09/06 20:07:24 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat.temp
[2011/09/06 19:40:53 | 000,204,468 | ---- | C] () -- C:\Windows\hpwins26.dat
[2011/07/19 13:16:27 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\custmon2k.dll
[2011/07/19 13:16:27 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\uninstpw.exe
[2011/07/01 10:42:06 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/07/01 10:27:19 | 000,834,866 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/16 22:10:17 | 000,001,854 | ---- | C] () -- C:\Users\Curt\AppData\Roaming\GhostObjGAFix.xml
[2010/08/10 08:57:22 | 000,166,378 | ---- | C] () -- C:\Windows\hpwins20.dat
[2010/08/10 08:57:21 | 000,001,360 | ---- | C] () -- C:\Windows\hpwmdl20.dat
[2010/07/31 13:36:53 | 000,000,632 | RHS- | C] () -- C:\Users\Curt\ntuser.pol
[2010/07/22 04:39:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/07/22 04:31:58 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/07/22 04:31:58 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
========== LOP Check ==========
[2011/07/01 10:41:00 | 000,000,000 | ---D | M] -- C:\Users\Curt\AppData\Roaming\ACT
[2011/10/08 11:17:47 | 000,000,000 | ---D | M] -- C:\Users\Curt\AppData\Roaming\AVG
[2011/09/29 07:02:03 | 000,000,000 | ---D | M] -- C:\Users\Curt\AppData\Roaming\AVG2012
[2011/02/21 18:40:50 | 000,000,000 | ---D | M] -- C:\Users\Curt\AppData\Roaming\Barnes & Noble
[2012/07/02 08:22:55 | 000,000,000 | ---D | M] -- C:\Users\Curt\AppData\Roaming\Dropbox
[2011/06/03 07:11:02 | 000,000,000 | ---D | M] -- C:\Users\Curt\AppData\Roaming\GoodSync
[2011/07/01 10:41:51 | 000,000,000 | ---D | M] -- C:\Users\Curt\AppData\Roaming\IsolatedStorage
[2012/05/21 16:31:23 | 000,000,000 | ---D | M] -- C:\Users\Curt\AppData\Roaming\Media Finder
[2012/05/30 00:45:29 | 000,000,000 | ---D | M] -- C:\Users\Curt\AppData\Roaming\MediaMonkey
[2012/03/28 14:34:35 | 000,000,000 | ---D | M] -- C:\Users\Curt\AppData\Roaming\motorola
[2012/01/17 18:51:51 | 000,000,000 | ---D | M] -- C:\Users\Curt\AppData\Roaming\NCH Swift Sound
[2011/08/26 08:16:56 | 000,000,000 | ---D | M] -- C:\Users\Curt\AppData\Roaming\Recordpad
[2011/06/03 07:58:00 | 000,000,000 | ---D | M] -- C:\Users\Curt\AppData\Roaming\RoboForm
[2011/08/30 10:00:11 | 000,000,000 | ---D | M] -- C:\Users\Curt\AppData\Roaming\webex
[2011/04/21 16:43:59 | 000,000,000 | ---D | M] -- C:\Users\Curt\AppData\Roaming\Windows Live Writer
[2012/04/07 14:42:03 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/05/14 21:27:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/05/14 21:24:13 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/05/14 21:27:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/05/14 21:24:13 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/05/14 21:27:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/05/14 21:24:13 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/05/14 21:27:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/05/14 21:24:13 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: PIGXT.DLL.VIR >
[2012/06/25 14:43:12 | 000,397,824 | ---- | M] (Analog Devices, Inc.) MD5=072C3ACB31B81536461D55A9126822C9 -- C:\Qoobox\Quarantine\C\Users\Curt\AppData\Roaming\pigxt.dll.vir
[2012/06/25 14:43:12 | 000,397,824 | ---- | M] (Analog Devices, Inc.) MD5=072C3ACB31B81536461D55A9126822C9 -- C:\Users\Curt\Desktop\RK_Quarantine\pigxt.dll.vir
< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/05/14 21:27:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/05/14 21:27:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< %systemroot%\*. /rp /s >
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD32 00BEVT-60A23T0 SATA Disk Device
Partitions: 4
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 284.00GB
Starting Offset: 209715200
Hidden sectors: 0
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 14.00GB
Starting Offset: 305270882304
Hidden sectors: 0
DeviceID: Disk #0, Partition #3
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 319963529216
Hidden sectors: 0
========== Alternate Data Streams ==========
@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:8927A071
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:0B4227B4
< End of report >
-
SystemLook 30.07.11 by jpshortstuff
Log created at 07:57 on 01/07/2012 by Curt
Administrator - Elevation successful
Invalid Context: filefind*pigx**pigxt*:RegHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /sHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /s
-= EOF =-
-
SystemLook 30.07.11 by jpshortstuff
Log created at 13:33 on 30/06/2012 by Curt
Administrator - Elevation successful
Invalid Context: filefind*pigx**pigxt*:RegHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /sHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /s
-= EOF =-
-
SystemLook 30.07.11 by jpshortstuff
Log created at 11:28 on 30/06/2012 by Curt
Administrator - Elevation successful
Invalid Context: filefind*pigx*:RegHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /sHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /s
-= EOF =-
Update for Microsoft Office 2007 (KB2508958)
4500_G510af_Help_Web
4500_G510gm_Help
4500_G510nz_Help
4500G510af_Software_Min
4500G510af_web
4500G510gm
4500G510gm_Software_Min
4500G510nz
4500G510nz_Software_Min
4660_4680_Help
7-Zip 9.22beta
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
AVG PC Tuneup 2011
Bejeweled 2 Deluxe
Bing Bar
Blackhawk Striker 2
Blasterball 3
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco Network Magic
Cisco PEAP Module
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink YouCam
D3DX10
Destinations
DeviceDiscovery
Diner Dash 2 Restaurant Rescue
DocMgr
DocProc
Dora's Carnival Adventure
Dropbox
Escape Rosecliff Island
ESU for Microsoft Windows 7
Faerie Solitaire
FATE
Fax
FindXplorer 1.0 build 115
Google Apps Migration For Microsoft Outlook® 2.3.12.34
Google Apps Sync™ for Microsoft Outlook® 3.1.94.203
Google Calendar Sync
Google Chrome
Google Gmail Notifier
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.1.0.880
GPBaseService2
GPL Ghostscript 8.57
GPL Ghostscript Fonts
Hewlett-Packard ACLM.NET v1.1.2.0
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart CinemaNow 2.0
HP Photo Creations
HP Power Plan Utility
HP Setup
HP Software Framework
HP Support Assistant
HP Update
HP User Guides 0178
HPDiagnosticAlert
HPProductAssistant
HPSSupply
J4600
Java Auto Updater
Java 7 Update 5
JavaFX 2.1.1
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
MediaMonkey 4.0
Mesh Runtime
Messenger Companion
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Browser
Microsoft UI Engine
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
MotoHelper 2.1.40 Driver 5.5.0
MotoHelper MergeModules
MOTOROLA MEDIA LINK
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The New York Fortune
Network Magic
NOOK for PC
PC Matic 1.0.0.17
PDFill PDF Editor with FREE PDF Writer and Tools
PDFill PDF Writer
Penguins!
PhotoNow!
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
ProductContext
Pure Networks Platform
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery Manager
RingCentral Call Controller
RoboForm 7-7-8-8 (All Users)
Roxio CinemaNow 2.0
Sage ACT! Pro 2011
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype™ 4.1
SmartWebPrinting
SolutionCenter
Status
TextTwist 2
Toolbox
TrayApp
UHC-iEnroll™
UHC FieldWriter v0.74b
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Virtual Families
Virtual Villagers - The Secret City
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
WebEx
WebReg
Wheel of Fortune 2
WildTangent Games App
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Detect
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zuma's Revenge
-
You are awesome! Thank you so much for helping me. how do u read those logs? C:\Users\Curt\AppData\Roaming\pigxt.dll is still there on bootup though.
