lsass.exe memory usage higher than normal

jonkjon · June 5, 2012

I have been experiencing lsass.exe memory increasing in usage to 250,000 kb per day. I can restart my windows 7 pc and return to around 2400 k only to have the memory usage increase once again. I have run malwarebytes scans, norton internet security and most recently webroot's latest offering. I have also ran the sasser worm removal tool only to show no infection. I have also replaced drivers for my network card and I have disconnected all peripheral usb devices in an effort to determine the cause.

I also submitted this issue to bleepingcomputer.com and they indicated that the problem doesn't appear to be malware. I am at my wits end trying to solve this. Any help is appreciated. Below are my attach.txt and dds.txt results:

dds.txt

******************************************************

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

Run by Jon at 21:47:01 on 2012-06-04

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3327.2071 [GMT -4:00]

.

AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Webroot\WRSA.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k iissvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\DynDNS Updater\DynUpSvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Webroot\WRSA.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\DynDNS Updater\DynTray.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\regedit.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL

BHO: Webroot Browser Helper Object: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - c:\programdata\wrdata\pkg\LPBar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - c:\program files\norton safe web lite\engine\2.0.0.16\coIEPlg.dll

TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - c:\program files\norton safe web lite\engine\2.0.0.16\coIEPlg.dll

TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - c:\programdata\wrdata\pkg\LPBar.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {66BD2442-241B-44CD-8C7A-B51037053CDB} - No File

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul

StartupFolder: c:\users\jon\appdata\roaming\micros~1\windows\startm~1\programs\startup\logtem~1.lnk - c:\program files\logtemp\LogTemp.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dynupd~1.lnk - c:\program files\dyndns updater\DynTray.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Playlist - c:\program files\packetvideo\twonkybeam\internet explorer\TwonkyIEPlugin.dll/314

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - c:\programdata\wrdata\pkg\LPBar.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

Trusted Zone: williamsburgva.gov\webaccess

Trusted Zone: zynga.com\company

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://webvpn.williamsburgva.gov/CACHE/stc/1/binaries/vpnweb.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{2A6CD2BD-28FC-4622-8CEE-7726AB5B2A35} : DhcpNameServer = 66.174.71.33 66.174.95.44 8.8.8.8

TCP: Interfaces\{C4ED51E1-2977-490A-BB68-2594F80A60EF} : NameServer = 8.8.8.8,8.8.4.4

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\mcpcore.dll

STS: Deskscapes: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - Deskscapes Class

STS: Stardock Vista ControlPanel Extension: {ec654325-1273-c2a9-2b7c-45d29bce68fd} - Stardock Vista ControlPanel Extension

STS: StardockDreamController: {ec654325-1273-c2a9-2b7c-45d29bce68ff} - StardockDreamController

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\jon\appdata\roaming\mozilla\firefox\profiles\3qjnfr06.default\

FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\jon\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\users\jon\appdata\local\huludesktop\instances\0.9.14.1\nphdplg.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2012-6-2 111184]

R1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\nst\0200000.010\ccSetx86.sys [2012-6-2 132744]

R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-5-8 20968]

R2 Dyn Updater;Dyn Updater;c:\program files\dyndns updater\DynUpSvc.exe [2011-11-15 95608]

R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\2.0.0.16\ccSvcHst.exe [2012-6-2 138760]

R2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2012-6-2 679672]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-5-23 148800]

R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-9-15 38248]

R3 SaiH0763;SaiH0763;c:\windows\system32\drivers\SaiH0763.sys [2008-2-15 136832]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2012-3-27 319264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 AVerFx2hbtv;AVerMedia H826 USB Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [2009-12-8 437888]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-5-28 391296]

S3 libusb0;LibUsb-Win32 - Kernel Driver 03/15/2010,1.12.0.1;c:\windows\system32\drivers\libusb0.sys [2010-3-15 20992]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2008-3-26 136832]

S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\drivers\SaiK0CCB.sys [2010-10-5 138760]

S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\drivers\SaiU0CCB.sys [2010-4-22 35336]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-18 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-27 1343400]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-8-24 25704]

S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-8-24 25704]

S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-8-24 25704]

S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-8-24 25704]

S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-8-24 25704]

S4 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\adobe\elements 10 organizer\PhotoshopElementsFileAgent.exe [2011-9-14 169624]

S4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 257696]

S4 DropFolders;DropFolders;c:\program files\windows resource kits\tools\srvany.exe [2003-4-18 8192]

S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-20 116648]

S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-20 116648]

S4 Media Center 15 Service;Media Center 15 Service;c:\program files\j river\media center 15\JRService.exe [2011-7-10 382096]

S4 Media Center 16 Service;Media Center 16 Service;c:\program files\j river\media center 16\JRService.exe [2011-9-17 384136]

S4 Media Center 17 Service;Media Center 17 Service;c:\program files\j river\media center 17\JRService.exe [2011-12-9 385664]

S4 MSSQL$ESC;SQL Server (ESC);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]

S4 NPVR Recording Service;NPVR Recording Service;"c:\program files\npvr\nrecord.exe" --> c:\program files\npvr\NRecord.exe [?]

S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-4-6 1262400]

S4 PlayItVideoServer;PlayIt Video Server Manager;"c:\program files\luttmann\vmcplayit\playitvideoserver.exe" --> c:\program files\luttmann\vmcplayit\PlayItVideoServer.exe [?]

S4 RsFx0151;RsFx0151 Driver;c:\windows\system32\drivers\RsFx0151.sys [2011-6-17 240736]

S4 ShowAnalyzerMaster;ShowAnalyzerMaster;"c:\program files\dragon global\showanalyzersuite\showanalyzermaster.exe" --> c:\program files\dragon global\showanalyzersuite\ShowAnalyzerMaster.exe [?]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10_50.sqlexpress\mssql\binn\SQLAGENT.EXE [2011-6-17 370016]

S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-5-15 382272]

S4 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S4 TEDService;TEDService;c:\program files\energyinc\tedfootprints\TEDService.exe [2009-2-3 7168]

.

=============== Created Last 30 ================

.

2012-06-04 21:01:41 -------- d-----w- c:\program files\Marvell

2012-06-04 02:27:03 -------- d-----w- c:\windows\system32\wbem\Logs

2012-06-03 01:40:33 7021336 ----a-w- c:\program files\common files\wruninstall.exe

2012-06-03 01:39:50 -------- d-----w- c:\users\jon\appdata\local\lptmp485083199

2012-06-03 01:39:17 148216 ----a-w- c:\windows\system32\WRusr.dll

2012-06-03 01:39:16 111184 ----a-w- c:\windows\system32\drivers\WRkrn.sys

2012-06-03 01:39:15 -------- d-----w- c:\program files\Webroot

2012-06-03 01:39:14 -------- d-----w- c:\programdata\WRData

2012-06-03 01:33:27 132744 ----a-r- c:\windows\system32\drivers\nst\0200000.010\ccSetx86.sys

2012-06-03 01:33:26 -------- d-----w- c:\windows\system32\drivers\nst\0200000.010

2012-06-03 01:33:26 -------- d-----w- c:\windows\system32\drivers\NST

2012-06-03 01:33:26 -------- d-----w- c:\program files\Norton Safe Web Lite

2012-06-02 00:52:41 772504 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-06-02 00:47:36 -------- d-----w- c:\program files\Oracle

2012-05-23 16:46:52 -------- d-----w- c:\users\jon\appdata\local\Microsoft Game Studios

2012-05-23 13:30:09 27968 ----a-w- c:\windows\system32\nvhdap32.dll

2012-05-23 13:30:08 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys

2012-05-23 13:30:06 67392 ----a-w- c:\windows\system32\nvapo32v.dll

2012-05-23 13:30:05 202048 ----a-w- c:\windows\system32\nvinit.dll

2012-05-23 13:30:05 19607872 ----a-w- c:\windows\system32\nvoglv32.dll

2012-05-23 13:30:05 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-05-23 13:30:04 5982528 ----a-w- c:\windows\system32\nvcuda.dll

2012-05-23 13:30:04 301376 ----a-w- c:\windows\system32\nvdecodemft.dll

2012-05-23 13:30:04 2524992 ----a-w- c:\windows\system32\nvcuvid.dll

2012-05-23 13:30:04 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-05-23 13:30:03 17551680 ----a-w- c:\windows\system32\nvcompiler.dll

2012-05-15 06:21:50 423744 ----a-w- c:\windows\system32\nvStreaming.exe

2012-05-11 00:15:48 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-11 00:14:14 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-11 00:13:57 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll

2012-05-11 00:13:57 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL

2012-05-11 00:13:56 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll

2012-05-11 00:13:56 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll

2012-05-11 00:13:46 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-05-11 00:10:14 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-11 00:10:13 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-11 00:10:12 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-05-10 22:09:45 -------- d-----w- c:\program files\Elaborate Bytes

2012-05-10 22:08:12 -------- d-----w- c:\program files\Alex Feinman

.

==================== Find3M ====================

.

2012-05-15 10:26:00 883008 ----a-w- c:\windows\system32\nvgenco32.dll

2012-05-15 10:26:00 818496 ----a-w- c:\windows\system32\nvumdshim.dll

2012-05-15 10:26:00 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll

2012-05-15 10:26:00 61248 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 10:26:00 2368832 ----a-w- c:\windows\system32\nvapi.dll

2012-05-15 10:26:00 15322432 ----a-w- c:\windows\system32\nvd3dum.dll

2012-05-15 10:26:00 1000768 ----a-w- c:\windows\system32\nvdispco32.dll

2012-05-15 09:28:49 645440 ----a-w- c:\windows\system32\nvvsvc.exe

2012-05-15 09:28:49 62272 ----a-w- c:\windows\system32\nvshext.dll

2012-05-15 09:28:49 2621723 ----a-w- c:\windows\system32\nvcoproc.bin

2012-05-15 09:28:49 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-15 09:28:48 3931456 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-15 09:27:28 2759488 ----a-w- c:\windows\system32\nvsvc.dll

2012-05-05 03:10:44 87608 ----a-w- c:\users\jon\appdata\roaming\inst.exe

2012-05-05 03:10:44 47360 ----a-w- c:\users\jon\appdata\roaming\pcouffin.sys

2012-05-04 23:23:10 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-04 23:23:10 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-19 00:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-19 00:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-04-18 17:08:02 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll

2012-04-13 14:05:32 218504 ----a-w- c:\windows\system32\ftd2xx.dll

2012-04-13 14:05:24 105352 ----a-w- c:\windows\system32\ftbusui.dll

2012-04-13 14:05:20 62216 ----a-w- c:\windows\system32\drivers\ftdibus.sys

2012-04-13 14:05:18 201096 ----a-w- c:\windows\system32\FTLang.dll

2012-04-13 14:05:10 69000 ----a-w- c:\windows\system32\ftcserco.dll

2012-04-13 14:05:06 73096 ----a-w- c:\windows\system32\drivers\ftser2k.sys

2012-04-13 14:04:58 52616 ----a-w- c:\windows\system32\ftserui2.dll

2012-04-09 21:10:47 135952 ----a-w- c:\windows\system32\drivers\tmrkb.sys

2012-04-09 21:10:46 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2012-04-04 22:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-27 14:48:00 319264 ----a-w- c:\windows\system32\drivers\yk62x86.sys

2011-01-23 14:43:34 388608 ----a-w- c:\program files\HijackThis.exe

.

============= FINISH: 21:48:10.98 ===============

ATTACH.TXT

*********************************

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 1/6/2010 5:37:58 PM

System Uptime: 6/4/2012 4:57:52 PM (5 hours ago)

.

Motherboard: XFX | | MI-A78S-8209

Processor: AMD Phenom II X3 720 Processor | CPU 1 | 2990/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 147.371 GiB free.

D: is CDROM (CDFS)

E: is FIXED (NTFS) - 233 GiB total, 73.828 GiB free.

Y: is NetworkDisk (NTFS) - 466 GiB total, 192.164 GiB free.

Z: is NetworkDisk (NTFS) - 466 GiB total, 192.164 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}

Description: Hauppauge WinTV HVR-1600 NTSC/ATSC Combo

Device ID: PCI\VEN_14F1&DEV_5B7A&SUBSYS_74040070&REV_00\4&3015B802&0&4040

Manufacturer: Hauppauge

Name: Hauppauge WinTV HVR-1600 NTSC/ATSC Combo

PNP Device ID: PCI\VEN_14F1&DEV_5B7A&SUBSYS_74040070&REV_00\4&3015B802&0&4040

Service: hcw18bda

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

1-Wire Drivers Version 4.03

7-Zip 4.65

AC3Filter 1.63b

Acrobat.com

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Community Help

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe Media Player

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Photoshop CS5.1

Adobe Photoshop.com Inspiration Browser

Adobe Premiere Elements 10

Adobe Premiere Elements 10 Content

Adobe Premiere Elements 10 Content 1

Adobe Premiere Elements 10 Content 2

Adobe Premiere Elements 10 Content 3

Adobe Premiere Elements 10 HD Content 1

Adobe Premiere Elements 10 HD Content 2

Adobe Premiere Elements 10 HD Content 3

Adobe Premiere Elements 7.0

Adobe Reader X (10.1.3)

Adobe Setup

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

Akamai NetSession Interface

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AusLogics Disk Defrag

AVS Video Converter 6

AVS4YOU Software Navigator 1.3

Axialis IconWorkshop 6.0

Beyond TV DVD Burning Foundation

Big Fish Games: Game Manager

Black & White® 2

BlackBerry Desktop Software 6.0.1

BlackBerry Device Software Updater

BlackBerry Device Software v5.0.0 for the BlackBerry 9550 smartphone

BlackBerry JDE 4.7.0

BlackBerry JDE 5.0.0

BlackBerry JDE Component Package 4.7.0

BlackBerry Smartphone Simulators 4.7.0.75 (9530-Verizon)

BlackBerry Smartphone Simulators 5.0.0.517 (9550)

BlackBerry Theme Studio 5.0

Bonjour

Call of Juarez : Bound in Blood

Canon RAW Codec

CCleaner

Cities XL 2011

Civilization 4 Complete Bundle

CodeBlocks

Combined Community Codec Pack 2009-09-09

Compatibility Pack for the 2007 Office system

Core Temp 1.0 RC2

CPUID CPU-Z 1.54

D3DX10

Debugging Tools for Windows (x86)

