Redirect for Google searches

hjc1710 · July 8, 2012

Like the other posts, going to Google search results redirects me to random pages. services-search.me has been one of them.

It only happens on Google Chrome.

Ran a full Malware Bytes scan, got some things, but didn't fix it. Also ran a full AVG scan, which got nothing.

Thanks in advance.

DDS.txt

Attach.txt

Maniac · July 8, 2012

Hello hjc1710 and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please unisntall the following applications:

DC++ 0.799

Uniblue RegistryBooster 2010

Uniblue System Tweaker

Vuze

Vuze_Remote Toolbar

Step 2

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Please tick the Scan All users. Copy and Paste the following code into the textbox:

%USERPROFILE%\*.*
%USERPROFILE%\AppData\Local\*.*
%USERPROFILE%\AppData\Roaming\*.*
%windir%\temp\*.*

Next, push the RunScan button.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

hjc1710 · July 8, 2012

GeeksToGo is down... any other reliable source for me to download OTL?

Been waiting on it to come back for a couple hours now.

Maniac · July 8, 2012

Yes, there is a problem, please wait. Thanks!

hjc1710 · July 9, 2012

Small notes: I've had all 3 of those programs for at least 6 months (some 2 years or so) before this happened. I'm pretty cautious about what I torrent and what I grab over DC++. I've, of course, uninstalled them. Just thought maybe this would help.

Anyway, GeeksToGo came back, here are the OTL logs:

OTL.txt

OTL logfile created on: 7/9/2012 6:05:02 PM - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Hayden\Desktop\downloads

64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 7.60 Gb Available Physical Memory | 63.34% Memory free

23.98 Gb Paging File | 19.42 Gb Available in Paging File | 80.98% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 82.37 Gb Free Space | 8.84% Space Free | Partition Type: NTFS

Drive D: | 641.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive L: | 931.39 Gb Total Space | 467.34 Gb Free Space | 50.18% Space Free | Partition Type: NTFS

Computer Name: HAYDEN-PC | User Name: Hayden | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/09 18:02:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Hayden\Desktop\downloads\OTL.exe

PRC - [2012/06/24 21:47:42 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE

PRC - [2012/06/13 16:53:48 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

PRC - [2012/06/05 16:55:32 | 000,144,896 | ---- | M] (Motorola Mobility Inc.) -- C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe

PRC - [2012/06/05 16:55:28 | 000,240,056 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe

PRC - [2012/06/05 11:48:30 | 000,087,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe

PRC - [2012/06/04 19:46:02 | 000,116,632 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

PRC - [2012/05/30 15:01:36 | 000,932,528 | ---- | M] () -- C:\Users\Hayden\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

PRC - [2012/05/25 10:48:55 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\952\g2mstart.exe

PRC - [2012/05/25 10:48:55 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\952\g2mlauncher.exe

PRC - [2012/05/25 10:48:55 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\952\g2mcomm.exe

PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Hayden\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2012/05/03 13:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/03/25 07:04:45 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\Hayden\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe

PRC - [2012/01/26 12:47:32 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe

PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/12/06 06:59:12 | 000,212,480 | ---- | M] () -- C:\Program Files (x86)\Subsonic\subsonic-service.exe

PRC - [2011/12/06 06:59:08 | 000,206,336 | ---- | M] () -- C:\Program Files (x86)\Subsonic\subsonic-agent.exe

PRC - [2011/11/14 12:48:52 | 000,161,792 | ---- | M] (CodeLathe LLC) -- C:\Users\Hayden\AppData\Roaming\Tonido\tonido.exe

PRC - [2011/09/10 04:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe

PRC - [2011/09/10 04:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- c:\xampp\apache\bin\httpd.exe

PRC - [2011/09/09 12:46:10 | 008,158,720 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe

PRC - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe

PRC - [2011/08/21 17:55:44 | 000,858,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsColor-8.00.048\Applets\x86\LCDYT.exe

PRC - [2011/08/21 17:55:44 | 000,850,504 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsColor-8.00.048\Applets\x86\LCDMovieViewer.exe

PRC - [2011/08/21 17:55:44 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x86\LCDMedia.exe

PRC - [2011/08/21 17:55:44 | 000,498,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsColor-8.00.048\Applets\x86\LCDWebCam.exe

PRC - [2011/08/02 17:13:53 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

PRC - [2011/06/07 14:29:16 | 000,630,272 | ---- | M] (FileZilla Project) -- C:\xampp\FileZillaFTP\FileZillaServer.exe