-
C:\Users\Curt\AppData\Roaming\pigxt.dll is still there on bootup
Still running super slow too. Do u think we are close?
ComboFix 12-06-28.03 - Curt 06/29/2012 21:29:10.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1787.542 [GMT -4:00]
Running from: c:\users\Curt\Desktop\ComboFix.exe
Command switches used :: c:\users\Curt\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))))
.
.
2012-06-30 01:42 . 2012-06-30 01:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-30 01:42 . 2012-06-30 01:42 -------- d-----w- c:\users\Bekki\AppData\Local\temp
2012-06-29 23:13 . 2012-06-29 23:13 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-29 23:12 . 2012-06-29 23:12 -------- d-----w- c:\program files (x86)\Oracle
2012-06-29 23:11 . 2012-05-04 23:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-29 23:08 . 2012-06-29 23:08 -------- d-----w- c:\programdata\McAfee
2012-06-29 20:20 . 2012-06-29 20:32 -------- d-----w- C:\MGtools
2012-06-29 20:02 . 2012-06-29 20:02 -------- d-----w- c:\program files\HitmanPro
2012-06-29 20:01 . 2012-06-29 20:04 -------- d-----w- c:\programdata\HitmanPro
2012-06-28 22:31 . 2012-06-28 22:31 -------- d-----w- C:\_OTL
2012-06-28 21:05 . 2012-06-28 21:05 -------- d-----w- c:\program files\CCleaner
2012-06-28 19:03 . 2012-06-29 13:06 -------- d-----w- C:\sh4ldr
2012-06-28 19:03 . 2012-06-28 19:03 -------- d-----w- c:\program files\Enigma Software Group
2012-06-28 19:01 . 2012-06-29 13:06 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-28 19:01 . 2012-06-28 19:01 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-06-27 19:01 . 2012-06-27 19:01 -------- d-----w- c:\windows\hpoj4500g510a-f
2012-06-25 17:06 . 2012-06-25 17:06 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-25 12:37 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-25 12:37 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-25 12:37 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-25 12:37 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-25 12:36 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-25 12:36 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-25 12:36 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 13:29 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 13:29 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 12:43 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 12:43 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 12:43 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 12:43 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 12:43 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 12:42 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-14 12:42 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-14 12:42 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 12:42 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 12:42 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 12:42 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 12:42 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 12:42 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 12:41 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 12:41 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 12:41 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 12:41 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 12:41 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 12:41 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-14 12:37 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-06-14 12:37 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-06-14 12:37 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-14 12:34 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-14 12:34 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-14 12:34 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-07 00:02 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-07 00:02 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-07 00:02 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-07 00:02 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-07 00:02 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-07 00:02 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-07 00:02 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 20:32 . 2012-06-29 20:20 329172 ----a-w- C:\MGlogs.zip
2012-06-23 13:19 . 2012-04-03 21:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 13:19 . 2011-06-14 14:49 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 23:29 . 2011-10-05 12:01 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-04 19:56 . 2010-08-26 15:42 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-06-30_00.35.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-15 00:45 . 2012-06-30 01:49 65880 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-30 01:49 50814 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-06-30 00:34 . 2012-06-30 00:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-30 01:44 . 2012-06-30 01:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-30 01:44 . 2012-06-30 01:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-30 00:34 . 2012-06-30 00:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-06-30 01:44 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-29 23:32 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-29 23:32 835584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-30 01:44 835584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-12 00:57 . 2012-06-30 01:43 339648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-06-12 00:57 . 2012-06-30 00:33 339648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-06-30 00:33 396972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-30 01:43 396972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-06-29 23:32 1310720 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-30 01:44 1310720 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-07 16:01 . 2012-06-30 01:09 3786752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2011-11-07 16:01 . 2012-06-29 14:16 3786752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2009-07-01 06:41 . 2012-06-30 00:33 17582244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-844235702-1577790273-2456796898-1000-8192.dat
+ 2009-07-01 06:41 . 2012-06-30 01:43 17582244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-844235702-1577790273-2456796898-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-12-09 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Curt\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-08 39408]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-06-13 109336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\users\Curt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Curt\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
R2 ACT! Scheduler;ACT! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2010-08-19 81920]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-08 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-08 136176]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-01-25 22016]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 9728]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-01-25 27136]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-22 239136]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-01 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-06 59744]
R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [2010-05-06 90296]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-18 313696]
R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 431456]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-02-05 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-20 203264]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\NServiceEntry.exe [2010-11-05 81920]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-12 19968]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-02-01 214896]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2011-06-18 62111072]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-20 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-20 279040]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 13:19]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-08 15:54]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-08 15:54]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-844235702-1577790273-2456796898-1000Core.job
- c:\users\Curt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 12:40]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-844235702-1577790273-2456796898-1000UA.job
- c:\users\Curt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 12:40]
.
2012-06-30 c:\windows\Tasks\HPCeeScheduleForCurt.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-02-05 995840]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"pigxt"="c:\windows\System32\rundll32.exe" [2009-07-14 45568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm TaskBar Icon - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-844235702-1577790273-2456796898-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{847B19DB-8494-E012-C7E8-E1B5D72C13B1}*]
"iacidghhedgjalglkp"=hex:6a,61,6f,61,6c,70,64,69,6a,6e,65,6a,6d,66,70,66,67,66,
6b,64,00,01
"haaiffidjohhlcao"=hex:6a,61,6f,61,6c,70,64,69,6a,6e,65,6a,6d,66,70,66,67,66,
6b,64,00,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
.
**************************************************************************
.
Completion time: 2012-06-29 21:57:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-30 01:57
ComboFix2.txt 2012-06-30 00:44
ComboFix3.txt 2012-06-29 21:35
ComboFix4.txt 2012-06-29 02:45
ComboFix5.txt 2012-06-30 01:27
.
Pre-Run: 227,086,749,696 bytes free
Post-Run: 226,785,013,760 bytes free
.
- - End Of File - - B4DDD4C98A5B8AB3E9E2438DA3D0A57C
-
Now it wont work at all! ANY file I click on an error msg comes up that says: Illegal operation attempted on a registry key that has been marked for deletion. -then-Do you want to delete file?
I am on another pc now I had to copy the log onto a flash drive.
ComboFix 12-06-28.03 - Curt 06/29/2012 20:19:16.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1787.481 [GMT -4:00]
Running from: c:\users\Curt\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))))
.
.