DeepSkyStacker

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Demigod

Documents To Go Desktop for BlackBerry

Dungeon Defenders

Dyn Updater

Elements 10 Organizer

erLT

eWallet 7.0

Feedback Tool

Flight Simulator X

Flight Simulator X Service Pack 1

Galactic Civilizations II

Garmin WebUpdater

GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)

GDR 4060 for SQL Server Database Services 2005 ENU (KB2494113)

Google Chrome

Google Update Helper

GraphWeather Version 2.0.312b

HandBrake 0.9.5

Haunted House

High-Logic FontCreator 6.0

HiJackThis

Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB2635973)

Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)

Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)

Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)

Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)

Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)

Hotfix for Microsoft Visual Web Developer 2010 Express - ENU (KB2548139)

Hotfix for Microsoft Visual Web Developer 2010 Express - ENU (KB2635973)

Hulu Desktop

HuluDesktopIntegration

iCloud

IcoFX 1.6.4

IconPackager 4

ImagXpress

Impulse

InfraRecorder

Inkscape 0.48.2

Internet TV for Windows Media Center

IPView Pro 2.0

ISO Recorder

IsoBuster 2.6

iTunes

Java Auto Updater

Java 7 Update 4

JavaFX 2.1.0

LightScribe 1.4.124.1

Logitech Harmony Remote Software

Logitech Harmony Remote Software 7

Logitech SetPoint 5.20

LogTemp 2.24.0.92

MagicTune Premium

Marvell Miniport Driver

Media Browser

Media Center 15

Media Center 16

Media Center 17

MediaInfo 0.7.42

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft ASP.NET MVC 2

Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools

Microsoft Expression Encoder 4

Microsoft Expression Encoder 4 Screen Capture Codec

Microsoft F# Runtime for Silverlight 4

Microsoft Flight

Microsoft Flight Simulator X

Microsoft Flight Simulator X: Acceleration

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Help Viewer 1.1

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office File Validation Add-In

Microsoft Office Live Add-in 1.5

Microsoft Office Outlook 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office Professional Edition 2003

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Outlook 2010

Microsoft Outlook Social Connector Provider for Facebook 32-bit

Microsoft Rise Of Nations

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Silverlight 3 SDK

Microsoft Silverlight 4 SDK

Microsoft Silverlight 4 Toolkit April 2010

Microsoft Silverlight Tools for Visual Studio 2010

Microsoft SQL Server 2005

Microsoft SQL Server 2008 R2

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server 2008 R2 Native Client

Microsoft SQL Server 2008 R2 RsFx Driver

Microsoft SQL Server 2008 R2 Setup (English)

Microsoft SQL Server 2008 Setup Support Files

Microsoft SQL Server Browser

Microsoft SQL Server Compact 3.5 SP1 Design Tools English

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Database Publishing Wizard 1.4

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server System CLR Types

Microsoft SQL Server VSS Writer

Microsoft Visual Basic 2010 Express - ENU

Microsoft Visual C# 2008 Express Edition with SP1 - ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 Service Pack 1

Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

Microsoft Visual Studio 6.0 Enterprise Edition

Microsoft Visual Web Developer 2010 Express - ENU

Microsoft Web Platform Installer 3.0

Microsoft Web Publishing Wizard 1.53

Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu

Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32

Microsoft Xbox 360 Accessories 1.2

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

MobileMe Control Panel

Mozilla Firefox 12.0 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 and SOAP Toolkit 3.0

MSXML 4.0 SP2 Parser and SDK

MSXML4 Parser

MyColors Think Green Desktop

neroxml

Netflix in Windows Media Center

Norton Safe Web Lite

NVIDIA 3D Vision Controller Driver 301.42

NVIDIA 3D Vision Driver 301.42

NVIDIA Control Panel 301.42

NVIDIA Drivers

NVIDIA Graphics Driver 301.42

NVIDIA HD Audio Driver 1.3.16.0

NVIDIA Install Application

NVIDIA Media Center Extensions

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0213

NVIDIA Stereoscopic 3D Driver

NVIDIA System Monitor

NVIDIA Update 1.8.15

NVIDIA Update Components

OCCT Perestroika 3.1.0

OGA Notifier 2.0.0048.0

OpenOffice.org 3.3

PDF Settings

PDF Settings CS5

PlayReady PC Runtime x86

Plazmic CDK 4.7 for BlackBerry

Plazmic Content Developer's Kit 4.7 Update Patch

Plex Media Server

Pocket Informant for BlackBerry

PRE10STIInstaller

PVSonyDll

QuickTime

Realtek High Definition Audio Driver

RegiStax 6

RegiStax 6.1.0.8 update

Remote Control USB Driver

Resource Tuner 1.99 R4

Rise of Nations Thrones and Patriots

Risk II

Safari

Samsung_MonSetup

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB2251487)

Service Pack 1 for SQL Server 2008 R2 (KB2528583)

Sid Meier's Civilization V

Sid Meier's Railroads!

SimCity 4 Deluxe

SmartSound Common Data

SmartSound Premiere Elements 10 Plugin

SmartSound Quicktracks for Premiere Elements

SmartSound Sonicfire Pro 5

SQL Server 2008 R2 SP1 Common Files

SQL Server 2008 R2 SP1 Database Engine Services

SQL Server 2008 R2 SP1 Database Engine Shared

Sql Server Customer Experience Improvement Program

Starry Night Pro Plus 6

Steam

Symantec Technical Support Web Controls

System Requirements Lab

TEDFootprints

TedPwrMonUtility

The Elder Scrolls V: Skyrim

Tweak7

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

User's Guides

Visual C++ 8.0 ATL (x86) WinSXS MSM

Visual C++ 8.0 CRT (x86) WinSXS MSM

Visual Studio 2005 Redist Package

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

WCF RIA Services V1.0 SP1

WD Discovery Software

WD Firewire HID Driver

Weather Display 10.37R Build 27

Weather Display Live

Web Deployment Tool

Webroot SecureAnywhere

WinDirStat 1.1.2

Windows Installer Clean Up

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Center Add-in for Flash

Windows Media Player Firefox Plugin

Windows Resource Kit Tools

WinRAR 4.00 (32-bit)

WinSCP 4.3.6

WXTide32

Yahoo! Detect

.

==== Event Viewer Messages From Past Week ========

.

6/4/2012 4:58:58 PM, Error: Service Control Manager [7023] - The Remote Desktop Services service terminated with the following error: Remote Desktop Services is not a valid Win32 application.

6/4/2012 4:58:38 PM, Error: Service Control Manager [7024] - The SQL Server Active Directory Helper service terminated with service-specific error %%-1073741724.

6/3/2012 5:55:21 AM, Error: Service Control Manager [7034] - The TEDService service terminated unexpectedly. It has done this 1 time(s).

6/2/2012 9:20:28 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.

5/30/2012 2:59:44 PM, Error: SRTSP [4] -

5/30/2012 11:24:28 AM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Steam Client Service service to connect.

5/30/2012 11:24:28 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

PS......I do have the pro version of MalwareBytes but, I removed it prior to installing webroot's latest. I can reinstall if necessary. Thanks for your help with this...

Jon

Maniac · June 7, 2012

Hello Jon and :welcome: !

Here we provide help to our users only. If you want our help is necessary to have Malwarebytes' Anti-Malware. As a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know. Let me know.

jonkjon · June 7, 2012

I have reinstalled Malwarebytes Pro. I am glad to pursue any help here that you have to offer. Thanks.

Maniac · June 7, 2012

Thanks for letting me know!

Please note:

I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, post the following log files:

Malwarebytes' Anti-Malware log
OTL log with Extras.txt

jonkjon · June 7, 2012

Thanks. Here is the result of the Malwarebyes scan:

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.07.03

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Jon :: VISTA-AMD [administrator]

Protection: Enabled

6/7/2012 9:22:44 AM

mbam-log-2012-06-07 (09-22-44).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 322704

Time elapsed: 7 minute(s), 41 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

jonkjon · June 7, 2012

Here are the results from the OTL.txt scan:

OTL logfile created on: 6/7/2012 9:33:34 AM - Run 1

OTL by OldTimer - Version 3.2.46.2 Folder = C:\Users\Jon\Downloads

Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 48.19% Memory free

6.50 Gb Paging File | 3.78 Gb Available in Paging File | 58.11% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 465.76 Gb Total Space | 146.23 Gb Free Space | 31.40% Space Free | Partition Type: NTFS

Drive D: | 7.27 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 232.88 Gb Total Space | 74.10 Gb Free Space | 31.82% Space Free | Partition Type: NTFS

Drive Y: | 465.76 Gb Total Space | 195.79 Gb Free Space | 42.04% Space Free | Partition Type: NTFS

Drive Z: | 465.76 Gb Total Space | 195.79 Gb Free Space | 42.04% Space Free | Partition Type: NTFS

Computer Name: VISTA-AMD | User Name: Jon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/07 09:33:08 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Jon\Downloads\OTL.exe

PRC - [2012/06/02 21:39:15 | 000,679,672 | ---- | M] (Webroot) -- C:\Program Files\Webroot\WRSA.exe

PRC - [2012/05/15 05:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

PRC - [2012/05/15 05:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

PRC - [2012/05/12 12:18:16 | 000,837,120 | ---- | M] (Weather Display) -- C:\Program Files\wdisplay\clientrawrealtimeftp.exe

PRC - [2012/04/25 08:33:53 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/11/15 13:20:26 | 000,095,608 | ---- | M] (Dyn, Inc.) -- C:\Program Files\DynDNS Updater\DynUpSvc.exe

PRC - [2011/11/15 13:20:26 | 000,078,192 | ---- | M] (Dyn, Inc.) -- C:\Program Files\DynDNS Updater\DynTray.exe

PRC - [2011/08/10 16:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe

PRC - [2011/06/16 17:00:28 | 000,315,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/10/04 10:49:44 | 000,710,656 | ---- | M] (MR Soft (info@mrsoft.fi)) -- C:\Program Files\LogTemp\LogTemp.exe

PRC - [2008/03/11 17:53:54 | 005,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [1998/05/29 00:00:00 | 000,119,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MDM.EXE

========== Modules (No Company Name) ==========

MOD - [2012/06/02 21:40:34 | 000,891,392 | ---- | M] () -- C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\3qjnfr06.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}\platform\WINNT_x86-msvc\components\wrxpcom.dll

MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

MOD - [2012/05/11 18:33:20 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2012/05/04 19:04:32 | 008,797,856 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll

MOD - [2012/04/25 08:33:53 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe -- (ShowAnalyzerMaster)

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Luttmann\vmcPlayIt\PlayItVideoServer.exe -- (PlayItVideoServer)

SRV - File not found [Disabled | Stopped] -- C:\Program Files\NPVR\NRecord.exe -- (NPVR Recording Service)

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2012/06/02 21:39:15 | 000,679,672 | ---- | M] (Webroot) [Auto | Running] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)

SRV - [2012/05/15 06:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/05/04 19:23:16 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/04/20 18:19:47 | 000,489,256 | ---- | M] (Valve Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/04/20 17:04:37 | 000,116,648 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdatem) Google Update Service (gupdatem)

SRV - [2012/04/20 17:04:37 | 000,116,648 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/12/08 19:10:17 | 000,385,664 | ---- | M] (J. River, Inc.) [Disabled | Stopped] -- C:\Program Files\J River\Media Center 17\JRService.exe -- (Media Center 17 Service)

SRV - [2011/11/15 13:20:26 | 000,095,608 | ---- | M] (Dyn, Inc.) [Auto | Running] -- C:\Program Files\DynDNS Updater\DynUpSvc.exe -- (Dyn Updater)

SRV - [2011/10/18 16:34:27 | 000,384,136 | ---- | M] (J. River, Inc.) [Disabled | Stopped] -- C:\Program Files\J River\Media Center 16\JRService.exe -- (Media Center 16 Service)

SRV - [2011/09/14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)

SRV - [2011/08/30 23:05:02 | 000,390,504 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)

SRV - [2011/08/10 16:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe -- (NSL)

SRV - [2011/06/17 22:19:26 | 043,040,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)

SRV - [2011/06/17 22:19:24 | 000,370,016 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)

SRV - [2011/02/03 19:05:06 | 000,382,096 | ---- | M] (J. River, Inc.) [Disabled | Stopped] -- C:\Program Files\J River\Media Center 15\JRService.exe -- (Media Center 15 Service)

SRV - [2010/11/20 08:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\winhttp.dll -- (WinHttpAutoProxySvc)

SRV - [2010/11/20 08:20:57 | 000,165,376 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)

SRV - [2010/11/20 08:19:28 | 000,194,560 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)

SRV - [2010/11/20 08:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2010/04/03 14:56:08 | 000,044,896 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)

SRV - [2010/03/27 22:54:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)

SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)

SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)

SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/07/13 21:16:17 | 000,288,768 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\w32time.dll -- (W32Time)

SRV - [2009/07/13 21:16:17 | 000,266,752 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\upnphost.dll -- (upnphost)

SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/07/13 21:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)

SRV - [2009/07/13 21:14:25 | 000,134,144 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\msdtc.exe -- (MSDTC)

SRV - [2009/06/26 15:56:39 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$ESC) SQL Server (ESC)

SRV - [2009/02/03 22:45:28 | 000,007,168 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\EnergyInc\TEDFootprints\TEDService.exe -- (TEDService)

SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)

SRV - [2006/10/19 13:52:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)

SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Windows Resource Kits\Tools\srvany.exe -- (DropFolders)

SRV - [1998/06/06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jon\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jon\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aa3iewil)

DRV - [2012/06/02 21:39:16 | 000,111,184 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\WRkrn.sys -- (WRkrn)

DRV - [2012/05/15 06:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2012/04/18 13:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2012/04/13 10:05:20 | 000,062,216 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)

DRV - [2012/04/13 10:05:06 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)

DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/03/27 10:48:00 | 000,319,264 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)

DRV - [2011/08/08 19:38:11 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NST\0200000.010\ccSetx86.sys -- (ccSet_NST)