PRC - [2011/05/25 08:22:42 | 000,925,696 | ---- | M] (full phat products) -- C:\Program Files (x86)\full phat\Snarl\snarl.exe

PRC - [2011/05/02 07:18:28 | 000,139,264 | ---- | M] () -- C:\xampp\xampp-control.exe

PRC - [2011/04/22 12:27:22 | 000,073,216 | ---- | M] (Jonus Conrad & Noer.IT) -- C:\Program Files (x86)\full phat\Snarl\extensions\AudioMon\snarl-audiomon.exe

PRC - [2010/11/24 11:01:03 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe

PRC - [2010/08/31 23:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

PRC - [2010/07/21 08:48:09 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe

PRC - [2010/06/22 09:01:43 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

PRC - [2009/12/21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe

PRC - [2009/08/26 22:18:42 | 000,115,200 | ---- | M] () -- C:\Users\Hayden\Desktop\downloads\SirReal\LCDSirReal.exe

PRC - [2009/07/14 00:28:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe

PRC - [2009/07/14 00:22:08 | 001,263,616 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe

PRC - [2009/04/02 12:27:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

PRC - [2008/08/06 16:31:44 | 000,233,576 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/07 19:32:24 | 000,557,056 | ---- | M] () -- C:\Users\Hayden\AppData\Local\Temp\zumotaglib.dll9112996181380918788.lib

MOD - [2012/07/07 19:29:24 | 000,159,744 | ---- | M] () -- C:\Users\Hayden\AppData\Local\Temp\ZumoLocalGateway.dll5659253390722255869.lib

MOD - [2012/07/07 19:29:19 | 000,311,808 | ---- | M] () -- C:\Users\Hayden\AppData\Local\Temp\WindowsFolderWatcher.dll591587765627901584.lib

MOD - [2012/07/07 19:23:30 | 000,509,440 | ---- | M] () -- C:\Users\Hayden\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll

MOD - [2012/07/07 19:22:30 | 000,203,776 | ---- | M] () -- C:\Users\Hayden\AppData\Local\Temp\WindowsAPI.dll5682529775697862198.lib

MOD - [2012/06/28 05:28:56 | 000,438,296 | ---- | M] () -- C:\Users\Hayden\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppgooglenaclpluginchrome.dll

MOD - [2012/06/28 05:28:54 | 003,972,120 | ---- | M] () -- C:\Users\Hayden\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll

MOD - [2012/06/28 05:27:40 | 000,554,520 | ---- | M] () -- C:\Users\Hayden\AppData\Local\Google\Chrome\Application\20.0.1132.47\libglesv2.dll

MOD - [2012/06/28 05:27:38 | 000,117,784 | ---- | M] () -- C:\Users\Hayden\AppData\Local\Google\Chrome\Application\20.0.1132.47\libegl.dll

MOD - [2012/06/28 05:27:29 | 000,140,328 | ---- | M] () -- C:\Users\Hayden\AppData\Local\Google\Chrome\Application\20.0.1132.47\avutil-51.dll

MOD - [2012/06/28 05:27:28 | 000,262,184 | ---- | M] () -- C:\Users\Hayden\AppData\Local\Google\Chrome\Application\20.0.1132.47\avformat-54.dll

MOD - [2012/06/28 05:27:26 | 002,386,984 | ---- | M] () -- C:\Users\Hayden\AppData\Local\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll

MOD - [2012/06/28 03:27:26 | 009,252,040 | ---- | M] () -- C:\Users\Hayden\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll

MOD - [2012/06/19 21:04:00 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2012/06/19 21:04:00 | 000,214,528 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\mssvoice.asi

MOD - [2012/06/19 21:04:00 | 000,095,744 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\mssmp3.asi

MOD - [2012/06/19 21:03:33 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2012/06/19 21:03:32 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll

MOD - [2012/06/19 21:03:31 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll

MOD - [2012/06/19 21:03:31 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll

MOD - [2012/06/05 16:55:32 | 000,207,872 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmatroska.dll

MOD - [2012/06/05 16:55:32 | 000,150,528 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegdemux.dll

MOD - [2012/06/05 16:55:32 | 000,132,608 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstogg.dll

MOD - [2012/06/05 16:55:32 | 000,075,776 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideoscale.dll

MOD - [2012/06/05 16:55:32 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgsttypefindfunctions.dll

MOD - [2012/06/05 16:55:32 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideobox.dll