2012-06-30 00:32 . 2012-06-30 00:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-30 00:32 . 2012-06-30 00:32 -------- d-----w- c:\users\Bekki\AppData\Local\temp
2012-06-29 23:13 . 2012-06-29 23:13 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-29 23:12 . 2012-06-29 23:12 -------- d-----w- c:\program files (x86)\Oracle
2012-06-29 23:11 . 2012-05-04 23:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-29 23:08 . 2012-06-29 23:08 -------- d-----w- c:\programdata\McAfee
2012-06-29 20:20 . 2012-06-29 20:32 -------- d-----w- C:\MGtools
2012-06-29 20:02 . 2012-06-29 20:02 -------- d-----w- c:\program files\HitmanPro
2012-06-29 20:01 . 2012-06-29 20:04 -------- d-----w- c:\programdata\HitmanPro
2012-06-28 22:31 . 2012-06-28 22:31 -------- d-----w- C:\_OTL
2012-06-28 21:05 . 2012-06-28 21:05 -------- d-----w- c:\program files\CCleaner
2012-06-28 19:03 . 2012-06-29 13:06 -------- d-----w- C:\sh4ldr
2012-06-28 19:03 . 2012-06-28 19:03 -------- d-----w- c:\program files\Enigma Software Group
2012-06-28 19:01 . 2012-06-29 13:06 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-28 19:01 . 2012-06-28 19:01 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-06-27 19:01 . 2012-06-27 19:01 -------- d-----w- c:\windows\hpoj4500g510a-f
2012-06-25 17:06 . 2012-06-25 17:06 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-25 12:37 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-25 12:37 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-25 12:37 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-25 12:37 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-25 12:36 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-25 12:36 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-25 12:36 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 13:29 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 13:29 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 12:43 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 12:43 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 12:43 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 12:43 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 12:43 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 12:42 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-14 12:42 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-14 12:42 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 12:42 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 12:42 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 12:42 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 12:42 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 12:42 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 12:41 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 12:41 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 12:41 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 12:41 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 12:41 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 12:41 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-14 12:37 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-06-14 12:37 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-06-14 12:37 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-14 12:34 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-14 12:34 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-14 12:34 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-07 00:02 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-07 00:02 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-07 00:02 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-07 00:02 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-07 00:02 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-07 00:02 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-07 00:02 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 20:32 . 2012-06-29 20:20 329172 ----a-w- C:\MGlogs.zip
2012-06-23 13:19 . 2012-04-03 21:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 13:19 . 2011-06-14 14:49 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 23:29 . 2011-10-05 12:01 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-04 19:56 . 2010-08-26 15:42 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-29_21.24.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-15 00:45 . 2012-06-30 00:37 65784 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-30 00:36 50798 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-01 12:44 . 2012-06-30 00:37 30198 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-844235702-1577790273-2456796898-1000_UserData.bin
+ 2011-06-06 16:55 . 2011-06-06 16:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 64952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\armsvc.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2012-06-30 00:34 . 2012-06-30 00:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-29 19:21 . 2012-06-29 19:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-29 19:21 . 2012-06-29 19:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-30 00:34 . 2012-06-30 00:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-29 23:11 . 2012-05-04 23:29 227720 c:\windows\SysWOW64\javaws.exe
+ 2012-06-29 23:10 . 2012-06-29 23:10 174064 c:\windows\SysWOW64\javaw.exe
+ 2012-06-29 23:10 . 2012-06-29 23:10 174064 c:\windows\SysWOW64\java.exe
+ 2009-07-14 04:54 . 2012-06-29 23:32 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-29 19:21 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-29 19:21 835584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-29 23:32 835584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-01 15:49 . 2012-06-29 22:47 325334 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2012-06-12 00:57 . 2012-06-29 14:16 339648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-06-12 00:57 . 2012-06-30 00:33 339648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-06-30 00:33 396972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-29 14:16 396972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-29 23:13 . 2012-06-29 23:13 179200 c:\windows\Installer\c7e639.msi
+ 2012-06-29 23:11 . 2012-06-29 23:11 461312 c:\windows\Installer\c7e632.msi
+ 2011-06-06 16:55 . 2011-06-06 16:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
- 2009-07-14 04:54 . 2012-06-29 19:21 1310720 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-29 23:32 1310720 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-06 20:45 . 2011-06-06 20:45 2318848 c:\windows\Installer\c7ec73.msi
+ 2011-06-06 16:55 . 2011-06-06 16:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 16:55 . 2011-06-06 16:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2009-07-01 06:41 . 2012-06-30 00:33 17582244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-844235702-1577790273-2456796898-1000-8192.dat
+ 2011-12-21 01:30 . 2012-06-29 23:31 32137344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-844235702-1577790273-2456796898-1000-12288.dat
+ 2012-04-04 11:17 . 2012-04-04 11:17 16613376 c:\windows\Installer\c7ec74.msp
+ 2012-06-29 23:08 . 2012-06-29 23:08 17379328 c:\windows\Installer\c7e62e.msi
+ 2011-06-06 16:55 . 2011-06-06 16:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-12-09 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Curt\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-08 39408]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-06-13 109336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\users\Curt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Curt\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
R2 ACT! Scheduler;ACT! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2010-08-19 81920]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-08 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-08 136176]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-01-25 22016]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 9728]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-01-25 27136]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-22 239136]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-01 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-06 59744]
R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [2010-05-06 90296]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-18 313696]
R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 431456]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-02-05 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-20 203264]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\NServiceEntry.exe [2010-11-05 81920]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-12 19968]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-02-01 214896]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2011-06-18 62111072]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-20 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-20 279040]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 13:19]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-08 15:54]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-08 15:54]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-844235702-1577790273-2456796898-1000Core.job
- c:\users\Curt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 12:40]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-844235702-1577790273-2456796898-1000UA.job
- c:\users\Curt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 12:40]
.
2012-05-31 c:\windows\Tasks\HPCeeScheduleForCurt.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-02-05 995840]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"pigxt"="c:\windows\System32\rundll32.exe" [2009-07-14 45568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm TaskBar Icon - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-844235702-1577790273-2456796898-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{847B19DB-8494-E012-C7E8-E1B5D72C13B1}*]
"iacidghhedgjalglkp"=hex:6a,61,6f,61,6c,70,64,69,6a,6e,65,6a,6d,66,70,66,67,66,
6b,64,00,01
"haaiffidjohhlcao"=hex:6a,61,6f,61,6c,70,64,69,6a,6e,65,6a,6d,66,70,66,67,66,
6b,64,00,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
.
**************************************************************************
.
Completion time: 2012-06-29 20:43:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-30 00:43
ComboFix2.txt 2012-06-29 21:35
ComboFix3.txt 2012-06-29 02:45
ComboFix4.txt 2012-06-28 23:57
.
Pre-Run: 227,455,234,048 bytes free
Post-Run: 227,229,368,320 bytes free
.
- - End Of File - - BDCE11E79E60B4D22D52B4FED2754651
-
Well virus seems to be gone but it is running VEEEERRRY slow. plus I get this at startup: missing file C:\Users\Curt\AppData\Roaming\pigxt.dll
-
ESSETSCAN results
C:\Program Files (x86)\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}\chrome\findxplorer.jar Win32/Adware.OneStep application
C:\Qoobox\Quarantine\C\Users\Curt\AppData\Roaming\pigxt.dll.vir a variant of Win32/Medfos.AJ trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe3970b0-9556-099c-8ed4-59c2c1099070}\U\80000000.@.vir Win64/Sirefef.AE trojan
C:\Users\Curt\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\111008105059040.rsc multiple threats
C:\Users\Curt\Desktop\RK_Quarantine\pigxt.dll.vir a variant of Win32/Medfos.AJ trojan
C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd5397173a9161.0000 Win64/Patched.B.Gen trojan
-
Here is the malwarebytes log:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.29.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Curt :: LT [administrator]
6/28/2012 10:51:58 PM
mbam-log-2012-06-28 (22-51-58).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235342
Time elapsed: 3 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
here is the text from a notepad doc that automatically opened when CF closed.
ComboFix 12-06-28.03 - Curt 06/28/2012 22:19:45.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1787.493 [GMT -4:00]
Running from: c:\users\Curt\Desktop\ComboFix.exe
Command switches used :: c:\users\Curt\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Curt\AppData\Local\{9B3D4093-BEF5-11E1-8270-B8AC6F996F26}
c:\users\Curt\AppData\Local\{9B3D4093-BEF5-11E1-8270-B8AC6F996F26}\background.html
c:\users\Curt\AppData\Local\{9B3D4093-BEF5-11E1-8270-B8AC6F996F26}\icon.png
c:\users\Curt\AppData\Local\{9B3D4093-BEF5-11E1-8270-B8AC6F996F26}\manager.js
c:\users\Curt\AppData\Local\{9B3D4093-BEF5-11E1-8270-B8AC6F996F26}\manifest.json
c:\users\Curt\AppData\Roaming\0E539143
c:\users\Curt\AppData\Roaming\0E539143\0E539143.DAT.DAT
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))
.
.