DRV - [2011/06/17 21:28:18 | 000,240,736 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0151.sys -- (RsFx0151)

DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)

DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/11/20 04:42:28 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)

DRV - [2010/06/19 22:34:52 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)

DRV - [2010/06/19 22:34:49 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2010/04/29 13:40:52 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\povrtdev.sys -- (msvad_simple)

DRV - [2010/04/22 14:33:36 | 000,014,336 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\MTiCtwl.sys -- (MagicTune)

DRV - [2010/04/22 07:24:14 | 000,035,336 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiU0CCB.sys -- (SaiU0CCB)

DRV - [2010/04/22 03:24:16 | 000,043,528 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)

DRV - [2010/04/22 03:24:16 | 000,020,744 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)

DRV - [2010/04/22 03:24:12 | 000,138,760 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiK0CCB.sys -- (SaiK0CCB)

DRV - [2010/04/13 18:45:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)

DRV - [2010/04/13 18:45:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)

DRV - [2010/04/13 18:45:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)

DRV - [2010/04/13 18:45:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)

DRV - [2010/03/30 23:38:26 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz133_x32.sys -- (cpuz133)

DRV - [2010/03/22 18:29:08 | 000,018,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)

DRV - [2010/03/15 18:01:10 | 000,020,992 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)

DRV - [2010/02/03 15:41:31 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2009/12/08 09:37:02 | 000,437,888 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerFx2hbtv.sys -- (AVerFx2hbtv)

DRV - [2009/10/13 16:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)

DRV - [2009/09/15 13:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvoclock.sys -- (nvoclock)

DRV - [2009/07/13 21:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)

DRV - [2009/06/17 10:56:18 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2009/06/17 10:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2009/05/28 16:46:18 | 000,391,296 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw18bda.sys -- (hcw18bda)

DRV - [2008/03/26 10:47:30 | 000,136,832 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiH0461.sys -- (SaiH0461)

DRV - [2008/02/15 17:51:22 | 000,136,832 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiH0763.sys -- (SaiH0763)

DRV - [2006/11/29 01:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\APLMp50.sys -- (APLMp50)

DRV - [2006/03/29 08:49:26 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 91 A0 3B B1 32 CB 01 [binary data]

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 91 A0 3B B1 32 CB 01 [binary data]

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4138688568-898451359-665369222-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-4138688568-898451359-665369222-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9HP

IE - HKU\S-1-5-21-4138688568-898451359-665369222-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKU\S-1-5-21-4138688568-898451359-665369222-1000\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - No CLSID value found

IE - HKU\S-1-5-21-4138688568-898451359-665369222-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKU\S-1-5-21-4138688568-898451359-665369222-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q={searchTerms}&src=IE-SearchBox

IE - HKU\S-1-5-21-4138688568-898451359-665369222-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={77634800-15B7-423B-BBB0-EFF083222392}&mid=6d33d770e1ee47d0864cd1a927f422ae-ad1491be2ce6c122f6b66faa90e70c2decf7d34c〈=en&ds=AVG&pr=fr&d=2012-06-06 08:37:00&v=11.1.0.7&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-4138688568-898451359-665369222-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=SWL&chn=&geo=US&ver=2

IE - HKU\S-1-5-21-4138688568-898451359-665369222-1000\..\SearchScopes\{C8257862-05A5-42E3-899A-9669DF16C9D3}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2548838

IE - HKU\S-1-5-21-4138688568-898451359-665369222-1000\..\SearchScopes\{CF388384-EFA2-4F0B-A87F-B342E6695D29}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKU\S-1-5-21-4138688568-898451359-665369222-1000\..\SearchScopes\{D5042721-6DFD-85DD-AD1C-6B852F3F6275}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF

IE - HKU\S-1-5-21-4138688568-898451359-665369222-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4138688568-898451359-665369222-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B8cfc9472-f18d-452c-a4b0-9ca1b86016f7%7D&mid=6d33d770e1ee47d0864cd1a927f422ae-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&v=11.1.0.7〈=en&pr=fr&d=2012-06-06%2008%3A37%3A00&sap=ku&q="

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Jon\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jon\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jon\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST\ [2012/06/06 14:53:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/21 16:17:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/01 20:43:53 | 000,000,000 | ---D | M]

[2012/03/17 09:18:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\Mozilla\Extensions

[2012/06/02 21:40:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\3qjnfr06.default\extensions

[2012/06/02 21:40:34 | 000,000,000 | ---D | M] (Webroot) -- C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\3qjnfr06.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}

[2012/06/02 21:40:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\otlq0ecv.default\extensions

[2012/03/17 08:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\otlq0ecv.default\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb}

[2012/06/02 21:40:34 | 000,000,000 | ---D | M] (Webroot) -- C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\otlq0ecv.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}

[2012/03/17 08:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\otlq0ecv.default\extensions\TEDtheToolbar@JayNick.com

[2012/06/01 20:52:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/05/11 23:39:16 | 000,007,796 | ---- | M] () (No name found) -- C:\USERS\JON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3QJNFR06.DEFAULT\EXTENSIONS\COOKIEEXPORTER@KRK.XPI

[2012/04/25 08:33:53 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/06/06 08:36:57 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

[2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\20.0.1132.11\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\20.0.1132.11\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\20.0.1132.11\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.132\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll

CHR - plugin: Norton Confidential (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.2.6_0\npcoplgn.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Harmony Firefox Plugin (Enabled) = C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Hulu Desktop (Enabled) = C:\Users\Jon\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: Entanglement = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\

CHR - Extension: YouTube = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: AdBlock = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\

CHR - Extension: Default = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1\

CHR - Extension: Office Apps = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke\1.5_0\

CHR - Extension: Poppit = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

CHR - Extension: Norton Identity Protection = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\

CHR - Extension: Gmail = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/04 23:07:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Webroot Browser Helper Object) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll (Webroot Software, Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll (Webroot Software, Inc.)

O3 - HKU\S-1-5-21-4138688568-898451359-665369222-1000\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk = C:\Program Files\Common Files\wruninstall.exe (Webroot Software, Inc.)

O4 - Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk = C:\Program Files\Common Files\wruninstall.exe (Webroot Software, Inc.)

O4 - Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LogTemp.exe - Shortcut.lnk = C:\Program Files\LogTemp\LogTemp.exe (MR Soft (info@mrsoft.fi))

O4 - Startup: C:\Users\Mcx1-VISTA-AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk = C:\Program Files\Common Files\wruninstall.exe (Webroot Software, Inc.)

O4 - Startup: C:\Users\Mcx1-VISTA-AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk = C:\Program Files\Common Files\wruninstall.exe (Webroot Software, Inc.)

O4 - Startup: C:\Users\UpdatusUser.Vista-AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk = C:\Program Files\Common Files\wruninstall.exe (Webroot Software, Inc.)

O4 - Startup: C:\Users\UpdatusUser.Vista-AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk = C:\Program Files\Common Files\wruninstall.exe (Webroot Software, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4138688568-898451359-665369222-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4138688568-898451359-665369222-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\S-1-5-21-4138688568-898451359-665369222-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Playlist - res://C:\Program Files\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314 File not found

O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar.dll (Webroot Software, Inc.)

O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar.dll (Webroot Software, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-4138688568-898451359-665369222-1000\..Trusted Domains: sbs2003 ([]http in Local intranet)

O15 - HKU\S-1-5-21-4138688568-898451359-665369222-1000\..Trusted Domains: williamsburgva.gov ([webaccess] https in Trusted sites)

O15 - HKU\S-1-5-21-4138688568-898451359-665369222-1000\..Trusted Domains: zynga.com ([company] https in Trusted sites)

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_cyri_4.1.71.0.cab (Reg Error: Key error.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control)

O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://webvpn.williamsburgva.gov/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.1)

O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A6CD2BD-28FC-4622-8CEE-7726AB5B2A35}: DhcpNameServer = 66.174.71.33 66.174.95.44 8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4ED51E1-2977-490A-BB68-2594F80A60EF}: NameServer = 8.8.8.8,8.8.4.4

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files\Common Files\Stardock\mcpcore.dll (Stardock)

O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - Reg Error: Value error. File not found

O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - Reg Error: Value error. File not found

O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - Reg Error: Value error. File not found

O24 - Desktop WallPaper: C:\Users\Jon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Jon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/03/28 07:39:59 | 000,000,059 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]

O32 - AutoRun File - [2007/07/10 08:50:08 | 000,034,586 | ---- | M] () - Y:\automation_cursor.js -- [ NTFS ]

O32 - AutoRun File - [2007/09/17 13:43:28 | 000,008,239 | ---- | M] () - Y:\automation_logic.js -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/07 08:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/06/07 08:32:30 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/06/07 08:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/06/06 14:51:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/06/06 14:35:44 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\AVG

[2012/06/06 08:36:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2012/06/06 08:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2012/06/04 17:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Marvell

[2012/06/04 05:53:57 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/06/02 21:40:33 | 007,021,336 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files\Common Files\wruninstall.exe

[2012/06/02 21:39:50 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\lptmp485083199

[2012/06/02 21:39:17 | 000,148,216 | ---- | C] (Webroot) -- C:\Windows\System32\WRusr.dll

[2012/06/02 21:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere

[2012/06/02 21:39:16 | 000,111,184 | ---- | C] (Webroot) -- C:\Windows\System32\drivers\WRkrn.sys

[2012/06/02 21:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot

[2012/06/02 21:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\WRData

[2012/06/02 21:33:27 | 000,132,744 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NST\0200000.010\ccSetx86.sys

[2012/06/02 21:33:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NST

[2012/06/02 21:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Safe Web Lite

[2012/06/02 21:33:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NST\0200000.010

[2012/06/01 20:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/06/01 20:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle

[2012/05/23 12:46:52 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Microsoft Game Studios

[2012/05/22 17:13:26 | 000,000,000 | ---D | C] -- C:\Users\Jon\Documents\Flight Simulator X Files

[2012/05/21 22:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield

[2012/05/21 16:17:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012/05/21 16:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2012/05/10 18:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes

[2012/05/10 18:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Alex Feinman

[2011/02/02 09:16:05 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Jon\AppData\Roaming\pcouffin.sys

[2011/01/23 10:44:21 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/07 09:36:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4138688568-898451359-665369222-1000UA.job

[2012/06/07 09:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/06/07 09:09:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/06/07 09:07:05 | 000,001,456 | ---- | M] () -- C:\Users\Jon\AppData\Local\Adobe Save for Web 12.0 Prefs

[2012/06/07 08:32:32 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/07 00:38:33 | 000,002,095 | ---- | M] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/06/06 22:36:01 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4138688568-898451359-665369222-1000Core.job

[2012/06/06 17:09:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/06/06 15:01:50 | 000,015,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/06 15:01:50 | 000,015,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/06 14:53:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/06 14:53:34 | 2616,598,528 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/06 14:33:14 | 000,034,814 | ---- | M] () -- C:\Users\Jon\AppData\Local\dt.dat

[2012/06/05 22:58:22 | 000,000,073 | ---- | M] () -- C:\Users\Jon\AppData\Local\X-Plane_drm.prf

[2012/06/05 15:58:15 | 000,007,623 | ---- | M] () -- C:\Users\Jon\AppData\Local\resmon.resmoncfg

[2012/06/04 17:03:26 | 000,809,138 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/06/04 17:03:26 | 000,174,218 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/06/02 21:40:35 | 007,021,336 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Common Files\wruninstall.exe

[2012/06/02 21:39:17 | 000,148,216 | ---- | M] (Webroot) -- C:\Windows\System32\WRusr.dll

[2012/06/02 21:39:16 | 000,111,184 | ---- | M] (Webroot) -- C:\Windows\System32\drivers\WRkrn.sys

[2012/06/02 21:08:02 | 000,000,164 | ---- | M] () -- C:\MemeoSendAddin

[2012/05/30 15:39:30 | 000,002,584 | ---- | M] () -- C:\{7AC4F72A-BFB2-4A4C-92AB-F661773DCED7}

[2012/05/30 15:32:31 | 000,002,568 | ---- | M] () -- C:\{72D0BDD7-4F91-4B05-B869-9C162A29645D}

[2012/05/30 08:31:38 | 000,000,600 | ---- | M] () -- C:\Users\Jon\AppData\Roaming\winscp.rnd

[2012/05/27 23:29:49 | 000,002,584 | ---- | M] () -- C:\{F7F988D2-D725-4DB7-B842-6BA0015B2CE2}

[2012/05/27 23:28:34 | 000,002,568 | ---- | M] () -- C:\{A29747F4-AF78-4ADF-A089-835A7C43F375}

[2012/05/24 09:54:21 | 000,000,279 | ---- | M] () -- C:\Users\Jon\AppData\Roaming\OpenSceneryX Installer.plist

[2012/05/24 01:11:24 | 000,001,018 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dyn Updater Tray Icon.lnk

[2012/05/23 21:54:31 | 000,000,080 | ---- | M] () -- C:\Users\Jon\AppData\Local\X-Plane Installer.prf

[2012/05/22 20:35:15 | 004,051,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/05/22 01:34:36 | 000,506,174 | ---- | M] () -- C:\Users\Public\Documents\DAVID_INV.DBF

[2012/05/21 19:08:40 | 000,014,848 | ---- | M] () -- C:\{1B57E6E4-641A-4073-AEB3-0A0B5A592D07}

[2012/05/16 18:26:24 | 000,005,872 | ---- | M] () -- C:\Users\Jon\Documents\LargeTile@2x.png

[2012/05/16 18:26:24 | 000,005,543 | ---- | M] () -- C:\Users\Jon\Documents\Tile@2x.png

[2012/05/16 18:26:24 | 000,004,636 | ---- | M] () -- C:\Users\Jon\Documents\LargeTile.png

[2012/05/16 18:26:24 | 000,004,272 | ---- | M] () -- C:\Users\Jon\Documents\LockIcon@2x.png

[2012/05/16 18:26:24 | 000,004,167 | ---- | M] () -- C:\Users\Jon\Documents\Tile.png

[2012/05/16 18:26:24 | 000,003,611 | ---- | M] () -- C:\Users\Jon\Documents\LockIcon.png