MOD - [2012/06/05 16:55:32 | 000,054,784 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstsmpte.dll

MOD - [2012/06/05 16:55:32 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvorbis.dll

MOD - [2012/06/05 16:55:32 | 000,051,712 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstsubparse.dll

MOD - [2012/06/05 16:55:32 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstwavpack.dll

MOD - [2012/06/05 16:55:32 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegaudioparse.dll

MOD - [2012/06/05 16:55:32 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstwavparse.dll

MOD - [2012/06/05 16:55:32 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegtsmux.dll

MOD - [2012/06/05 16:55:32 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstreplaygain.dll

MOD - [2012/06/05 16:55:32 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvolume.dll

MOD - [2012/06/05 16:55:32 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideocrop.dll

MOD - [2012/06/05 16:55:32 | 000,029,184 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstpng.dll

MOD - [2012/06/05 16:55:32 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmultipart.dll

MOD - [2012/06/05 16:55:32 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideorate.dll

MOD - [2012/06/05 16:55:32 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegvideoparse.dll

MOD - [2012/06/05 16:55:32 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmultifile.dll

MOD - [2012/06/05 16:55:32 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmulaw.dll

MOD - [2012/06/05 16:55:32 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgsty4menc.dll

MOD - [2012/06/05 16:55:32 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstshift.dll

MOD - [2012/06/05 16:55:30 | 002,009,600 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstfluh264dec.dll

MOD - [2012/06/05 16:55:30 | 001,694,208 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstfluaacdec.dll

MOD - [2012/06/05 16:55:30 | 001,563,136 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflump3enc.dll

MOD - [2012/06/05 16:55:30 | 001,520,128 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libvorbisenc-2.dll

MOD - [2012/06/05 16:55:30 | 001,396,736 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libxml2-2.dll

MOD - [2012/06/05 16:55:30 | 001,376,256 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflump3dec.dll

MOD - [2012/06/05 16:55:30 | 000,531,968 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg4video.dll

MOD - [2012/06/05 16:55:30 | 000,363,008 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg2video.dll

MOD - [2012/06/05 16:55:30 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstisomp4.dll

MOD - [2012/06/05 16:55:30 | 000,212,480 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstcoreelements.dll

MOD - [2012/06/05 16:55:30 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libwavpack-1.dll

MOD - [2012/06/05 16:55:30 | 000,187,904 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstffmpegcolorspace.dll

MOD - [2012/06/05 16:55:30 | 000,162,304 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libvorbis-0.dll

MOD - [2012/06/05 16:55:30 | 000,123,904 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstavi.dll

MOD - [2012/06/05 16:55:30 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstfluasfdemux.dll

MOD - [2012/06/05 16:55:30 | 000,119,296 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumpegdemux.dll

MOD - [2012/06/05 16:55:30 | 000,091,136 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstdshowdecwrapper.dll

MOD - [2012/06/05 16:55:30 | 000,088,064 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflummssrc.dll

MOD - [2012/06/05 16:55:30 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstdecodebin2.dll

MOD - [2012/06/05 16:55:30 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\z.dll

MOD - [2012/06/05 16:55:30 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaudioconvert.dll

MOD - [2012/06/05 16:55:30 | 000,075,776 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflv.dll

MOD - [2012/06/05 16:55:30 | 000,073,216 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstdshowsrcwrapper.dll

MOD - [2012/06/05 16:55:30 | 000,069,120 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflac.dll

MOD - [2012/06/05 16:55:30 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstjpeg.dll

MOD - [2012/06/05 16:55:30 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaudioresample.dll

MOD - [2012/06/05 16:55:30 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstalpha.dll

MOD - [2012/06/05 16:55:30 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaiff.dll

MOD - [2012/06/05 16:55:30 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstgio.dll

MOD - [2012/06/05 16:55:30 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumch264enc.dll

MOD - [2012/06/05 16:55:30 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstinterleave.dll

MOD - [2012/06/05 16:55:30 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstid3tag.dll

MOD - [2012/06/05 16:55:30 | 000,033,280 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumcaacenc.dll

MOD - [2012/06/05 16:55:30 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstid3demux.dll

MOD - [2012/06/05 16:55:30 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstautoconvert.dll

MOD - [2012/06/05 16:55:30 | 000,030,208 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstadder.dll

MOD - [2012/06/05 16:55:30 | 000,029,696 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstgdp.dll

MOD - [2012/06/05 16:55:30 | 000,029,184 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstautodetect.dll