2012-06-29 02:32 . 2012-06-29 02:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-29 02:32 . 2012-06-29 02:32 -------- d-----w- c:\users\Bekki\AppData\Local\temp
2012-06-28 22:31 . 2012-06-28 22:31 -------- d-----w- C:\_OTL
2012-06-28 21:05 . 2012-06-28 21:05 -------- d-----w- c:\program files\CCleaner
2012-06-28 19:03 . 2012-06-28 19:03 110080 ----a-r- c:\users\Curt\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconF7A21AF7.exe
2012-06-28 19:03 . 2012-06-28 19:03 110080 ----a-r- c:\users\Curt\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconD7F16134.exe
2012-06-28 19:03 . 2012-06-28 19:03 110080 ----a-r- c:\users\Curt\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\Icon1226A4C5.exe
2012-06-28 19:03 . 2012-06-28 19:03 -------- d-----w- C:\sh4ldr
2012-06-28 19:03 . 2012-06-28 19:03 -------- d-----w- c:\program files\Enigma Software Group
2012-06-28 19:01 . 2012-06-28 19:03 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-28 19:01 . 2012-06-28 19:01 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-06-27 19:01 . 2012-06-27 19:01 -------- d-----w- c:\windows\hpoj4500g510a-f
2012-06-25 17:06 . 2012-06-25 17:06 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-25 12:37 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-25 12:37 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-25 12:37 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-25 12:37 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-25 12:36 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-25 12:36 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-25 12:36 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 13:29 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 13:29 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 12:43 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 12:43 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 12:43 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 12:43 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 12:43 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 12:42 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-14 12:42 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-14 12:42 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 12:42 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 12:42 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 12:42 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 12:42 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 12:42 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 12:41 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 12:41 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 12:41 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 12:41 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 12:41 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 12:41 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-14 12:37 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-06-14 12:37 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-06-14 12:37 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-14 12:34 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-14 12:34 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-14 12:34 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-07 00:02 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-07 00:02 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-07 00:02 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-07 00:02 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-07 00:02 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-07 00:02 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-07 00:02 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 13:19 . 2012-04-03 21:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 13:19 . 2011-06-14 14:49 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-04 19:56 . 2010-08-26 15:42 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-28_23.47.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-15 00:45 . 2012-06-29 02:37 65098 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-29 02:37 50750 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-01 12:44 . 2012-06-29 02:37 29746 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-844235702-1577790273-2456796898-1000_UserData.bin
- 2009-07-01 07:01 . 2012-06-28 23:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-01 07:01 . 2012-06-29 02:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-01 07:01 . 2012-06-28 23:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-01 07:01 . 2012-06-29 02:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-29 02:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-28 23:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-29 02:34 . 2012-06-29 02:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-28 23:45 . 2012-06-28 23:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-28 23:45 . 2012-06-28 23:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-29 02:34 . 2012-06-29 02:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-06-29 02:34 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-28 22:37 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-28 22:37 835584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-29 02:34 835584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-06-12 00:57 . 2012-06-28 23:43 339648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-06-12 00:57 . 2012-06-29 02:33 339648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-06-29 02:33 396972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-28 23:43 396972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-06-29 02:34 1310720 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-28 22:37 1310720 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-07 16:01 . 2012-06-28 23:44 3786752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2011-11-07 16:01 . 2012-06-29 02:33 3786752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2011-12-21 01:30 . 2012-06-29 02:33 32106296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-844235702-1577790273-2456796898-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-12-09 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Curt\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-08 39408]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-06-13 109336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Curt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Curt\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 ACT! Scheduler;ACT! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2010-08-19 81920]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-08 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-08 136176]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-01-25 22016]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 9728]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-01-25 27136]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-22 239136]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-01 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-06 59744]
R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [2010-05-06 90296]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-18 313696]
R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 431456]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-02-05 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-20 203264]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\NServiceEntry.exe [2010-11-05 81920]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-12 19968]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-02-01 214896]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2011-06-18 62111072]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-20 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-20 279040]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 13:19]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-08 15:54]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-08 15:54]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-844235702-1577790273-2456796898-1000Core.job
- c:\users\Curt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 12:40]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-844235702-1577790273-2456796898-1000UA.job
- c:\users\Curt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 12:40]
.
2012-05-31 c:\windows\Tasks\HPCeeScheduleForCurt.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-02-05 995840]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"pigxt"="c:\windows\System32\rundll32.exe" [2009-07-14 45568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm TaskBar Icon - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-844235702-1577790273-2456796898-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{847B19DB-8494-E012-C7E8-E1B5D72C13B1}*]
"iacidghhedgjalglkp"=hex:6a,61,6f,61,6c,70,64,69,6a,6e,65,6a,6d,66,70,66,67,66,
6b,64,00,01
"haaiffidjohhlcao"=hex:6a,61,6f,61,6c,70,64,69,6a,6e,65,6a,6d,66,70,66,67,66,
6b,64,00,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
.
**************************************************************************
.
Completion time: 2012-06-28 22:45:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-29 02:45
ComboFix2.txt 2012-06-28 23:57
.
Pre-Run: 226,080,223,232 bytes free
Post-Run: 225,803,137,024 bytes free
.
- - End Of File - - 0EF4EB9AE1F6AFC5C42D82E317850A63
-
ComboFix 12-06-28.03 - Curt 06/28/2012 19:32:51.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1787.571 [GMT -4:00]
Running from: c:\users\Curt\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\3kj276k8j0h_o\us_sres.data
c:\program files (x86)\FindXplorer
c:\program files (x86)\FindXplorer\uninstall.exe
c:\program files (x86)\I Want This
c:\program files (x86)\I Want This\I Want ThisInstaller.log
c:\programdata\5C0CECAFC5.sys
c:\programdata\FindXplorer
c:\users\Curt\AppData\Roaming\pigxt.dll
c:\users\Curt\g2mdlhlpx.exe
c:\users\Curt\GoToAssistDownloadHelper.exe
c:\windows\Installer\$PatchCache$\Managed\6B07CD9D31EBDD140935E916E7270D58\1.2.5900\pst.ini
c:\windows\Installer\{fe3970b0-9556-099c-8ed4-59c2c1099070}\@
c:\windows\Installer\{fe3970b0-9556-099c-8ed4-59c2c1099070}\L\00000004.@
c:\windows\Installer\{fe3970b0-9556-099c-8ed4-59c2c1099070}\L\201d3dde
c:\windows\Installer\{fe3970b0-9556-099c-8ed4-59c2c1099070}\L\55490ac4
c:\windows\Installer\{fe3970b0-9556-099c-8ed4-59c2c1099070}\U\00000004.@
c:\windows\Installer\{fe3970b0-9556-099c-8ed4-59c2c1099070}\U\000000cb.@
c:\windows\Installer\{fe3970b0-9556-099c-8ed4-59c2c1099070}\U\80000000.@
c:\windows\Installer\{fe3970b0-9556-099c-8ed4-59c2c1099070}\U\80000032.@
c:\windows\Installer\{fe3970b0-9556-099c-8ed4-59c2c1099070}\U\80000064.@
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))
.
.