[2012/05/16 18:26:24 | 000,000,289 | ---- | M] () -- C:\Users\Jon\Documents\Tile.plist

[2012/05/15 06:26:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll

[2012/05/15 06:26:00 | 000,011,190 | ---- | M] () -- C:\Windows\System32\nvinfo.pb

[2012/05/15 05:28:49 | 002,621,723 | ---- | M] () -- C:\Windows\System32\nvcoproc.bin

[2012/05/15 02:21:50 | 000,423,744 | ---- | M] () -- C:\Windows\System32\nvStreaming.exe

[2012/05/14 13:11:40 | 000,002,503 | ---- | M] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2012/05/14 13:11:39 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk

[2012/05/13 20:44:01 | 000,002,747 | ---- | M] () -- C:\Users\Jon\.recently-used.xbel

[2012/05/12 13:06:52 | 000,002,086 | -H-- | M] () -- C:\Users\Jon\Documents\Default.rdp

[2012/05/09 22:21:06 | 000,002,584 | ---- | M] () -- C:\{5B4E7D23-7EE1-4E57-AA7A-BB548B0B4D0C}

[2012/05/09 22:19:57 | 000,002,560 | ---- | M] () -- C:\{ADCE319A-A9E9-424C-8919-51FBA644E1EF}

[2012/05/09 22:18:40 | 000,002,280 | ---- | M] () -- C:\{2875EEF6-3EF1-432F-88C2-64FC7FC6D190}

[2012/05/09 22:16:49 | 000,002,320 | ---- | M] () -- C:\{460A4057-01B1-4CC1-AAB5-9C74BB791430}

[2012/05/08 20:07:37 | 000,239,048 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/07 08:32:32 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/06 14:33:14 | 000,034,814 | ---- | C] () -- C:\Users\Jon\AppData\Local\dt.dat

[2012/06/02 21:33:26 | 000,007,510 | R--- | C] () -- C:\Windows\System32\drivers\NST\0200000.010\ccSetx86.cat

[2012/06/02 21:33:26 | 000,000,828 | R--- | C] () -- C:\Windows\System32\drivers\NST\0200000.010\ccSetx86.inf

[2012/06/02 21:33:26 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NST\0200000.010\isolate.ini

[2012/06/02 21:08:02 | 000,000,164 | ---- | C] () -- C:\MemeoSendAddin

[2012/05/30 15:39:28 | 000,002,584 | ---- | C] () -- C:\{7AC4F72A-BFB2-4A4C-92AB-F661773DCED7}

[2012/05/30 15:32:29 | 000,002,568 | ---- | C] () -- C:\{72D0BDD7-4F91-4B05-B869-9C162A29645D}

[2012/05/27 23:29:47 | 000,002,584 | ---- | C] () -- C:\{F7F988D2-D725-4DB7-B842-6BA0015B2CE2}

[2012/05/27 23:28:33 | 000,002,568 | ---- | C] () -- C:\{A29747F4-AF78-4ADF-A089-835A7C43F375}

[2012/05/24 01:11:23 | 000,001,018 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dyn Updater Tray Icon.lnk

[2012/05/23 22:31:31 | 000,001,282 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LogTemp.exe - Shortcut.lnk

[2012/05/23 19:47:44 | 000,506,174 | ---- | C] () -- C:\Users\Public\Documents\DAVID_INV.DBF

[2012/05/21 19:08:40 | 000,014,848 | ---- | C] () -- C:\{1B57E6E4-641A-4073-AEB3-0A0B5A592D07}

[2012/05/18 19:38:45 | 000,005,872 | ---- | C] () -- C:\Users\Jon\Documents\LargeTile@2x.png

[2012/05/18 19:38:45 | 000,005,543 | ---- | C] () -- C:\Users\Jon\Documents\Tile@2x.png

[2012/05/18 19:38:45 | 000,004,636 | ---- | C] () -- C:\Users\Jon\Documents\LargeTile.png

[2012/05/18 19:38:45 | 000,004,272 | ---- | C] () -- C:\Users\Jon\Documents\LockIcon@2x.png

[2012/05/18 19:38:45 | 000,004,167 | ---- | C] () -- C:\Users\Jon\Documents\Tile.png

[2012/05/18 19:38:45 | 000,003,611 | ---- | C] () -- C:\Users\Jon\Documents\LockIcon.png

[2012/05/18 19:38:45 | 000,000,289 | ---- | C] () -- C:\Users\Jon\Documents\Tile.plist

[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe

[2012/05/14 13:11:38 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk

[2012/05/13 20:44:01 | 000,002,747 | ---- | C] () -- C:\Users\Jon\.recently-used.xbel

[2012/05/09 22:21:05 | 000,002,584 | ---- | C] () -- C:\{5B4E7D23-7EE1-4E57-AA7A-BB548B0B4D0C}

[2012/05/09 22:19:55 | 000,002,560 | ---- | C] () -- C:\{ADCE319A-A9E9-424C-8919-51FBA644E1EF}

[2012/05/09 22:18:38 | 000,002,280 | ---- | C] () -- C:\{2875EEF6-3EF1-432F-88C2-64FC7FC6D190}

[2012/05/09 22:16:47 | 000,002,320 | ---- | C] () -- C:\{460A4057-01B1-4CC1-AAB5-9C74BB791430}

[2012/05/04 23:10:44 | 000,087,608 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\inst.exe

[2012/05/02 18:17:48 | 000,000,073 | ---- | C] () -- C:\Users\Jon\AppData\Local\X-Plane_drm.prf

[2012/04/28 16:19:59 | 000,000,080 | ---- | C] () -- C:\Users\Jon\AppData\Local\X-Plane Installer.prf

[2012/04/09 16:45:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/04/09 16:45:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/04/09 16:45:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/04/09 16:45:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/04/09 16:45:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/04/06 13:38:22 | 002,621,723 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin

[2012/04/06 00:05:11 | 000,397,061 | ---- | C] () -- C:\Users\Jon\AppData\Local\census.cache

[2012/04/06 00:03:37 | 000,234,420 | ---- | C] () -- C:\Users\Jon\AppData\Local\ars.cache

[2012/03/04 15:09:24 | 000,002,687 | ---- | C] () -- C:\Windows\HCWPNP.INI

[2012/03/02 20:25:18 | 000,000,132 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\Adobe BMP Format CS5 Prefs

[2012/03/02 18:36:59 | 000,165,376 | ---- | C] () -- C:\Windows\UNWISE.EXE

[2012/03/01 14:27:21 | 000,004,096 | -H-- | C] () -- C:\Users\Jon\AppData\Local\keyfile3.drm

[2012/02/28 16:38:12 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll

[2012/02/01 09:15:41 | 000,709,968 | ---- | C] () -- C:\Windows\is-93MP7.exe

[2011/11/22 18:29:02 | 000,000,600 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\winscp.rnd

[2011/11/03 18:05:54 | 000,000,600 | ---- | C] () -- C:\Users\Jon\AppData\Local\PUTTY.RND

[2011/10/24 18:22:19 | 000,000,273 | ---- | C] () -- C:\Windows\MRU.ini

[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2011/09/06 12:16:23 | 000,000,160 | ---- | C] () -- C:\Windows\ALIGN-SETTING.INI

[2011/09/06 12:16:23 | 000,000,149 | ---- | C] () -- C:\Windows\ESTIMATE-SETTING.INI

[2011/09/06 12:16:23 | 000,000,106 | ---- | C] () -- C:\Windows\LIMIT-SETTING.INI

[2011/09/03 11:53:28 | 000,005,272 | ---- | C] () -- C:\Windows\Pictor.ini

[2011/08/17 13:55:48 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6

[2011/08/10 17:45:59 | 000,028,909 | ---- | C] () -- C:\Windows\System32\nurvniod.dll

[2011/08/10 17:45:59 | 000,026,172 | ---- | C] () -- C:\Windows\System32\w3rc9.dll

[2011/07/24 17:54:51 | 000,000,126 | ---- | C] () -- C:\Windows\mdm.ini

[2011/07/24 17:53:52 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2011/07/24 14:14:58 | 000,062,976 | ---- | C] () -- C:\Windows\USBm.dll

[2011/07/15 16:44:18 | 000,001,456 | ---- | C] () -- C:\Users\Jon\AppData\Local\Adobe Save for Web 12.0 Prefs

[2011/07/10 17:48:27 | 000,000,076 | ---- | C] () -- C:\Windows\System32\dtirc.dll

[2011/06/12 10:42:08 | 000,000,222 | ---- | C] () -- C:\Windows\cdplayer.ini

[2011/04/18 22:12:53 | 000,023,020 | ---- | C] () -- C:\Windows\System32\dtihhh.dll

[2011/02/17 21:49:57 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2011/02/02 09:16:05 | 000,007,887 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\pcouffin.cat

[2011/02/02 09:16:05 | 000,001,144 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\pcouffin.inf

[2011/01/19 14:07:34 | 000,000,202 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\Statdisk.prefs

[2010/12/14 19:35:11 | 000,010,536 | ---- | C] () -- C:\Windows\System32\drivers\hmonitor45.sys

[2010/10/27 21:19:45 | 000,001,940 | ---- | C] () -- C:\Users\Jon\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2010/10/15 08:36:39 | 000,002,515 | ---- | C] () -- C:\ProgramData\buynow.html

[2010/10/08 00:31:00 | 000,635,904 | ---- | C] () -- C:\Windows\System32\WDTVLIVEHUB.dll

[2010/09/15 19:37:37 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini

[2010/09/15 09:54:39 | 000,239,048 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2010/09/15 09:15:54 | 000,315,616 | ---- | C] () -- C:\Windows\System32\slwc.exe

[2010/09/15 09:12:33 | 000,111,104 | ---- | C] () -- C:\Windows\System32\Uharc.exe

[2010/09/15 09:12:33 | 000,008,636 | ---- | C] () -- C:\Windows\System32\modifype.exe

[2010/07/26 10:13:40 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2010/07/21 13:28:07 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2010/07/08 11:48:55 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/06/28 20:31:58 | 000,000,036 | ---- | C] () -- C:\Users\Jon\AppData\Local\housecall.guid.cache

[2010/06/19 22:34:52 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys

[2010/06/19 22:34:45 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys

========== LOP Check ==========

[2012/03/31 22:33:55 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\.purple

[2010/01/06 18:04:03 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\AeroSnapApp

[2012/03/01 09:59:55 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Audacity

[2012/06/06 14:37:52 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\AVG

[2010/01/06 18:04:05 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Axialis

[2012/02/28 16:33:44 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Babylon

[2010/01/28 22:05:00 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Blackberry Desktop

[2010/06/12 10:39:17 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Charles

[2011/11/10 16:30:30 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/01/06 18:04:12 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Composer

[2012/01/21 15:00:47 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\DAEMON Tools Pro

[2010/02/18 09:47:11 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\DocumentsToGoDesktopBB

[2012/05/24 00:54:34 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Dropbox

[2010/11/23 10:45:10 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\edu.du.ctl.DropFolders

[2010/01/06 18:04:12 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\ESC

[2010/08/21 17:24:29 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\FontCreator

[2011/07/03 18:17:12 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1

[2010/01/10 13:30:46 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Gamers Digital

[2010/01/06 18:04:12 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\GARMIN

[2010/02/07 13:07:05 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\GetRightToGo

[2012/02/28 15:53:24 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\HandBrake

[2011/06/03 16:15:45 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\IcoFX

[2010/01/06 18:04:12 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Ilium Software

[2010/01/06 18:04:12 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\InfraRecorder

[2012/04/22 19:07:01 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\inkscape

[2010/12/29 23:43:09 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\IPViewPro2

[2012/05/04 23:03:10 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\IrfanView

[2011/12/09 15:36:05 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\J River

[2010/01/06 18:04:12 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\JGoodies

[2011/01/11 13:39:47 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Leadertech

[2010/06/27 19:02:52 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Media Control

[2010/01/08 13:54:00 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Merscom

[2012/04/16 20:52:10 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\No Company Name

[2010/08/17 22:30:13 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Oberon Media

[2011/06/17 17:34:50 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\OpenOffice.org

[2010/01/06 18:04:36 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Opera

[2010/08/17 22:53:17 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Pharaohs Secret

[2010/01/07 18:36:57 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\PlayFirst

[2010/01/06 18:04:37 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Plazmic

[2012/03/29 00:40:31 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\redsn0w

[2010/05/24 20:33:59 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Registry Mechanic

[2010/08/10 23:10:29 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Research In Motion

[2010/01/06 18:04:46 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Resource Tuner

[2012/05/04 23:11:57 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\SanDisk

[2011/07/15 16:19:59 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2010/01/06 18:04:46 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Stardock

[2011/06/17 17:18:50 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\StarOffice8

[2010/06/24 21:26:44 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\SuperNZB

[2010/10/19 16:49:40 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\SystemRequirementsLab

[2011/03/17 00:04:01 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\ThumbGen

[2010/11/10 08:58:05 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\TightVNC

[2011/08/17 13:57:50 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\TwonkyMedia

[2010/07/21 13:28:09 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Virtual Prophecy

[2012/05/04 23:10:45 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Vso

[2010/01/06 18:04:48 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\WDL

[2009/05/08 13:30:09 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Windows Live Writer

[2011/03/13 23:10:09 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\WinPatrol

[2011/10/07 13:42:26 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\XnView

[2011/09/22 12:03:38 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:E732B44B

@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:CD9109D4

@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:39413AC3

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:25DEF972

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:D1B5B4F1

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:28CCED90

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B4227B4

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

jonkjon · June 7, 2012

Here are the results for the OTL extras.txt scan:

OTL Extras logfile created on: 6/7/2012 9:33:34 AM - Run 1

OTL by OldTimer - Version 3.2.46.2 Folder = C:\Users\Jon\Downloads

Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 48.19% Memory free

6.50 Gb Paging File | 3.78 Gb Available in Paging File | 58.11% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 465.76 Gb Total Space | 146.23 Gb Free Space | 31.40% Space Free | Partition Type: NTFS

Drive D: | 7.27 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 232.88 Gb Total Space | 74.10 Gb Free Space | 31.82% Space Free | Partition Type: NTFS