MOD - [2012/06/05 16:55:30 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstequalizer.dll

MOD - [2012/06/05 16:55:30 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaudiorate.dll

MOD - [2012/06/05 16:55:30 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstamrnb.dll

MOD - [2012/06/05 16:55:30 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstlevel.dll

MOD - [2012/06/05 16:55:30 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstauparse.dll

MOD - [2012/06/05 16:55:30 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstalaw.dll

MOD - [2012/06/05 16:55:30 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstalphacolor.dll

MOD - [2012/06/05 16:55:30 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstcutter.dll

MOD - [2012/06/05 16:55:30 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstapetag.dll

MOD - [2012/06/05 16:55:30 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstamrwbdec.dll

MOD - [2012/06/05 16:55:30 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstadpcmdec.dll

MOD - [2012/06/05 16:55:30 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstcoreindexers.dll

MOD - [2012/06/05 16:55:28 | 000,699,392 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstreamer-0.10.dll

MOD - [2012/06/05 16:55:28 | 000,471,552 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\liborc-0.4-0.dll

MOD - [2012/06/05 16:55:28 | 000,331,264 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libFLAC-8.dll

MOD - [2012/06/05 16:55:28 | 000,276,992 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libjpeg-8.dll

MOD - [2012/06/05 16:55:28 | 000,253,440 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstbase-0.10.dll

MOD - [2012/06/05 16:55:28 | 000,248,352 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libopencore-amrnb.0.1.1.dll

MOD - [2012/06/05 16:55:28 | 000,240,056 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe

MOD - [2012/06/05 16:55:28 | 000,190,976 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libpng14-14.dll

MOD - [2012/06/05 16:55:28 | 000,133,120 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgsttag-0.10.dll

MOD - [2012/06/05 16:55:28 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstcontroller-0.10.dll

MOD - [2012/06/05 16:55:28 | 000,123,947 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libopencore-amrwb.0.1.1.dll

MOD - [2012/06/05 16:55:28 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstaudio-0.10.dll

MOD - [2012/06/05 16:55:28 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstpbutils-0.10.dll

MOD - [2012/06/05 16:55:28 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstrtp-0.10.dll

MOD - [2012/06/05 16:55:28 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstinterfaces-0.10.dll

MOD - [2012/06/05 16:55:28 | 000,041,984 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstriff-0.10.dll

MOD - [2012/06/05 16:55:28 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstvideo-0.10.dll

MOD - [2012/06/05 16:55:28 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libogg-0.dll

MOD - [2012/06/05 16:55:28 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstdataprotocol-0.10.dll

MOD - [2012/05/30 15:01:36 | 000,932,528 | ---- | M] () -- C:\Users\Hayden\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

MOD - [2012/03/16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll

MOD - [2012/03/16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll

MOD - [2011/12/06 06:59:08 | 000,206,336 | ---- | M] () -- C:\Program Files (x86)\Subsonic\subsonic-agent.exe

MOD - [2011/11/14 13:02:36 | 000,246,272 | ---- | M] () -- C:\Users\Hayden\AppData\Roaming\Tonido\plugins\explorer\explorer.dll

MOD - [2011/11/14 12:59:16 | 000,429,056 | ---- | M] () -- C:\Users\Hayden\AppData\Roaming\Tonido\plugins\search\search.dll

MOD - [2011/11/14 12:53:26 | 001,058,304 | ---- | M] () -- C:\Users\Hayden\AppData\Roaming\Tonido\plugins\webshare\webshare.dll

MOD - [2011/11/14 12:48:18 | 003,194,880 | ---- | M] () -- C:\Users\Hayden\AppData\Roaming\Tonido\core.dll

MOD - [2011/10/13 22:49:12 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

MOD - [2011/05/23 02:46:31 | 000,645,632 | ---- | M] () -- C:\Windows\SysWOW64\xvidcore.dll

MOD - [2011/05/02 07:18:28 | 000,139,264 | ---- | M] () -- C:\xampp\xampp-control.exe

MOD - [2009/09/11 03:40:56 | 000,503,808 | ---- | M] () -- C:\Users\Hayden\AppData\Roaming\Tonido\gdbuild.dll

MOD - [2009/09/11 02:46:36 | 000,272,896 | ---- | M] () -- C:\Users\Hayden\AppData\Roaming\Tonido\PocoUtil.dll