2012-06-28 23:43 . 2012-06-28 23:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-28 22:31 . 2012-06-28 22:31 -------- d-----w- C:\_OTL
2012-06-28 21:05 . 2012-06-28 21:05 -------- d-----w- c:\program files\CCleaner
2012-06-28 19:03 . 2012-06-28 19:03 110080 ----a-r- c:\users\Curt\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconF7A21AF7.exe
2012-06-28 19:03 . 2012-06-28 19:03 110080 ----a-r- c:\users\Curt\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconD7F16134.exe
2012-06-28 19:03 . 2012-06-28 19:03 110080 ----a-r- c:\users\Curt\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\Icon1226A4C5.exe
2012-06-28 19:03 . 2012-06-28 19:03 -------- d-----w- C:\sh4ldr
2012-06-28 19:03 . 2012-06-28 19:03 -------- d-----w- c:\program files\Enigma Software Group
2012-06-28 19:01 . 2012-06-28 19:03 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-28 19:01 . 2012-06-28 19:01 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-06-27 19:01 . 2012-06-27 19:01 -------- d-----w- c:\windows\hpoj4500g510a-f
2012-06-26 20:53 . 2012-06-27 16:07 -------- d--h--w- c:\users\Curt\AppData\Roaming\0E539143
2012-06-25 18:43 . 2012-06-25 18:43 -------- d-----w- c:\users\Curt\AppData\Local\{9B3D4093-BEF5-11E1-8270-B8AC6F996F26}
2012-06-25 17:06 . 2012-06-25 17:06 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-25 12:37 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-25 12:37 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-25 12:37 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-25 12:37 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-25 12:36 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-25 12:36 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-25 12:36 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 13:29 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 13:29 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 12:43 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 12:43 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 12:43 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 12:43 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 12:43 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 12:42 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-14 12:42 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-14 12:42 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 12:42 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 12:42 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 12:42 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 12:42 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 12:42 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 12:41 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 12:41 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 12:41 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 12:41 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 12:41 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 12:41 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-14 12:37 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-06-14 12:37 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-06-14 12:37 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-14 12:34 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-14 12:34 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-14 12:34 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-07 00:02 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-07 00:02 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-07 00:02 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-07 00:02 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-07 00:02 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-07 00:02 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-07 00:02 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 13:19 . 2012-04-03 21:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 13:19 . 2011-06-14 14:49 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-04 19:56 . 2010-08-26 15:42 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-12-09 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Curt\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-08 39408]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-06-13 109336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Curt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Curt\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 ACT! Scheduler;ACT! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2010-08-19 81920]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-08 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-08 136176]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-01-25 22016]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 9728]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-01-25 27136]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-22 239136]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-01 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-06 59744]
R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [2010-05-06 90296]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-18 313696]
R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 431456]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-02-05 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-20 203264]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\NServiceEntry.exe [2010-11-05 81920]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-12 19968]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-02-01 214896]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2011-06-18 62111072]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-20 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-20 279040]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 13:19]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-08 15:54]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-08 15:54]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-844235702-1577790273-2456796898-1000Core.job
- c:\users\Curt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 12:40]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-844235702-1577790273-2456796898-1000UA.job
- c:\users\Curt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 12:40]
.
2012-05-31 c:\windows\Tasks\HPCeeScheduleForCurt.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Curt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-02-05 995840]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"pigxt"="c:\windows\System32\rundll32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm TaskBar Icon - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-FindXplorer - c:\program files (x86)\FindXplorer\uninstall.exe
AddRemove-PDFill PDF Writer - c:\windows\system32\uninstpw.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-844235702-1577790273-2456796898-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{847B19DB-8494-E012-C7E8-E1B5D72C13B1}*]
"iacidghhedgjalglkp"=hex:6a,61,6f,61,6c,70,64,69,6a,6e,65,6a,6d,66,70,66,67,66,
6b,64,00,01
"haaiffidjohhlcao"=hex:6a,61,6f,61,6c,70,64,69,6a,6e,65,6a,6d,66,70,66,67,66,
6b,64,00,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
.
**************************************************************************
.
Completion time: 2012-06-28 19:57:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-28 23:57
.
Pre-Run: 226,839,965,696 bytes free
Post-Run: 226,332,430,336 bytes free
.
- - End Of File - - 4A08D7F555C2FAACDECEDFC9A6332BD1
-
not sure what log. this is the log that popped up after reboot:
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
OTL by OldTimer - Version 3.2.53.0 log created on 06282012_183144
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
Here is my problem-sorry about my first post.
Trojan.Dropper.BCMiner has taken over my windows 7 64 bit machine. SpyHunter found 588 infected files! unfortunately I need to pay to have them removed.
Attached is the OTC log.
-
Merged 3 post
I have seen other fixes but was reluctant to try due to individual logs. I am running Windows 7 on a 64 bit machine.
This thing does not go away! Please Help!
Malwarebytes Anti-Malware 1.61.0.1400
Database version: v2012.06.27.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Curt :: LT [administrator]
6/27/2012 12:25:33 PM
mbam-log-2012-06-27 (12-25-33).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239657
Time elapsed: 30 minute(s), 38 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\FindXplorer Service (PUP.Zwangi) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 4
C:\Users\Curt\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Curt\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Curt\AppData\Local\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Curt\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.
Files Detected: 5
C:\Windows\Installer\{fe3970b0-9556-099c-8ed4-59c2c1099070}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\ProgramData\FindXplorer\findxplorer115.exe (PUP.Zwangi) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindXplorer\findxplorer.exe (PUP.Zwangi) -> Quarantined and deleted successfully.
C:\Users\Curt\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Curt\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.
(end)
Here is the OTC log:
OTL logfile created on: 6/28/2012 1:45:20 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Curt\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.75 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 46.91% Memory free
3.49 Gb Paging File | 1.71 Gb Available in Paging File | 48.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.11 Gb Total Space | 206.73 Gb Free Space | 72.77% Space Free | Partition Type: NTFS
Drive D: | 13.68 Gb Total Space | 1.96 Gb Free Space | 14.31% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 91.19 Mb Free Space | 91.80% Space Free | Partition Type: FAT32
Computer Name: LT | User Name: Curt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/06/28 13:43:53 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Curt\Desktop\OTL.exe
PRC - [2012/06/13 08:24:37 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Curt\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/26 22:57:26 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2012/02/01 17:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2012/02/01 17:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/04/08 08:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/05 16:11:52 | 000,081,920 | R--- | M] (Nero AG) -- C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe
PRC - [2010/02/26 19:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/02/08 10:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Curt\AppData\Roaming\Google\Google Talk\googletalk.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
========== Modules (No Company Name) ==========