Drive Y: | 465.76 Gb Total Space | 195.79 Gb Free Space | 42.04% Space Free | Partition Type: NTFS

Drive Z: | 465.76 Gb Total Space | 195.79 Gb Free Space | 42.04% Space Free | Partition Type: NTFS

Computer Name: VISTA-AMD | User Name: Jon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4138688568-898451359-665369222-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04A460FC-EE9C-49A3-8643-8BECE2B29CD9}" = rport=10243 | protocol=6 | dir=out | app=system |

"{04EE132E-FDD4-48E8-877D-E986C461CC6B}" = lport=10244 | protocol=6 | dir=in | app=system |

"{068002EB-C7AB-4FA7-953F-4C3DCD40A442}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{122E4C3B-DF1A-4F03-B04F-2AC74F84B633}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{189FCF06-DE88-4BA9-B025-8023CF33E013}" = lport=3389 | protocol=6 | dir=in | app=system |

"{232F77DB-2593-4AA3-BAFF-046E072AF84E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |

"{23400F4D-9E8D-4DB0-8121-EBA43A87F647}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |

"{293AA506-9E39-46A9-A2D2-E7121DF3CBD4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{31CDF2B4-75B9-4ED8-9205-A25335930E90}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{33EEDEE4-B71F-492C-95D5-371DC752FEAE}" = lport=2869 | protocol=6 | dir=in | app=system |

"{343BE88A-B4C9-4CB4-A5D7-A446607585FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{34D166FF-88FD-4348-95C4-FFEBA7A463D2}" = lport=2869 | protocol=6 | dir=in | app=system |

"{366522EB-6BBD-47E6-84C6-E38747B286B7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{3A962006-E10F-4494-A2C4-79A1DF501291}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |

"{3F1A6A2B-26BE-42B1-BBE2-28A7B6B100D0}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |

"{44823CB0-6538-4BF7-AD37-ECD563FB2263}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{45C7B9F5-0A67-41A7-B137-A1474150A952}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

"{4734ED60-99D5-4D16-8812-7CEC8140E85B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |

"{4A41F4F9-084B-458B-A840-F7E747E2EAA8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{51F018B9-9792-4A6F-B9C4-955C4CB76D50}" = lport=49180 | protocol=6 | dir=in | name=akamai netsession interface |

"{5290C5B9-41F2-4C69-96C7-42728CE57F2B}" = lport=3390 | protocol=6 | dir=in | app=system |

"{52A7F44A-111A-4D36-8A98-0DC54A8B3CA3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{55003A03-6AC7-45A3-A99C-9FD0F312CD4B}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{586AE29C-1896-41A2-8EE5-FCB0902CEBD1}" = lport=10243 | protocol=6 | dir=in | app=system |

"{5F56F0E3-1EAD-4A6D-99C0-8B94C3A70BD2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |

"{63E0FD18-2119-433A-8C90-6539C8427F09}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{77398834-3CE6-41F2-A7C5-E543F5355083}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{7B8C49CE-D356-4E21-87BE-8C671C7E83B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{84785923-E634-40DC-9E82-4D9BB245872E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{89E358C9-7D6E-4CB5-8B13-0D81A5E76867}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{8AC805B2-8CD8-4448-B171-A46B7059A5AC}" = rport=10243 | protocol=6 | dir=out | app=system |

"{8B8A5185-9CEA-4B01-8D3D-A7B8D8E1BF26}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |

"{96FF6ACB-8C79-44F9-A2FE-1464A7B57916}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

"{99A667D9-45FB-426C-803A-F2806DD3FAD2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |

"{9DBB8815-149C-42C8-8B78-A386AE5460FC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{9E0B13F0-E1EC-4768-992F-C83BD1EFC6E7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{9E1C896A-CBBA-46FB-9777-EEEAD7E55742}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{AB56329E-E8B2-458F-B557-25366497DA29}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{B08C030A-E89E-4499-9B92-E7ADF07E7291}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

"{B66A279D-BEC4-43B9-9D51-39CC3C60A522}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B8A7E68D-1C53-499A-B786-4E672EA7CB99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{BB65FDA4-5524-48E9-AB57-98CFBCCDE62A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{BCF2288C-1CC3-491F-B058-DC32E48981EE}" = lport=49200 | protocol=6 | dir=in | name=akamai netsession interface |

"{C31C8576-D647-43F4-88B3-B390A4E3964D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C67E37B4-3E83-4905-9830-346BCF80770F}" = lport=2869 | protocol=6 | dir=in | app=system |

"{CA5715E4-7EDF-4C9C-9DBA-5DAAFB7181C0}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

"{CF0D9FD8-876C-47CE-9CD6-28A372FDBFF5}" = lport=10243 | protocol=6 | dir=in | app=system |

"{E41B2C5A-56BB-4272-BC13-FAEF1167B430}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{ED328A48-8D16-40CB-935E-317F2BF041B1}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

"{F4FEEAE4-3D1D-4D4F-8007-85A6AB14019A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

"{F753E6BD-8EA4-4AB4-9E1C-8FC2D603D65A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0400EDB1-F967-406F-91DA-8B7F0DE7F2B2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{043D421D-F132-45C7-9D50-39FDE29BC916}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{056782F7-AE96-486D-AA61-E463FD93E623}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{0945F444-9067-4215-A8B4-15F92A60E7AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{0AEF3FED-D99A-4196-967F-0C9324B3C86D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |

"{12859110-F27A-4D5D-8994-A88E07137B46}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{17083864-555E-487B-AE83-D322BFF0CD7A}" = protocol=6 | dir=in | app=c:\program files\tightvnc\vncviewer.exe |

"{1F2E0E40-FC19-417F-89F1-2827844BF5FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{200A2267-8D78-4320-BEAC-E3F19A36563C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{20FB9505-2188-4108-ACAA-00C36265260E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cities xl 2011\citiesxl_2011.exe |

"{22818BB8-B15D-4BAA-98EB-ED9669178E33}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |

"{28EFB101-A1AE-4505-B229-239249170219}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{2DE12A9E-B4D2-4C20-BBE2-BDC416D25696}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{39C16643-4B46-44C5-80DB-9469C506EE1A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{4154BA5E-06D2-45D4-A6C9-143186EB10C3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm |

"{4BFD37FD-66CE-4C7A-B299-9235F6822275}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{4F9B2B78-7361-44F1-B862-859C11D4B165}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{518AC87F-8EBA-43CE-A1E1-35326B39E523}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{538E95D7-4881-4AB2-BA22-474F83047FB9}" = protocol=6 | dir=out | app=system |

"{5BCBF525-5FBC-4DD5-B7CF-442C7CF20373}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{5C4CE981-18BE-4487-9CEE-804327A10477}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{5E473255-8E6B-4A86-8893-7CA38A930D78}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |

"{60B70AE8-E56E-44C8-A198-B274018919E6}" = protocol=6 | dir=in | app=c:\program files\wdisplay\weatherd.exe |

"{649B12CB-3D67-4020-8611-8367BC9F8709}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{68DC5BD6-EAD6-4165-9AA3-7C58F9FCECF3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{6A657931-06BB-4B2E-9451-FD266B77DEE7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cities xl 2011\citiesxl_2011.exe |

"{6CBBF1D8-65C7-4065-B698-E4E14806C274}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{6E21016F-D5AB-4BFE-B566-7D0D85B8873F}" = protocol=17 | dir=in | app=c:\program files\tightvnc\vncviewer.exe |

"{7114E894-3FCC-400D-AEF7-CFE1A1E431CC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |

"{73072755-1B21-44C4-B333-883492D9B8E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{7420CBF9-920B-4480-84E3-4152EDE40D8A}" = dir=in | app=c:\program files\plex\plex media server\plexscripthost.exe |

"{74B8F904-7E0E-4EDB-9756-E7B3BEC74F79}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{7940277A-6C0A-4A14-82AD-E6EB3C018187}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{80C49548-B522-41E5-B5E4-869A4D929C18}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{84975CC3-C63A-44DB-97BD-93E97CCBE443}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |

"{8605E23B-D40D-478C-B496-2D8F0AACC3D4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{8D7B8465-E8B5-448C-A80A-32D5419969C1}" = protocol=17 | dir=in | app=c:\program files\stardock games\demigod\bin\demigod.exe |

"{8E0E3FFE-4177-4247-9A1E-0CC49CA2BE56}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |

"{8E328F57-4117-48EC-8E0A-7BDAA3B68C0D}" = protocol=6 | dir=out | app=system |

"{997087B2-2E6E-4FBC-82A1-B32623AA9661}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A7E886FF-0ECA-46EC-8B5B-93EC4E745AC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{A95A2417-E5CE-43C4-A44A-66619A60E06B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{AAA2E876-B4B5-40AF-B605-9B5D9215FC9E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{AE492186-30BD-4CCF-AC6F-051D2E90274E}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |

"{B5A59EDF-F0A5-4C8B-B703-2B83B8F90866}" = protocol=17 | dir=in | app=c:\program files\microsoft games\microsoft flight\flight.exe |

"{BB1238B6-4F7B-4C49-9D9E-8B212CE47BF3}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |

"{C4847EC6-193D-4B85-94F2-95F1198C20A0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{C7675DD5-B04B-4151-BB71-741D0137664B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{CB52699D-9966-4128-B4BB-5F70520A6DA2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe |

"{D1163589-72E2-4F25-BC19-51C3286288D3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe |

"{D798A8D2-AE2F-444A-B5F1-6ACF1CCA095B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm |

"{D8A2A4F9-3186-4E1B-AFB9-135B295EAEA5}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |

"{DB406813-2DDC-4F48-AAFF-1E4D2E218624}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |

"{DB5F9F41-580C-4A60-A2A4-9757939B2B7C}" = protocol=17 | dir=in | app=c:\program files\wdisplay\weatherd.exe |

"{DB8F1793-0CB4-487E-AFBE-22DFE1E06CB2}" = dir=in | app=c:\program files\plex\plex media server\plex media server.exe |

"{DE294E22-407A-4DFD-8963-89DC6F5DE3BE}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |

"{EED34C32-BF9B-44A7-A159-39A0145E899B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |

"{F4D015BF-2E8B-45A4-9304-E84E67248B5B}" = protocol=6 | dir=in | app=c:\program files\microsoft games\microsoft flight\flight.exe |

"{F613AA81-3744-4770-AD39-1C1C82C98F16}" = protocol=6 | dir=in | app=c:\program files\stardock games\demigod\bin\demigod.exe |

"{F7D13C7B-A330-4A0B-B29D-A45D8D0DA5E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{FA2D940C-32B7-48AD-B29B-6A9FEA6E470E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |

"{FBE8F679-7662-4F6B-A23D-865233631CB4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"TCP Query User{AB8BC596-CCF4-4AA5-BB86-9E8AAEC67A6D}C:\users\jon\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\jon\appdata\local\akamai\netsession_win.exe |

"TCP Query User{D22647BA-D6EC-44DA-AAD2-7513728D7E73}C:\users\jon\desktop\x-plane 10\x-plane.exe" = protocol=6 | dir=in | app=c:\users\jon\desktop\x-plane 10\x-plane.exe |

"TCP Query User{D4C3E6BC-EE21-4EEC-8462-93E735E7B862}C:\users\jon\desktop\x-plane 9\x-plane.exe" = protocol=6 | dir=in | app=c:\users\jon\desktop\x-plane 9\x-plane.exe |

"UDP Query User{1B38C6F6-AAD8-4DEC-80D4-862F174C97DA}C:\users\jon\desktop\x-plane 9\x-plane.exe" = protocol=17 | dir=in | app=c:\users\jon\desktop\x-plane 9\x-plane.exe |

"UDP Query User{424A1915-D60A-4417-A34E-C2100588D1F8}C:\users\jon\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\jon\appdata\local\akamai\netsession_win.exe |

"UDP Query User{E969384F-D638-4ACF-AF9B-7696F6A7E1EA}C:\users\jon\desktop\x-plane 10\x-plane.exe" = protocol=17 | dir=in | app=c:\users\jon\desktop\x-plane 10\x-plane.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{036C7435-C347-47F9-AF29-A55DF39FA172}" = BlackBerry Smartphone Simulators 5.0.0.517 (9550)

"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK

"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack

"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English

"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center

"{0D7901D9-5F0E-4CDB-9912-5995C17E4902}" = BlackBerry Device Software v5.0.0 for the BlackBerry 9550 smartphone

"{0E16C1BC-72A7-4DB7-BBB8-560EDCCA74B5}" = SmartSound Premiere Elements 10 Plugin

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool

"{10412347-A28A-4770-B9AA-DD8B7C6F9C09}" = IPView Pro 2.0

"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0

"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up

"{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder

"{13F71E3E-A508-9B41-14D5-A7E8612CE471}" = Civilization 4 Complete Bundle

"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{1725EAAB-15E5-4169-93A4-D7651F25282B}" = Media Browser

"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2

"{18435829-4E75-4CD1-9796-A62DBBAE2ED7}" = DeepSkyStacker

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{185292F7-7C0A-4F72-B2CC-CBEBD40B050E}" = Microsoft SQL Server 2008 R2 Native Client

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK

"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls

"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer

"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes

"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2

"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 4

"{27B6D024-FD7E-4A88-BC17-5AFBE33EC072}" = Microsoft F# Runtime for Silverlight 4

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2DDCCEA5-2AA4-4ABB-BCAD-41BB115A4333}" = Microsoft Silverlight 4 Toolkit April 2010

"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)

"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{3360D505-B0AA-4284-92DF-F872AF90A448}" = BlackBerry Device Software Updater

"{340C0246-975B-420F-8ADD-DEA69B16FDEE}" = Adobe Premiere Elements 10 Content 1

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{3B05A751-416F-42F1-BDFC-71C54B928110}" = BlackBerry Device Software v5.0.0 for the BlackBerry 9550 smartphone

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{40F0DEB7-21A6-4166-B021-CE9675665985}" = Plex Media Server

"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer

"{48B08845-0CB0-45EC-893C-15319ADDA312}" = Microsoft SQL Server 2008 R2 Setup (English)

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4BE15737-07C5-4705-9DFC-D9D533939942}" = NVIDIA Media Center Extensions