MOD - [2012/06/14 11:31:18 | 000,123,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Diagnost#\777badcc846468db008ed236116db040\Act.Shared.Diagnostics.ni.dll
MOD - [2012/06/14 10:07:19 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/06/14 10:06:53 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/02/01 17:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/24 16:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/04/05 14:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/02/05 13:50:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2010/01/12 18:44:24 | 000,019,968 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2012/06/23 09:19:41 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/02/01 17:55:58 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/05 16:11:52 | 000,081,920 | R--- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/19 02:54:11 | 000,081,920 | ---- | M] (Sage Software, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe -- (ACT! Scheduler)
SRV - [2010/05/06 13:23:56 | 000,090,296 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/26 19:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/08 10:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/01/25 13:58:02 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2012/01/25 13:57:50 | 000,030,720 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2012/01/25 13:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2012/01/25 13:57:38 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/11/08 12:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/06/17 20:54:22 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0151.sys -- (RsFx0151)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/22 12:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/20 02:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/20 01:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/22 16:00:12 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 23:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 23:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/23 22:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/21 18:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/07 14:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 14:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/29 17:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2007/11/02 15:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2006/12/05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0ED26115-6639-4D15-9D92-2EB2A4E20FE6}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{1ED53487-48A2-403C-ABD1-B704D85FEE66}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE:64bit: - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsear...or={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{906B07A0-4D8B-4FB3-A37D-4B3E5E393243}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE:64bit: - HKLM\..\SearchScopes\{98621C49-9EE4-46B2-8399-97FE456776E9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{1ED53487-48A2-403C-ABD1-B704D85FEE66}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{98621C49-9EE4-46B2-8399-97FE456776E9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://my.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/calendar/render
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0ED26115-6639-4D15-9D92-2EB2A4E20FE6}: "URL" = http://search.live.c...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{1ED53487-48A2-403C-ABD1-B704D85FEE66}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKCU\..\SearchScopes\{65F935D2-1683-4EA5-82D7-CEFEE9485117}: "URL" = http://websearch.ask...9C-73CD67CD743C
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...?q={searchTerms}
IE - HKCU\..\SearchScopes\{98621C49-9EE4-46B2-8399-97FE456776E9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKCU\..\SearchScopes\{E6D69A27-8DDF-4805-8DCB-8216DA7E2ADE}: "URL" = http://www.google.co...Page={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Curt\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Curt\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/12 15:31:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/06 19:56:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011/12/22 14:20:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/02 17:54:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/06 19:56:53 | 000,000,000 | ---D | M]
[2012/05/21 16:03:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Curt\AppData\Roaming\Mozilla\Extensions
[2012/05/25 00:55:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Curt\AppData\Roaming\Mozilla\Firefox\Profiles\clxpvw2a.default\extensions
[2012/05/30 00:43:53 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Curt\AppData\Roaming\Mozilla\Firefox\Profiles\clxpvw2a.default\extensions\crossriderapp2258@crossrider.com
[2012/05/25 00:55:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Curt\AppData\Roaming\Mozilla\Firefox\Profiles\clxpvw2a.default\extensions\staged
[2012/05/30 00:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/21 07:38:10 | 000,000,000 | ---D | M] (FindXplorer) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}
[2012/05/30 00:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012/05/30 00:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012/05/30 00:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012/05/30 00:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/05/30 00:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/05/30 00:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2012/05/30 00:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Curt\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Curt\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Curt\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Curt\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Curt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: RoboForm Plugin for Google Chrome/Opera/etc. (Enabled) = C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Curt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Curt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Users\Curt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: AVG Do Not Track = C:\Users\Curt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Users\Curt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [pigxt] C:\Users\Curt\AppData\Roaming\pigxt.dll (Analog Devices, Inc.)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [googletalk] C:\Users\Curt\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Users\Curt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Curt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://vnc.webex.co...ex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59F3D94F-E55E-484A-9A8B-5EA91ADBAE71}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{368a0af5-746d-11e0-a2c6-c80aa9d6b883}\Shell - "" = AutoRun
O33 - MountPoints2\{368a0af5-746d-11e0-a2c6-c80aa9d6b883}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\{6866b4f1-78fa-11e1-be14-c80aa9d6b883}\Shell - "" = AutoRun
O33 - MountPoints2\{6866b4f1-78fa-11e1-be14-c80aa9d6b883}\Shell\AutoRun\command - "" = H:\setup.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/06/28 13:43:53 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Curt\Desktop\OTL.exe
[2012/06/27 15:01:59 | 000,000,000 | ---D | C] -- C:\Windows\hpoj4500g510a-f
[2012/06/26 16:53:51 | 000,000,000 | -H-D | C] -- C:\Users\Curt\AppData\Roaming\0E539143
[2012/06/25 14:43:16 | 000,000,000 | ---D | C] -- C:\Users\Curt\AppData\Local\{9B3D4093-BEF5-11E1-8270-B8AC6F996F26}
[2012/06/25 14:43:11 | 000,397,824 | ---- | C] (Analog Devices, Inc.) -- C:\Users\Curt\AppData\Roaming\pigxt.dll
[2012/06/25 13:06:52 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/06/25 08:37:38 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/25 08:37:38 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/25 08:37:38 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/25 08:36:41 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/25 08:36:41 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/25 08:36:41 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/23 09:29:18 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/23 09:29:18 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/14 08:45:42 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/14 08:45:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/14 08:45:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/14 08:45:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/14 08:45:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/14 08:45:35 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/14 08:45:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/14 08:45:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/14 08:45:28 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/14 08:45:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/14 08:45:27 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/14 08:45:26 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/14 08:45:25 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/14 08:43:02 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/14 08:43:00 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/14 08:43:00 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/14 08:42:54 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/06/14 08:42:54 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/06/14 08:42:46 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/14 08:42:36 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/14 08:42:36 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/14 08:42:02 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/14 08:41:49 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/14 08:41:48 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/14 08:37:32 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/06/13 22:01:38 | 000,000,000 | ---D | C] -- C:\Users\Curt\Desktop\Private
[2012/06/12 23:16:17 | 000,000,000 | ---D | C] -- C:\Users\Curt\Documents\HELP US
[2012/06/12 15:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/06/06 20:02:02 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/06/06 20:02:02 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/06/06 20:02:01 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/06/05 08:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Sync
[2011/07/01 09:56:47 | 017,491,272 | ---- | C] (Sage Software ) -- C:\Users\Curt\AppData\Roaming\ACT2011Hotfix_SS.exe
========== Files - Modified Within 30 Days ==========
[2012/06/28 13:54:03 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-844235702-1577790273-2456796898-1000UA.job
[2012/06/28 13:43:53 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Curt\Desktop\OTL.exe
[2012/06/28 13:17:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/28 12:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/28 11:25:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/28 09:04:57 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/28 09:04:57 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/28 08:58:12 | 100,776,178 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/28 08:57:14 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/28 08:55:50 | 1405,276,160 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/28 08:14:33 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-844235702-1577790273-2456796898-1000Core.job
[2012/06/27 15:08:41 | 000,141,138 | ---- | M] () -- C:\Windows\hpwins27.dat
[2012/06/27 15:08:41 | 000,002,313 | ---- | M] () -- C:\Users\Public\Desktop\Add a Device - Officejet 4500 G510a-f.lnk
[2012/06/27 14:48:10 | 065,066,120 | ---- | M] () -- C:\Users\Curt\Desktop\OJ4500vG510a-f_Basic_13_en.exe
[2012/06/27 12:15:02 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/26 19:52:35 | 000,566,568 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/06/25 14:43:12 | 000,397,824 | ---- | M] (Analog Devices, Inc.) -- C:\Users\Curt\AppData\Roaming\pigxt.dll
[2012/06/23 09:19:40 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/23 09:19:40 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/14 10:55:49 | 000,002,102 | ---- | M] () -- C:\Users\Curt\Desktop\Local Current.url
[2012/06/14 09:53:17 | 000,427,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/14 09:35:13 | 000,836,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/14 09:35:13 | 000,692,628 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/14 09:35:13 | 000,131,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/14 08:13:59 | 000,001,042 | ---- | M] () -- C:\Users\Curt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/14 08:13:29 | 000,001,008 | ---- | M] () -- C:\Users\Curt\Desktop\Dropbox.lnk
[2012/06/02 18:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/02 18:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/02 18:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/02 18:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/02 18:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/02 18:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/05/30 21:35:51 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCurt.job
========== Files Created - No Company Name ==========
[2012/06/27 15:08:41 | 000,002,313 | ---- | C] () -- C:\Users\Public\Desktop\Add a Device - Officejet 4500 G510a-f.lnk
[2012/06/27 14:51:15 | 000,141,138 | ---- | C] () -- C:\Windows\hpwins27.dat
[2012/06/27 14:51:14 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat
[2012/06/27 14:48:09 | 065,066,120 | ---- | C] () -- C:\Users\Curt\Desktop\OJ4500vG510a-f_Basic_13_en.exe
[2012/06/27 12:15:02 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/25 10:52:25 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{fe3970b0-9556-099c-8ed4-59c2c1099070}\U\80000000.@
[2012/06/25 10:52:23 | 000,088,064 | ---- | C] () -- C:\Windows\Installer\{fe3970b0-9556-099c-8ed4-59c2c1099070}\U\80000032.@
[2012/06/25 10:52:23 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{fe3970b0-9556-099c-8ed4-59c2c1099070}\U\80000064.@
[2012/06/25 10:52:23 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{fe3970b0-9556-099c-8ed4-59c2c1099070}\U\00000004.@
[2012/06/25 10:52:23 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{fe3970b0-9556-099c-8ed4-59c2c1099070}\U\000000cb.@
[2012/06/25 10:52:23 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{fe3970b0-9556-099c-8ed4-59c2c1099070}\L\00000004.@
[2012/06/14 10:55:46 | 000,002,102 | ---- | C] () -- C:\Users\Curt\Desktop\Local Current.url
[2012/01/20 17:48:48 | 000,007,597 | ---- | C] () -- C:\Users\Curt\AppData\Local\Resmon.ResmonCfg
[2012/01/11 10:55:38 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{fe3970b0-9556-099c-8ed4-59c2c1099070}\@
[2012/01/11 10:55:38 | 000,002,048 | -HS- | C] () -- C:\Users\Curt\AppData\Local\{fe3970b0-9556-099c-8ed4-59c2c1099070}\@
[2011/10/25 21:11:57 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/10/20 20:09:05 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp
[2011/09/07 13:02:49 | 000,207,317 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011/09/06 20:07:24 | 000,205,179 | ---- | C] () -- C:\Windows\hpwins26.dat.temp
[2011/09/06 20:07:24 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat.temp
[2011/09/06 19:40:53 | 000,204,468 | ---- | C] () -- C:\Windows\hpwins26.dat
[2011/07/19 13:16:27 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\custmon2k.dll
[2011/07/19 13:16:27 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\uninstpw.exe
[2011/07/01 10:42:07 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5C0CECAFC5.sys
[2011/07/01 10:42:06 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/07/01 10:27:19 | 000,834,866 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/16 22:10:17 | 000,001,854 | ---- | C] () -- C:\Users\Curt\AppData\Roaming\GhostObjGAFix.xml
[2010/08/10 08:57:22 | 000,166,378 | ---- | C] () -- C:\Windows\hpwins20.dat
[2010/08/10 08:57:21 | 000,001,360 | ---- | C] () -- C:\Windows\hpwmdl20.dat
[2010/07/31 13:36:53 | 000,000,632 | RHS- | C] () -- C:\Users\Curt\ntuser.pol
[2010/07/22 04:39:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/07/22 04:31:58 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/07/22 04:31:58 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/03/04 15:03:06 | 000,060,304 | ---- | C] () -- C:\Users\Curt\g2mdlhlpx.exe
[2009/09/15 13:34:39 | 000,061,224 | ---- | C] () -- C:\Users\Curt\GoToAssistDownloadHelper.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:8927A071
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:0B4227B4
< End of report >
OTL Extras logfile created on: 6/28/2012 1:45:20 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Curt\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.75 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 46.91% Memory free
3.49 Gb Paging File | 1.71 Gb Available in Paging File | 48.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.11 Gb Total Space | 206.73 Gb Free Space | 72.77% Space Free | Partition Type: NTFS
Drive D: | 13.68 Gb Total Space | 1.96 Gb Free Space | 14.31% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 91.19 Mb Free Space | 91.80% Space Free | Partition Type: FAT32
Computer Name: LT | User Name: Curt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01078B88-2981-4F75-96B0-8B22E2D2DE03}" = Microsoft SQL Server 2008 R2 Setup (English)
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2596D-80B0-4D55-AC31-6FCFE757081E}" = HP Officejet 4500 G510a-f
"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 SP1 Common Files
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java™ 6 Update 21 (64-bit)
"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 SP1 Common Files
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}" = Microsoft SQL Server 2008 R2 Native Client
"{477EE3A9-4B53-0F22-DB40-277ED46E9E72}" = ccc-utility64
"{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}" = AVG 2012
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61C3230C-D69D-44E7-B974-F8BBADB49EE6}" = Motorola Mobile Drivers Installation 5.5.0
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6A66C1E5-4146-4CA6-A551-627CFCEACC83}" = HP Quick Launch
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 SP1 Database Engine Shared
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3F0426C-175D-39B7-7A14-D6B21952DE5E}" = ATI Catalyst Install Manager
"{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 SP1 Database Engine Shared
"{CDDE4895-E348-4230-99E7-F2FA91131D2C}" = HP OfficeJet J4600 All-In-One Series
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D8C23BDE-4748-44D9-A9DD-8AB64EB18BE3}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 SP1 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 SP1 Database Engine Services
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"AVG" = AVG 2012
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0AD3D4FC-0B19-B2F2-376A-E6BF36BA342B}" = ccc-core-static
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C262D84-FFA4-4621-8ED7-41F8287369F5}" = Google Apps Migration For Microsoft Outlook® 2.3.12.34
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E27900B-E594-DCA9-10DB-C87A8318991C}" = CCC Help French
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 30
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{31F4E558-F8A8-170E-BD85-BAD4EE739991}" = CCC Help Hungarian
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B7AC2E1-C746-42C0-821E-04E6C2481BB8}" = UHC FieldWriter v0.74b
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5124C3E2-5BE8-3FFA-F958-CF0C99961566}" = CCC Help Swedish
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53839C74-42E0-72E8-0369-C9713A319A26}" = Catalyst Control Center InstallProxy
"{54F17069-7E87-A85A-9078-6F5B06AF21A3}" = CCC Help German
"{569E52E4-5043-4F93-AE2B-6D8E489D4AAB}" = Sage ACT! Pro 2011
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5E903AAE-A6E7-4972-B74C-E38663E69540}" = Google Apps Sync™ for Microsoft Outlook® 3.1.94.203
"{6048D442-6C92-D73C-D248-02C1D4038C3E}" = CCC Help Finnish
"{608A6E25-720C-8171-F887-F7664A23CA0C}" = CCC Help Norwegian
"{60FA1132-0486-41F9-B747-6D308C284D1C}" = Catalyst Control Center - Branding
"{60FAD0EE-2F87-FAEB-FE05-0CDCF8179884}" = CCC Help Thai
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6CAABDBA-F58D-565C-D36E-6D573B1B8E44}" = Catalyst Control Center Graphics Light
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7908E6E5-4BBC-756D-A235-2CFCC142685D}" = CCC Help English
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{854DDB9E-D488-065B-9FEF-18C159E451AF}" = Catalyst Control Center Graphics Previews Vista
"{85BCA864-BDC8-9299-C6AC-C032301D018C}" = Catalyst Control Center Graphics Full New
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87553C1A-35F4-142A-AC88-86B663F7F136}" = CCC Help Czech
"{88146D95-5AEC-96BD-3107-A59328CE35BF}" = CCC Help Chinese Traditional
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B8797ED-6E75-FEBA-7210-90A2462B5DA7}" = CCC Help Japanese
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90C2329F-2EE2-5035-21B8-14F2F240D976}" = CCC Help Turkish
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4317FB-5775-4FB3-BDC9-995595106F1F}" = HP User Guides 0178
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B75E2857-9A0D-EE0D-B332-A05FBECDDB83}" = Catalyst Control Center Graphics Previews Common
"{BA8D33B9-40B5-BC33-1F48-C2ADC90ABA95}" = CCC Help Italian
"{BD50BAF8-8DBD-C054-ACAA-EB7300A09B5F}" = CCC Help Korean
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help_Web
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3CBA627-2962-C9B2-6698-C89658757EB9}" = Catalyst Control Center Localization All
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE8F47D8-1C4D-48F3-F9F3-3D5DFCC75C24}" = Catalyst Control Center Core Implementation
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF4EFF53-CA7D-9479-3E18-AB6253497A95}" = CCC Help Russian