"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 SP1 Database Engine Shared

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4D5308D2-6B0A-4BB0-809F-AE1000028101}" = Microsoft Flight

"{4D5308D2-6B0A-4BB0-809F-AE1000038101}" = Microsoft Flight

"{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight

"{4F29521F-7338-4D15-8691-8FEEB987780C}" = Adobe Premiere Elements 10 HD Content 3

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{558358E5-E4F3-4374-BA1D-26FF39EF87D9}" = Microsoft Silverlight Tools for Visual Studio 2010

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1

"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1

"{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools

"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu

"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7

"{5D037ECA-B00A-466F-848C-D21B4DB69DEA}" = Adobe Premiere Elements 10 HD Content 1

"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69F962F7-3761-4704-9E4B-24FF10F77111}" = MagicTune Premium

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver

"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{85076DFF-7A17-3566-9CC0-488E6E6D4494}" = Microsoft Visual Web Developer 2010 Express - ENU

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup

"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOKR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OUTLOOKR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{91140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010

"{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1

"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{93968FB2-C67A-4A9B-80C2-5D4D9393058E}" = Microsoft SQL Server 2008 R2 RsFx Driver

"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit

"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X

"{95355D27-CFCE-4777-B49D-28B7D5E7016B}}_is1" = LogTemp 2.24.0.92

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM

"{98271E36-75B8-7D6E-DD22-F0DCEE9A7E1E}" = Adobe Photoshop.com Inspiration Browser

"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM

"{99341ACA-2A86-4235-A636-02A2A9820987}" = WD Discovery Software

"{99C7D73D-E201-4D03-B8A4-5EDBA529B505}" = Adobe Premiere Elements 10 Content 3

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C8D1290-0A4C-446C-AD86-0590812660CC}" = Adobe Premiere Elements 10 Content

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center

"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab

"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU

"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAF4DEA2-5A69-4819-9BB2-BF3D540F9024}" = Adobe Premiere Elements 10

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup

"{B3D84D4A-DE51-42A1-964B-E80013272D55}" = HuluDesktopIntegration

"{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}" = User's Guides

"{B605C682-FD9B-491B-9245-731C036186C5}" = 1-Wire Drivers Version 4.03

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BA2898D6-6270-4B00-AA32-4E82867973CF}" = BlackBerry Smartphone Simulators 4.7.0.75 (9530-Verizon)

"{BC4A54D6-6591-4D01-AE21-C9ABAAF69D7F}" = Microsoft Expression Encoder 4

"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser

"{C29B13CC-F0C5-4973-8980-2BCDC7C44E39}" = Beyond TV DVD Burning Foundation

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari

"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 SP1 Common Files

"{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CE1F2DF3-5836-4A27-A3FE-6717492DDE5E}" = PRE10STIInstaller

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D0ECDCCD-F0BF-4D9D-AF06-03471A76BA9D}" = BlackBerry JDE 5.0.0

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup

"{D1CE6204-061A-43B5-830F-6A8A35C4E0C6}" = Adobe Premiere Elements 10 HD Content 2

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20

"{D428AB95-35B2-4868-B656-5C316E25EC69}" = SQL Server 2008 R2 SP1 Database Engine Services

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0

"{D5FCD625-BD97-4F56-B7C4-1D4BC586BB7A}" = BlackBerry JDE Component Package 4.7.0

"{D66A42BA-3747-4628-9CE4-9E7C18C3ED95}" = Adobe Premiere Elements 10 Content 2

"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86

"{D8C2C5B1-1A88-4B87-9116-59D082B1CE30}" = Visual Studio 2005 Redist Package

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2

"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1

"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud

"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX

"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag

"{DF781E6F-BF29-4340-BEFB-09F7511B424D}" = SQL Server 2008 R2 SP1 Database Engine Services

"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1

"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor

"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU

"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support

"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 SP1 Database Engine Shared

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F41A4EDC-190B-4788-B569-9627686BBFC2}" = TEDFootprints

"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements

"{F9EC30D1-F688-4708-9850-CB5120074AAA}" = Microsoft Expression Encoder 4 Screen Capture Codec

"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools

"{FA38652E-98FB-4095-9ACB-44E82C965C20}" = BlackBerry JDE 4.7.0

"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 SP1 Common Files

"{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}" = WD Firewire HID Driver

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7-Zip" = 7-Zip 4.65

"AC3Filter_is1" = AC3Filter 1.63b

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Premiere Elements 10 Content" = Adobe Premiere Elements 10 Content

"Adobe Premiere Elements 10 Content 1" = Adobe Premiere Elements 10 Content 1

"Adobe Premiere Elements 10 Content 2" = Adobe Premiere Elements 10 Content 2

"Adobe Premiere Elements 10 Content 3" = Adobe Premiere Elements 10 Content 3

"Adobe Premiere Elements 10 HD Content 1" = Adobe Premiere Elements 10 HD Content 1

"Adobe Premiere Elements 10 HD Content 2" = Adobe Premiere Elements 10 HD Content 2

"Adobe Premiere Elements 10 HD Content 3" = Adobe Premiere Elements 10 HD Content 3

"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3

"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2

"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings

"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3

"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6

"BFGC" = Big Fish Games: Game Manager

"BlackBerry Theme Studio 5.0" = BlackBerry Theme Studio 5.0

"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1

"Call of Juarez : Bound in Blood" = Call of Juarez : Bound in Blood

"Canon RAW Codec" = Canon RAW Codec

"CCleaner" = CCleaner

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54

"Demigod" = Demigod

"DTGDesktop-BB" = Documents To Go Desktop for BlackBerry

"DynUpdater" = Dyn Updater

"Encoder_4.0.3205.0" = Microsoft Expression Encoder 4

"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration

"FontCreator6_is1" = High-Logic FontCreator 6.0

"Galactic Civilizations II" = Galactic Civilizations II

"GFWL_{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight

"GraphWeather_is1" = GraphWeather Version 2.0.312b

"HandBrake" = HandBrake 0.9.5

"Haunted House" = Haunted House

"IcoFX_is1" = IcoFX 1.6.4

"IconPackager 4" = IconPackager 4

"IconWorkshop" = Axialis IconWorkshop 6.0

"Ilium Software eWallet_is1" = eWallet 7.0

"Impulse" = Impulse

"InfraRecorder" = InfraRecorder

"Inkscape" = Inkscape 0.48.2

"InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5

"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X

"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data

"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor

"InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements

"IsoBuster_is1" = IsoBuster 2.6

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Marvell Miniport Driver" = Marvell Miniport Driver

"Media Center 15" = Media Center 15

"Media Center 16" = Media Center 16

"Media Center 17" = Media Center 17

"MediaInfo" = MediaInfo 0.7.42

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1

"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2

"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU

"Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU

"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1

"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

"Microsoft Visual Web Developer 2010 Express - ENU" = Microsoft Visual Web Developer 2010 Express - ENU

"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)

"MyColors Think Green Desktop" = MyColors Think Green Desktop

"NST" = Norton Safe Web Lite

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"OCCT_is1" = OCCT Perestroika 3.1.0

"Office14.OUTLOOKR" = Microsoft Outlook 2010

"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser

"Plazmic CDK 4.7 for BlackBerry" = Plazmic CDK 4.7 for BlackBerry

"Plazmic Content Developer's Kit 4.7 Update Patch" = Plazmic Content Developer's Kit 4.7 Update Patch

"Pocket Informant for BlackBerry" = Pocket Informant for BlackBerry

"PremElem100" = Adobe Premiere Elements 10

"PremElem70" = Adobe Premiere Elements 7.0

"Resource Tuner_is1" = Resource Tuner 1.99 R4

"RiseOfNations 1.0" = Microsoft Rise Of Nations

"RiseofNationsExpansion 1.0" = Rise of Nations Thrones and Patriots

"Risk II_is1" = Risk II

"Sid Meier's Railroads!" = Sid Meier's Railroads!

"Starry Night Pro Plus 6" = Starry Night Pro Plus 6

"Steam App 24780" = SimCity 4 Deluxe

"Steam App 58510" = Cities XL 2011

"Steam App 65800" = Dungeon Defenders

"Steam App 72850" = The Elder Scrolls V: Skyrim

"Steam App 8930" = Sid Meier's Civilization V

"SystemRequirementsLab" = System Requirements Lab

"Tweak7" = Tweak7

"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition

"Weather Display Live_is1" = Weather Display Live

"Weather Display_is1" = Weather Display 10.37R Build 27

"WebPost" = Microsoft Web Publishing Wizard 1.53

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.00 (32-bit)

"winscp3_is1" = WinSCP 4.3.6

"WRUNINST" = Webroot SecureAnywhere

"WXTide32" = WXTide32

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4138688568-898451359-665369222-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"2f42caad03942c0f" = TedPwrMonUtility

"Akamai" = Akamai NetSession Interface

"CodeBlocks" = CodeBlocks

"Google Chrome" = Google Chrome

"HuluDesktop" = Hulu Desktop

"RegiStax 6" = RegiStax 6

"RegiStax 6.1.0.8 update" = RegiStax 6.1.0.8 update

"WinDirStat" = WinDirStat 1.1.2

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/5/2012 4:29:35 PM | Computer Name = Vista-AMD | Source = MSSQLServerADHelper | ID = 100

Description = '0' is an invalid number of start up parameters. This service takes

two start up parameters.

Error - 6/5/2012 4:38:47 PM | Computer Name = Vista-AMD | Source = MSSQLServerADHelper | ID = 100

Description = '0' is an invalid number of start up parameters. This service takes

two start up parameters.

Error - 6/5/2012 4:58:35 PM | Computer Name = Vista-AMD | Source = MSSQLServerADHelper | ID = 100

Description = '0' is an invalid number of start up parameters. This service takes

two start up parameters.

Error - 6/5/2012 5:30:21 PM | Computer Name = Vista-AMD | Source = MSSQLServerADHelper | ID = 100

Description = '0' is an invalid number of start up parameters. This service takes

two start up parameters.

Error - 6/5/2012 10:41:34 PM | Computer Name = Vista-AMD | Source = MSSQLServerADHelper | ID = 100

Description = '0' is an invalid number of start up parameters. This service takes

two start up parameters.

Error - 6/6/2012 2:53:56 PM | Computer Name = Vista-AMD | Source = MSSQLServerADHelper | ID = 100

Description = '0' is an invalid number of start up parameters. This service takes

two start up parameters.

Error - 6/6/2012 11:41:22 PM | Computer Name = Vista-AMD | Source = Application Error | ID = 1000

Description = Faulting application name: WeatherD.exe, version: 10.37.0.0, time

stamp: 0x4fbeae24 Faulting module name: WeatherD.exe, version: 10.37.0.0, time stamp:

0x4fbeae24 Exception code: 0xc0000005 Fault offset: 0x0130106f Faulting process id:

0x1344 Faulting application start time: 0x01cd445f3fd3fde0 Faulting application path:

C:\Program Files\wdisplay\WeatherD.exe Faulting module path: C:\Program Files\wdisplay\WeatherD.exe

Report

Id: a5cf7160-b052-11e1-94f7-00e06110cb5d

Error - 6/7/2012 8:25:09 AM | Computer Name = Vista-AMD | Source = Application Hang | ID = 1002

Description = The program WeatherD.exe version 10.37.0.0 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1344 Start

Time: 01cd445f3fd3fde0 Termination Time: 16 Application Path: C:\Program Files\wdisplay\WeatherD.exe

Report

Id: ce972951-b09b-11e1-94f7-00e06110cb5d

Error - 6/7/2012 9:01:55 AM | Computer Name = Vista-AMD | Source = Application Error | ID = 1000

Description = Faulting application name: WeatherD.exe, version: 10.37.0.0, time

stamp: 0x4fbeae24 Faulting module name: WeatherD.exe, version: 10.37.0.0, time stamp:

0x4fbeae24 Exception code: 0xc0000005 Fault offset: 0x0130106f Faulting process id:

0x1370 Faulting application start time: 0x01cd44aca331f3e0 Faulting application path:

C:\Program Files\wdisplay\WeatherD.exe Faulting module path: C:\Program Files\wdisplay\WeatherD.exe

Report

Id: f4d5d580-b0a0-11e1-94f7-00e06110cb5d

Error - 6/7/2012 9:07:17 AM | Computer Name = Vista-AMD | Source = Application Hang | ID = 1002

Description = The program WeatherD.exe version 10.37.0.0 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1370 Start

Time: 01cd44aca331f3e0 Termination Time: 15 Application Path: C:\Program Files\wdisplay\WeatherD.exe

Report

Id: b15fd341-b0a1-11e1-94f7-00e06110cb5d

[ Cisco AnyConnect VPN Client Events ]

Error - 8/15/2011 6:59:33 PM | Computer Name = Vista-AMD | Source = vpnagent | ID = 50331649

Description = Function: CertVerifyCertificateChainPolicy Return code: 0x800B0109 File:

.\Certificates\CapiCertificate.cpp Line: 1799 Description: A certificate chain processed,

but terminated in a root certificate which is not trusted by the trust provider.

Error - 8/15/2011 6:59:33 PM | Computer Name = Vista-AMD | Source = vpnagent | ID = 50331649

Description = Function: CertVerifyCertificateChainPolicy Return code: 0x800B0109 File:

.\Certificates\CapiCertificate.cpp Line: 1799 Description: A certificate chain processed,

but terminated in a root certificate which is not trusted by the trust provider.

Error - 8/15/2011 6:59:33 PM | Computer Name = Vista-AMD | Source = vpnagent | ID = 50331649

Description = Function: CNetInterface::GetIPAddrInfo Return code: 0xFE0F0010 File:

.\Utility\NetInterface.cpp Line: 679 Description: NETINTERFACE_ERROR_UNKNOWN

[ Media Center Events ]

Error - 5/21/2009 7:39:08 PM | Computer Name = Vista-AMD | Source = MCUpdate | ID = 0

Description =

[ System Events ]

Error - 6/5/2012 5:30:22 PM | Computer Name = Vista-AMD | Source = Service Control Manager | ID = 7023

Description = The Remote Desktop Services service terminated with the following

error: %%193

Error - 6/5/2012 5:31:04 PM | Computer Name = Vista-AMD | Source = DCOM | ID = 10010

Description =

Error - 6/5/2012 10:41:34 PM | Computer Name = Vista-AMD | Source = Service Control Manager | ID = 7024

Description = The SQL Server Active Directory Helper service terminated with service-specific

error %%-1073741724.