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D12EBB4E-CF21-496D-979F-89D9DE58C5B8}" = PDFill PDF Editor with FREE PDF Writer and Tools
"{D19E881A-4A1E-A947-717F-B8DA93AE2EDA}" = CCC Help Chinese Standard
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D89D0D05-670D-D6C5-71DA-7C52F754F75F}" = CCC Help Dutch
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{D9DC70B6-BE13-41DD-9053-9E617E72D085}" = MOTOROLA MEDIA LINK
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC1DDAC3-510E-44b1-A969-529FFED5A619}" = J4600
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2831862-F131-4327-B9CC-FA30F587EB6C}" = HP Setup
"{E3148F44-518B-3232-58CA-77DB808E255F}" = Catalyst Control Center Graphics Full Existing
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC2F135B-48ED-4682-A90B-54846218C1F3}" = 4500G510af_web
"{EC67E77D-7873-A1B1-17E1-263E10748EEF}" = CCC Help Danish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F220D637-1086-83C2-EA21-25AF1FE47BEC}" = CCC Help Polish
"{F4693A78-2E6C-2A26-B833-E13A4A5DACB4}" = CCC Help Greek
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"{F6B6A150-08FA-46D5-808A-EB638269551D}" = HP Power Plan Utility
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD122F1F-A640-082D-F4CB-F01259A956B6}" = CCC Help Portuguese
"{FDE722A1-1AEF-0641-D5D1-BA4C464BAB4C}" = CCC Help Spanish
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.22beta
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AI RoboForm" = RoboForm 7-7-8-8 (All Users)
"BN_DesktopReader" = NOOK for PC
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExpressBurn" = Express Burn Disc Burning Software
"ExpressRip" = Express Rip
"FindXplorer" = FindXplorer 1.0 build 115
"Google Calendar Sync" = Google Calendar Sync
"GPL Ghostscript 8.57" = GPL Ghostscript 8.57
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{569E52E4-5043-4F93-AE2B-6D8E489D4AAB}" = Sage ACT! Pro 2011
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MediaMonkey_is1" = MediaMonkey 4.0
"MixPad" = MixPad Audio Mixer
"MotoHelper" = MotoHelper 2.1.40 Driver 5.5.0
"Network MagicUninstall" = Network Magic
"PC Matic_is1" = PC Matic 1.0.0.17
"PDFill PDF Writer" = PDFill PDF Writer
"Prism" = Prism Video File Converter
"Recordpad" = RecordPad Sound Recorder
"RingCentral" = RingCentral Call Controller
"Switch" = Switch Sound File Converter
"VideoPad" = VideoPad Video Editor
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT082122" = Blackhawk Striker 2
"WT082124" = Blasterball 3
"WT082133" = Dora's Carnival Adventure
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082171" = Poker Superstars III
"WT082172" = Polar Bowler
"WT082173" = Polar Golfer
"WT082188" = Virtual Families
"WT082189" = Wheel of Fortune 2
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082438" = Build-a-lot 2
"WT082442" = Faerie Solitaire
"WT082443" = Jewel Quest 3
"WT082456" = Mystery P.I. - The New York Fortune
"WT082463" = Zuma's Revenge
"WT082468" = Jewel Quest Solitaire 2
"WT083477" = Cake Mania
"WT083484" = Escape Rosecliff Island
"WT083491" = TextTwist 2
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Dropbox" = Dropbox
"f88669a9bea24632" = UHC-iEnroll™
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.1.0.880
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/19/2011 5:25:19 PM | Computer Name = LT | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Motorola
Media Link\NMDllHost.exe.Manifest". Dependent Assembly NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 12/20/2011 1:13:41 PM | Computer Name = LT | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. ScheduledItems count is less than or equal to 0. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error - 12/20/2011 2:49:32 PM | Computer Name = LT | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Motorola
Media Link\NMDllHost.exe.Manifest". Dependent Assembly NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 12/20/2011 2:52:32 PM | Computer Name = LT | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 12/20/2011 4:36:55 PM | Computer Name = LT | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. ScheduledItems count is less than or equal to 0. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error - 12/20/2011 5:09:03 PM | Computer Name = LT | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. ScheduledItems count is less than or equal to 0. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error - 12/20/2011 5:30:14 PM | Computer Name = LT | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 13ec Start
Time: 01ccbf5d236c56ee Termination Time: 8 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:
Error - 12/20/2011 7:06:48 PM | Computer Name = LT | Source = Windows Backup | ID = 4103
Description =
Error - 12/20/2011 7:09:19 PM | Computer Name = LT | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. ScheduledItems count is less than or equal to 0. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error - 12/20/2011 7:15:09 PM | Computer Name = LT | Source = Application Error | ID = 1000
Description = Faulting application name: MotoHelperAgent.exe, version: 2.0.53.0,
time stamp: 0x4e405ef4 Faulting module name: MotoHelperAgent.exe, version: 2.0.53.0,
time stamp: 0x4e405ef4 Exception code: 0x40000015 Fault offset: 0x000316cd Faulting
process id: 0x1044 Faulting application start time: 0x01ccbf6c83283746 Faulting application
path: C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe Faulting module
path: C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe Report Id:
75ab7cee-2b60-11e1-81a2-c80aa9d6b883
Error - 12/20/2011 9:33:15 PM | Computer Name = LT | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. ScheduledItems count is less than or equal to 0. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
[ Hewlett-Packard Events ]
Error - 5/30/2012 9:30:05 PM | Computer Name = LT | Source = HPSF.exe | ID = 4000
Description =
Error - 5/30/2012 9:50:03 PM | Computer Name = LT | Source = HPSF.exe | ID = 4000
Description =
Error - 5/30/2012 10:14:55 PM | Computer Name = LT | Source = HPSF.exe | ID = 4000
Description =
Error - 6/13/2012 9:31:52 PM | Computer Name = LT | Source = HPSF.exe | ID = 4000
Description =
Error - 6/13/2012 9:45:02 PM | Computer Name = LT | Source = HPSF.exe | ID = 4000
Description =
Error - 6/13/2012 9:45:02 PM | Computer Name = LT | Source = HPSF.exe | ID = 4000
Description =
Error - 6/13/2012 9:45:09 PM | Computer Name = LT | Source = HPSF.exe | ID = 4000
Description =
Error - 6/13/2012 9:45:13 PM | Computer Name = LT | Source = HPSF.exe | ID = 4000
Description =
Error - 6/14/2012 9:37:48 AM | Computer Name = LT | Source = HPSF.exe | ID = 4000
Description =
Error - 6/14/2012 9:40:00 AM | Computer Name = LT | Source = HPSF.exe | ID = 4000
Description =
[ HP Wireless Assistant Events ]
Error - 6/26/2012 5:17:11 PM | Computer Name = LT | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 6/26/2012 5:17:11 PM | Computer Name = LT | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
Error - 6/26/2012 8:07:56 PM | Computer Name = LT | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 6/26/2012 8:07:56 PM | Computer Name = LT | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
Error - 6/27/2012 12:10:19 PM | Computer Name = LT | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
at HPPA_Service.HPPA_Service.ServiceWorkerMethod()
Error - 6/27/2012 1:19:30 PM | Computer Name = LT | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
at HPPA_Service.HPPA_Service.ServiceWorkerMethod()
Error - 6/27/2012 4:19:47 PM | Computer Name = LT | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
at HPPA_Service.HPPA_Service.ServiceWorkerMethod()
Error - 6/27/2012 6:11:57 PM | Computer Name = LT | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 6/27/2012 6:11:57 PM | Computer Name = LT | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
Error - 6/28/2012 8:59:45 AM | Computer Name = LT | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
at HPPA_Service.HPPA_Service.ServiceWorkerMethod()
[ OSession Events ]
Error - 9/8/2011 9:36:37 AM | Computer Name = LT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 101
seconds with 60 seconds of active time. This session ended with a crash.
Error - 9/26/2011 12:01:47 AM | Computer Name = LT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 62
seconds with 0 seconds of active time. This session ended with a crash.
Error - 9/29/2011 6:37:57 PM | Computer Name = LT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 18
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10/12/2011 10:24:59 AM | Computer Name = LT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 370
seconds with 120 seconds of active time. This session ended with a crash.
Error - 10/24/2011 9:52:42 PM | Computer Name = LT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9056
seconds with 960 seconds of active time. This session ended with a crash.
Error - 11/8/2011 12:16:54 PM | Computer Name = LT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 414
seconds with 240 seconds of active time. This session ended with a crash.
Error - 11/29/2011 7:45:23 PM | Computer Name = LT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 88
seconds with 60 seconds of active time. This session ended with a crash.
Error - 12/9/2011 6:13:48 PM | Computer Name = LT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 339
seconds with 180 seconds of active time. This session ended with a crash.
Error - 1/23/2012 1:55:35 AM | Computer Name = LT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18507
seconds with 300 seconds of active time. This session ended with a crash.
Error - 2/26/2012 11:09:00 PM | Computer Name = LT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 157
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 6/28/2012 8:14:34 AM | Computer Name = LT | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891
Error - 6/28/2012 8:56:58 AM | Computer Name = LT | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060
Error - 6/28/2012 8:58:31 AM | Computer Name = LT | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891
Error - 6/28/2012 8:58:31 AM | Computer Name = LT | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891
Error - 6/28/2012 9:53:36 AM | Computer Name = LT | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891
Error - 6/28/2012 9:53:36 AM | Computer Name = LT | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891
Error - 6/28/2012 10:46:48 AM | Computer Name = LT | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891
Error - 6/28/2012 10:46:48 AM | Computer Name = LT | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891
Error - 6/28/2012 11:25:20 AM | Computer Name = LT | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891
Error - 6/28/2012 11:25:20 AM | Computer Name = LT | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891
< End of report >
Bikiniland removal help please
in Resolved Malware Removal Logs
Posted
It seems you are The One to help me with this problem. Are you out there Twin Eagle Head?