Error - 6/5/2012 10:41:34 PM | Computer Name = Vista-AMD | Source = Service Control Manager | ID = 7023

Description = The Remote Desktop Services service terminated with the following

error: %%193

Error - 6/5/2012 10:41:50 PM | Computer Name = Vista-AMD | Source = Service Control Manager | ID = 7023

Description = The Remote Desktop Services service terminated with the following

error: %%193

Error - 6/5/2012 10:42:21 PM | Computer Name = Vista-AMD | Source = DCOM | ID = 10010

Description =

Error - 6/6/2012 2:53:56 PM | Computer Name = Vista-AMD | Source = Service Control Manager | ID = 7024

Description = The SQL Server Active Directory Helper service terminated with service-specific

error %%-1073741724.

Error - 6/6/2012 2:53:56 PM | Computer Name = Vista-AMD | Source = Service Control Manager | ID = 7023

Description = The Remote Desktop Services service terminated with the following

error: %%193

Error - 6/6/2012 2:54:44 PM | Computer Name = Vista-AMD | Source = Service Control Manager | ID = 7023

Description = The Remote Desktop Services service terminated with the following

error: %%193

Error - 6/6/2012 2:55:22 PM | Computer Name = Vista-AMD | Source = DCOM | ID = 10010

Description =

< End of report >

Maniac · June 7, 2012

Step 1

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\S-1-5-21-4138688568-898451359-665369222-1000\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - No CLSID value found
IE - HKU\S-1-5-21-4138688568-898451359-665369222-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-4138688568-898451359-665369222-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hhttp://isearch.avg.com/search?cid={77634800-15B7-423B-BBB0-EFF083222392}&mid=6d33d770e1ee47d0864cd1a927f422ae-ad1491be2ce6c122f6b66faa90e70c2decf7d34c〈=en&ds=AVG&pr=fr&d=2012-06-0608:37:00&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-4138688568-898451359-665369222-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=SWL&chn=&geo=US&ver=2
IE - HKU\S-1-5-21-4138688568-898451359-665369222-1000\..\SearchScopes\{C8257862-05A5-42E3-899A-9669DF16C9D3}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2548838
IE - HKU\S-1-5-21-4138688568-898451359-665369222-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B8cfc9472-f18d-452c-a4b0-9ca1b86016f7%7D&mid=6d33d770e1ee47d0864cd1a927f422ae-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&v=11.1.0.7〈=en&pr=fr&d=2012-06-06%2008%3A37%3A00&sap=ku&q="
[2012/03/17 08:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\otlq0ecv.default\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb}
[2012/06/06 08:36:57 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/06 14:35:44 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\AVG
[2012/02/28 16:33:44 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Babylon

:Commands
[emptytemp]
[clearallrestorepoints]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 2

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

In your next reply, post the following log files:

OTL Fix log
aswMBR log

jonkjon · June 7, 2012

The aswMBR scan seems to be taking a rather long time. It has been running since 10:30 aAM and it is now 1:55 PM. The last item scanned in the list at this moment was at 13:19....nearly 40 minutes ago. Is this normal?

Maniac · June 7, 2012

No, it is not. Please try again in Safe Mode:

http://windows.microsoft.com/en-us/windows7/Start-your-computer-in-safe-mode

jonkjon · June 7, 2012

Here is the OTL fix log...

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-4138688568-898451359-665369222-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{66bd2442-241b-44cd-8c7a-b51037053cdb} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66bd2442-241b-44cd-8c7a-b51037053cdb}\ not found.

HKEY_USERS\S-1-5-21-4138688568-898451359-665369222-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-4138688568-898451359-665369222-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.

Registry key HKEY_USERS\S-1-5-21-4138688568-898451359-665369222-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.

Registry key HKEY_USERS\S-1-5-21-4138688568-898451359-665369222-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C8257862-05A5-42E3-899A-9669DF16C9D3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8257862-05A5-42E3-899A-9669DF16C9D3}\ not found.

HKU\S-1-5-21-4138688568-898451359-665369222-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename

Prefs.js: "http://isearch.avg.com/search?cid=%7B8cfc9472-f18d-452c-a4b0-9ca1b86016f7%7D&mid=6d33d770e1ee47d0864cd1a927f422ae-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&v=11.1.0.7〈=en&pr=fr&d=2012-06-06%2008%3A37%3A00&sap=ku&q=" removed from keyword.URL

C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\otlq0ecv.default\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb}\components folder moved successfully.

C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\otlq0ecv.default\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb}\chrome folder moved successfully.

C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\otlq0ecv.default\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb} folder moved successfully.

C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml moved successfully.

C:\Users\Jon\AppData\Roaming\AVG\Rescue\ServiceManager folder moved successfully.

C:\Users\Jon\AppData\Roaming\AVG\Rescue\PC Tuneup 2011 folder moved successfully.

C:\Users\Jon\AppData\Roaming\AVG\Rescue folder moved successfully.

C:\Users\Jon\AppData\Roaming\AVG\PC Tuneup\User Reports folder moved successfully.

C:\Users\Jon\AppData\Roaming\AVG\PC Tuneup\Logs folder moved successfully.

C:\Users\Jon\AppData\Roaming\AVG\PC Tuneup folder moved successfully.

C:\Users\Jon\AppData\Roaming\AVG folder moved successfully.

C:\Users\Jon\AppData\Roaming\Babylon folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56466 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: DefaultAppPool

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 0 bytes

User: Jon

->Temp folder emptied: 4173202 bytes

->Temporary Internet Files folder emptied: 14082981 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 319509404 bytes

->Google Chrome cache emptied: 61038662 bytes

->Apple Safari cache emptied: 0 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 2293 bytes

User: Mcx1-VISTA-AMD

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: UpdatusUser.Vista-AMD

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 22399 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 7805907 bytes

Total Files Cleaned = 388.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.46.2 log created on 06072012_101708

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Here is the awsmBR log

Run date: 2012-06-07 10:28:52

-----------------------------

10:28:52.450 OS Version: Windows 6.1.7601 Service Pack 1

10:28:52.450 Number of processors: 3 586 0x402

10:28:52.450 ComputerName: VISTA-AMD UserName: Jon

10:29:04.666 Initialize success

10:30:45.504 AVAST engine defs: 12060700

10:30:52.181 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5

10:30:52.181 Disk 0 Vendor: ST3250310AS 4.AAA Size: 238475MB BusType: 3

10:30:52.181 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3

10:30:52.181 Disk 1 Vendor: WDC_WD5002AALX-00J37A0 15.01H15 Size: 476940MB BusType: 3

10:30:52.212 Disk 1 MBR read successfully

10:30:52.212 Disk 1 MBR scan

10:30:52.212 Disk 1 Windows 7 default MBR code

10:30:52.212 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 2048

10:30:52.228 Disk 1 scanning sectors +976769024

10:30:52.306 Disk 1 scanning C:\Windows\system32\drivers

10:31:05.332 Service scanning

10:31:33.380 Service WRkrn C:\Windows\System32\drivers\WRkrn.sys **LOCKED** 32

10:31:34.784 Modules scanning

10:31:43.177 Disk 1 trace - called modules:

10:31:43.271 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys

10:31:43.271 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xc35639b0]

10:31:43.271 3 CLASSPNP.SYS[c976359e] -> nt!IofCallDriver -> [0xc30d7918]

10:31:43.286 5 ACPI.sys[c943d3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xc30a6030]

10:31:45.517 AVAST engine scan C:\Windows

10:31:49.760 AVAST engine scan C:\Windows\system32

10:35:23.657 AVAST engine scan C:\Windows\system32\drivers

10:35:47.026 AVAST engine scan C:\Users\Jon

14:17:40.240 AVAST engine scan C:\ProgramData

14:17:40.248 Scan finished successfully

16:33:41.782 Disk 1 MBR has been saved successfully to "C:\Users\Jon\Desktop\MBR.dat"

16:33:41.789 The log file has been saved successfully to "C:\Users\Jon\Desktop\aswMBR.txt"

Maniac · June 7, 2012

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

jonkjon · June 8, 2012

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=b4e2fe1f05e6e34e99238a95d3d8f905

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-06-08 02:10:29

# local_time=2012-06-07 10:10:29 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 38752819 38752819 0 0

# compatibility_mode=5893 16776573 100 94 0 90651588 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=1187799

# found=3

# cleaned=3

# scan_time=14632

C:\Users\Jon\Downloads\cnet2_freeocr_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Jon\Downloads\cnet2_revosetup_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Jon\Downloads\coretemp_1236.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Maniac · June 8, 2012

How is your system now?

jonkjon · June 8, 2012

lsass is still continuing to consume what appears to be more than it should.....or am I just being paranoid? This morning, the usage was above 250,000.

Maniac · June 8, 2012

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

jonkjon · June 8, 2012

ComboFix 12-06-08.01 - Jon 06/08/2012 9:53.3.3 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3327.2243 [GMT -4:00]

Running from: c:\users\Jon\Desktop\ComboFix.exe

AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}

SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\boost_interprocess\20120523103051.250400

c:\programdata\boost_interprocess\20120523103051.250400\plex_frame_cond

c:\programdata\boost_interprocess\20120523103051.250400\plex_frame_mutex

c:\users\Public\Plazmic CDK v4_7.exe

c:\users\Public\SpySweeperRegSetup_EN.exe

.

((((((((((((((((((((((((( Files Created from 2012-05-08 to 2012-06-08 )))))))))))))))))))))))))))))))

.

2012-06-08 14:07 . 2012-06-08 14:10 -------- d-----w- c:\users\Jon\AppData\Local\temp

2012-06-08 14:07 . 2012-06-08 14:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-06-08 14:07 . 2012-06-08 14:07 -------- d-----w- c:\users\UpdatusUser.Vista-AMD\AppData\Local\temp

2012-06-08 14:07 . 2012-06-08 14:07 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-06-08 14:07 . 2012-06-08 14:07 -------- d-----w- c:\users\Mcx1-VISTA-AMD\AppData\Local\temp

2012-06-08 14:07 . 2012-06-08 14:07 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp

2012-06-08 14:07 . 2012-06-08 14:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-08 08:22 . 2012-06-08 08:22 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68533E72-7A51-4CDA-8DE9-2FD46947B9A1}\offreg.dll

2012-06-08 08:21 . 2012-05-15 05:43 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68533E72-7A51-4CDA-8DE9-2FD46947B9A1}\mpengine.dll

2012-06-07 21:30 . 2012-06-07 21:30 -------- d-----w- c:\program files\ESET

2012-06-07 21:28 . 2012-06-07 21:29 -------- d-----w- c:\users\Jon\AppData\Local\lptmp1541773555

2012-06-07 21:28 . 2012-06-08 13:49 7021336 ----a-w- c:\users\DefaultAppPool\AppData\Roaming\wruninstall.exe

2012-06-07 21:28 . 2012-06-08 13:49 7021336 ----a-w- c:\users\Mcx1-VISTA-AMD\AppData\Roaming\wruninstall.exe

2012-06-07 21:28 . 2012-06-08 13:49 7021336 ----a-w- c:\users\UpdatusUser.Vista-AMD\AppData\Roaming\wruninstall.exe

2012-06-07 14:24 . 2012-06-07 14:24 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

2012-06-07 14:24 . 2012-06-07 14:24 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

2012-06-07 14:17 . 2012-06-07 14:17 -------- d-----w- C:\_OTL

2012-06-07 12:32 . 2012-06-07 12:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-07 12:32 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-06 12:36 . 2012-06-06 12:36 -------- d--h--w- c:\programdata\Common Files

2012-06-06 12:33 . 2012-06-06 18:52 -------- d-----w- c:\programdata\MFAData

2012-06-04 21:01 . 2012-06-04 21:01 -------- d-----w- c:\program files\Marvell

2012-06-04 02:27 . 2012-06-04 02:27 -------- d-----w- c:\windows\system32\wbem\Logs

2012-06-03 01:39 . 2012-06-03 01:39 -------- d-----w- c:\users\Jon\AppData\Local\lptmp485083199

2012-06-03 01:33 . 2012-06-03 01:33 -------- d-----w- c:\windows\system32\drivers\NST

2012-06-03 01:33 . 2012-06-03 01:33 -------- d-----w- c:\program files\Norton Safe Web Lite

2012-06-02 00:52 . 2012-04-04 22:47 772504 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-06-02 00:52 . 2012-06-02 00:52 -------- d-----w- c:\program files\Common Files\Java

2012-06-02 00:47 . 2012-06-02 00:47 -------- d-----w- c:\program files\Oracle

2012-05-23 16:46 . 2012-05-23 16:46 -------- d-----w- c:\users\Jon\AppData\Local\Microsoft Game Studios

2012-05-23 13:30 . 2012-04-18 17:08 27968 ----a-w- c:\windows\system32\nvhdap32.dll

2012-05-23 13:30 . 2012-04-18 17:08 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys

2012-05-23 13:30 . 2012-04-18 17:08 67392 ----a-w- c:\windows\system32\nvapo32v.dll

2012-05-23 13:30 . 2012-05-15 10:26 202048 ----a-w- c:\windows\system32\nvinit.dll

2012-05-23 13:30 . 2012-05-15 10:26 19607872 ----a-w- c:\windows\system32\nvoglv32.dll

2012-05-23 13:30 . 2012-05-15 10:26 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-05-23 13:30 . 2012-05-15 10:26 5982528 ----a-w- c:\windows\system32\nvcuda.dll

2012-05-23 13:30 . 2012-05-15 10:26 301376 ----a-w- c:\windows\system32\nvdecodemft.dll

2012-05-23 13:30 . 2012-05-15 10:26 2524992 ----a-w- c:\windows\system32\nvcuvid.dll

2012-05-23 13:30 . 2012-05-15 10:26 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-05-23 13:30 . 2012-05-15 10:26 17551680 ----a-w- c:\windows\system32\nvcompiler.dll

2012-05-22 02:49 . 2012-05-22 02:49 -------- d-----w- c:\program files\Common Files\InstallShield

2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\system32\nvStreaming.exe

2012-05-11 00:15 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-11 00:14 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-11 00:13 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-11 00:13 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-05-11 00:10 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-11 00:10 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-11 00:10 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-05-10 22:09 . 2012-05-10 22:09 -------- d-----w- c:\program files\Elaborate Bytes

2012-05-10 22:08 . 2012-05-10 22:08 -------- d-----w- c:\program files\Alex Feinman

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-15 10:26 . 2012-04-06 17:36 883008 ----a-w- c:\windows\system32\nvgenco32.dll

2012-05-15 10:26 . 2012-04-06 17:36 818496 ----a-w- c:\windows\system32\nvumdshim.dll

2012-05-15 10:26 . 2012-04-06 17:36 61248 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 10:26 . 2012-04-06 17:36 15322432 ----a-w- c:\windows\system32\nvd3dum.dll

2012-05-15 10:26 . 2012-04-06 17:36 1000768 ----a-w- c:\windows\system32\nvdispco32.dll

2012-05-15 10:26 . 2010-11-29 17:56 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll

2012-05-15 10:26 . 2010-11-29 17:56 2368832 ----a-w- c:\windows\system32\nvapi.dll

2012-05-15 09:28 . 2010-10-16 17:42 645440 ----a-w- c:\windows\system32\nvvsvc.exe

2012-05-15 09:28 . 2010-10-16 17:42 62272 ----a-w- c:\windows\system32\nvshext.dll

2012-05-15 09:28 . 2010-10-16 17:42 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-15 09:28 . 2010-10-16 17:42 3931456 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-15 09:27 . 2010-10-16 17:42 2759488 ----a-w- c:\windows\system32\nvsvc.dll

2012-05-05 03:10 . 2012-05-05 03:10 87608 ----a-w- c:\users\Jon\AppData\Roaming\inst.exe

2012-05-05 03:10 . 2011-02-02 13:16 47360 ----a-w- c:\users\Jon\AppData\Roaming\pcouffin.sys

2012-05-04 23:23 . 2012-04-04 20:23 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-04 23:23 . 2011-04-15 18:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-04-18 17:08 . 2012-04-06 17:36 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll

2012-04-13 14:05 . 2012-04-13 14:05 218504 ----a-w- c:\windows\system32\ftd2xx.dll

2012-04-13 14:05 . 2012-04-13 14:05 105352 ----a-w- c:\windows\system32\ftbusui.dll

2012-04-13 14:05 . 2012-04-13 14:05 62216 ----a-w- c:\windows\system32\drivers\ftdibus.sys

2012-04-13 14:05 . 2012-04-13 14:05 201096 ----a-w- c:\windows\system32\FTLang.dll

2012-04-13 14:05 . 2012-04-13 14:05 69000 ----a-w- c:\windows\system32\ftcserco.dll

2012-04-13 14:05 . 2012-04-13 14:05 73096 ----a-w- c:\windows\system32\drivers\ftser2k.sys

2012-04-13 14:04 . 2012-04-13 14:04 52616 ----a-w- c:\windows\system32\ftserui2.dll

2012-04-09 21:10 . 2012-04-09 21:10 135952 ----a-w- c:\windows\system32\drivers\tmrkb.sys

2012-04-09 21:10 . 2012-04-09 21:10 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2012-04-09 04:17 . 2010-01-07 00:04 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-04-09 04:17 . 2010-06-03 16:03 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-04-09 04:16 . 2010-01-07 00:04 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-04-09 04:16 . 2010-01-07 00:04 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2012-04-04 22:47 . 2010-05-26 19:00 687504 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-27 14:48 . 2012-03-27 14:48 319264 ----a-w- c:\windows\system32\drivers\yk62x86.sys

2011-01-23 14:43 . 2011-01-23 14:44 388608 ----a-w- c:\program files\HijackThis.exe

2012-06-07 14:24 . 2011-09-02 00:32 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2011-02-25 . B0A5A2CD481563430D09B497605497B6 . 521216 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_90a6abb3b286306d\termsrv.dll

[-] 2010-11-21 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] . . c:\windows\System32\termsrv.dll

[7] 2010-11-20 . 382C804C92811BE57829D8E550A900E2 . 521216 . . [6.1.7601.17514] . . c:\windows\ERDNT\cache\termsrv.dll

[7] 2009-07-14 . A01E50A04D7B1960B33E92B9080E6A94 . 543232 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_8e7597ebb597acd3\termsrv.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

LogTemp.exe - Shortcut.lnk - c:\program files\LogTemp\LogTemp.exe [2011-8-1 710656]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Dyn Updater Tray Icon.lnk - c:\program files\DynDNS Updater\DynTray.exe [2011-11-15 78192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Beyond TV.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Beyond TV.lnk

backup=c:\windows\pss\Beyond TV.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dyn Updater Tray Icon.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Dyn Updater Tray Icon.lnk

backup=c:\windows\pss\Dyn Updater Tray Icon.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GammaTray.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.lnk

backup=c:\windows\pss\GammaTray.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Media Browser Service.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Media Browser Service.lnk

backup=c:\windows\pss\Media Browser Service.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Twonky Tray Control.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Twonky Tray Control.lnk

backup=c:\windows\pss\Twonky Tray Control.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]

backup=c:\windows\pss\VPN Client.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Jon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]

path=c:\users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2011-06-16 20:43 499608 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]

2011-03-03 01:35 12008296 ----a-w- c:\program files\Adobe\Adobe Bridge CS5.1\Bridge.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]

2011-01-12 11:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]

2012-05-08 04:31 3331872 ----a-w- c:\users\Jon\AppData\Local\Akamai\netsession_win.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2011-10-06 05:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-03-13 18:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAHeadless]

2011-09-15 02:09 539800 ----a-w- c:\program files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Delphi 5#Autostart]

2012-05-25 14:54 35873792 ----a-w- c:\program files\wdisplay\WeatherD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2008-09-04 13:13 133104 ----atw- c:\users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImpulseFastStart]

2011-04-29 16:12 2389280 ----a-w- c:\program files\Stardock\Impulse\Impulse.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicTuneLauncher]

2010-12-21 14:39 51712 ----a-w- c:\program files\MagicTune Premium\MagicTuneLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2012-05-15 09:28 3931456 ----a-w- c:\windows\System32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 17:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]

2009-10-01 00:57 718688 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 ALSysIO;ALSysIO;c:\users\Jon\AppData\Local\Temp\ALSysIO.sys [x]

R3 AVerFx2hbtv;AVerMedia H826 USB Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [2009-12-08 437888]

R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-05-28 391296]

R3 libusb0;LibUsb-Win32 - Kernel Driver 03/15/2010,1.12.0.1;c:\windows\system32\DRIVERS\libusb0.sys [2010-03-15 20992]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-02-02 47360]

R3 SaiH0461;SaiH0461;c:\windows\system32\DRIVERS\SaiH0461.sys [2008-03-26 136832]

R3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [2010-04-22 138760]

R3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2010-04-22 35336]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-28 1343400]

R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-10-13 25704]

R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-04-13 25704]

R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-04-13 25704]

R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-04-13 25704]

R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-04-13 25704]

R4 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-15 169624]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]

R4 DropFolders;DropFolders;c:\program files\Windows Resource Kits\Tools\SRVANY.exe [2003-04-18 8192]

R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-20 116648]

R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-20 116648]

R4 Media Center 15 Service;Media Center 15 Service;c:\program files\J River\Media Center 15\JRService.exe [2011-02-03 382096]

R4 Media Center 16 Service;Media Center 16 Service;c:\program files\J River\Media Center 16\JRService.exe [2011-10-18 384136]

R4 Media Center 17 Service;Media Center 17 Service;c:\program files\J River\Media Center 17\JRService.exe [2011-12-08 385664]

R4 MSSQL$ESC;SQL Server (ESC);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]

R4 NPVR Recording Service;NPVR Recording Service;c:\program files\NPVR\NRecord.exe [x]

R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

R4 PlayItVideoServer;PlayIt Video Server Manager;c:\program files\Luttmann\vmcPlayIt\PlayItVideoServer.exe [x]

R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-18 240736]

R4 ShowAnalyzerMaster;ShowAnalyzerMaster;c:\program files\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe [x]

R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-03 691696]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 370016]

R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

R4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R4 TEDService;TEDService;c:\program files\EnergyInc\TEDFootprints\TEDService.exe [2009-02-04 7168]

S1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\NST\0200000.010\ccSetx86.sys [2011-08-08 132744]

S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-03-31 20968]

S2 Dyn Updater;Dyn Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [2011-11-15 95608]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2011-08-10 138760]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-04-18 148800]

S3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclock.sys [2009-09-15 38248]

S3 SaiH0763;SaiH0763;c:\windows\system32\DRIVERS\SaiH0763.sys [2008-02-15 136832]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2012-03-27 319264]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - eeCtrl

*Deregistered* - EraserUtilRebootDrv

*Deregistered* - hmonitor

*Deregistered* - SYMFW

*Deregistered* - SYMNDISV

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc

iissvcs REG_MULTI_SZ w3svc was

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:23]

.

2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-20 21:04]

.

2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-20 21:04]

.

2012-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4138688568-898451359-665369222-1000Core.job

- c:\users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04 13:13]

.

2012-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4138688568-898451359-665369222-1000UA.job

- c:\users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04 13:13]

.

------- Supplementary Scan -------

.

IE: Add to Playlist - c:\program files\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314

Trusted Zone: williamsburgva.gov\webaccess

Trusted Zone: zynga.com\company

TCP: Interfaces\{C4ED51E1-2977-490A-BB68-2594F80A60EF}: NameServer = 8.8.8.8,8.8.4.4

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://webvpn.williamsburgva.gov/CACHE/stc/1/binaries/vpnweb.cab

FF - ProfilePath - c:\users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\otlq0ecv.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q=

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

MSConfigStartUp-Memeo AutoSync - c:\program files\Memeo\AutoSync\MemeoLauncher2.exe

MSConfigStartUp-NVIDIA nTune - c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL]

"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,

7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,

64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c

"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,

69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18

"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,

6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:08,41,43,72,f9,2e,cd,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,68,75,1b,35,b4,6e,41,bd,b8,95,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,68,75,1b,35,b4,6e,41,bd,b8,95,\

.

[HKEY_USERS\S-1-5-21-4138688568-898451359-665369222-1000\Software\SecuROM\License information*]

"datasecu"=hex:c9,a0,80,da,a6,c9,47,0e,e0,64,9d,b7,aa,8d,46,ef,9d,e2,b6,19,9e,

0d,78,3a,16,09,77,b5,b5,8f,d7,3d,56,14,fc,2a,9f,4e,f3,83,61,b8,f3,3b,a5,7d,\

"rkeysecu"=hex:ac,4f,5e,78,c9,af,61,4e,ee,8a,31,f9,dd,2a,44,28

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(1668)

c:\program files\WinSCP\DragExt.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\NVIDIA Corporation\Display\nvxdsync.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conhost.exe

c:\program files\NVIDIA Corporation\Display\nvtray.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\RtHDVCpl.exe

c:\windows\system32\mdm.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Completion time: 2012-06-08 10:17:13 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-08 14:17

.

Pre-Run: 155,363,614,720 bytes free

Post-Run: 155,193,798,656 bytes free

.

- - End Of File - - BFCB85CBA7367B77DFBCB700C6E21ED1

Maniac · June 8, 2012

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

FCopy::
c:\windows\ERDNT\cache\termsrv.dll | c:\windows\System32\termsrv.dll

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

jonkjon · June 8, 2012

OK I will try this shortly, however, I am having some trouble killing webroot. If i choose to "Shutdown Webroot Protection" from their menu option, combofix complains that it is still running. Is this ok or do you have another way...

jonkjon · June 8, 2012

ComboFix 12-06-08.01 - Jon 06/08/2012 11:08:02.4.3 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3327.2165 [GMT -4:00]

Running from: c:\users\Jon\Desktop\ComboFix.exe

Command switches used :: c:\users\Jon\Desktop\CFScript.txt

AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}

SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Jon\AppData\Roaming\inst.exe

c:\windows\system32\avisynth.dll

c:\windows\system32\devil.dll

.

Infected copy of c:\windows\system32\imm32.dll was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\imm32.dll

.

--------------- FCopy ---------------

.

c:\windows\ERDNT\cache\termsrv.dll --> c:\windows\System32\termsrv.dll

.

((((((((((((((((((((((((( Files Created from 2012-05-08 to 2012-06-08 )))))))))))))))))))))))))))))))

.

2012-06-08 15:22 . 2012-06-08 15:25 -------- d-----w- c:\users\Jon\AppData\Local\temp

2012-06-08 15:22 . 2012-06-08 15:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-06-08 15:22 . 2012-06-08 15:22 -------- d-----w- c:\users\UpdatusUser.Vista-AMD\AppData\Local\temp

2012-06-08 15:22 . 2012-06-08 15:22 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-06-08 15:22 . 2012-06-08 15:22 -------- d-----w- c:\users\Mcx1-VISTA-AMD\AppData\Local\temp

2012-06-08 15:22 . 2012-06-08 15:22 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp

2012-06-08 15:22 . 2012-06-08 15:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-08 14:30 . 2012-06-08 14:30 7021336 ----a-w- c:\program files\Common Files\wruninstall.exe

2012-06-08 14:29 . 2012-06-08 14:29 -------- d-----w- c:\users\Jon\AppData\Local\lptmp1959807571

2012-06-08 14:29 . 2012-06-08 14:29 148664 ----a-w- c:\windows\system32\WRusr.dll

2012-06-08 14:29 . 2012-06-08 14:29 111120 ----a-w- c:\windows\system32\drivers\WRkrn.sys

2012-06-08 14:29 . 2012-06-08 14:59 -------- d-----w- c:\programdata\WRData

2012-06-08 14:29 . 2012-06-08 14:29 -------- d-----w- c:\program files\Webroot

2012-06-08 08:22 . 2012-06-08 15:05 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68533E72-7A51-4CDA-8DE9-2FD46947B9A1}\offreg.dll