MOD - [2009/09/11 02:45:56 | 001,148,416 | ---- | M] () -- C:\Users\Hayden\AppData\Roaming\Tonido\PocoFoundation.dll

MOD - [2009/09/11 02:43:20 | 000,161,792 | ---- | M] () -- C:\Users\Hayden\AppData\Roaming\Tonido\PocoNetSSL.dll

MOD - [2009/09/11 02:42:38 | 000,229,888 | ---- | M] () -- C:\Users\Hayden\AppData\Roaming\Tonido\PocoZip.dll

MOD - [2009/09/11 02:42:34 | 000,514,048 | ---- | M] () -- C:\Users\Hayden\AppData\Roaming\Tonido\PocoXML.dll

MOD - [2009/09/11 02:42:26 | 000,636,928 | ---- | M] () -- C:\Users\Hayden\AppData\Roaming\Tonido\PocoNet.dll

MOD - [2009/08/26 22:18:42 | 000,115,200 | ---- | M] () -- C:\Users\Hayden\Desktop\downloads\SirReal\LCDSirReal.exe

MOD - [2009/07/14 00:28:04 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIRES.DLL

MOD - [2009/06/29 10:54:08 | 000,164,864 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL

MOD - [2009/02/06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/06/24 21:47:38 | 000,216,072 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe -- (NitroDriverReadSpool2)

SRV:64bit: - [2012/04/05 21:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011/04/01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/08/17 10:52:26 | 000,116,224 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService.exe)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2009/07/13 20:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)

SRV:64bit: - [2009/07/13 20:39:13 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)

SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)

SRV - [2012/07/07 01:02:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/06/24 21:47:42 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)

SRV - [2012/06/05 11:48:30 | 000,087,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)

SRV - [2012/06/04 19:46:02 | 000,116,632 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/12/07 00:33:35 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/12/06 06:59:12 | 000,212,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Subsonic\subsonic-service.exe -- (Subsonic)

SRV - [2011/11/08 13:59:00 | 000,014,216 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)

SRV - [2011/09/10 04:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2)

SRV - [2011/09/09 12:46:10 | 008,158,720 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql)

SRV - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)

SRV - [2011/06/07 14:29:16 | 000,630,272 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)

SRV - [2010/07/21 08:48:09 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)

SRV - [2010/06/22 09:01:43 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

SRV - [2009/10/31 00:55:19 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)

SRV - [2009/10/30 22:14:29 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2009/07/13 20:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/04/02 12:27:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/06 00:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/04/05 20:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/02/23 07:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2011/12/19 14:45:22 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)

DRV:64bit: - [2011/09/13 08:48:05 | 000,035,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/05/06 08:01:42 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)

DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/12/12 16:45:27 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)

DRV:64bit: - [2010/12/12 16:45:27 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)

DRV:64bit: - [2010/11/22 16:22:38 | 000,023,040 | ---- | M] (Sagatek Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MO3v2Driver.sys -- (SSMO3v2Filter)

DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/09/12 01:24:54 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2010/08/12 19:26:16 | 001,310,720 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10864.sys -- (USBPNPA)

DRV:64bit: - [2010/07/07 22:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)

DRV:64bit: - [2010/07/07 22:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)

DRV:64bit: - [2010/07/07 22:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)

DRV:64bit: - [2010/07/07 22:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV:64bit: - [2010/07/07 22:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV:64bit: - [2010/07/07 22:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)

DRV:64bit: - [2010/07/07 22:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)

DRV:64bit: - [2010/07/07 22:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)

DRV:64bit: - [2010/07/07 22:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)

DRV:64bit: - [2010/07/07 22:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)

DRV:64bit: - [2010/07/07 22:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)

DRV:64bit: - [2010/07/07 22:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)

DRV:64bit: - [2010/07/07 22:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)

DRV:64bit: - [2010/07/07 22:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)

DRV:64bit: - [2010/06/22 09:01:42 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)

DRV:64bit: - [2010/05/21 19:30:17 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)

DRV:64bit: - [2010/04/27 18:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)

DRV:64bit: - [2010/04/27 18:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)

DRV:64bit: - [2010/04/27 16:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)

DRV:64bit: - [2010/04/27 16:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)

DRV:64bit: - [2010/04/03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)

DRV:64bit: - [2010/03/29 12:06:53 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (AvgRkx64)

DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/09/22 20:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV:64bit: - [2009/09/22 20:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)

DRV:64bit: - [2009/09/22 20:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)

DRV:64bit: - [2009/09/22 20:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/01 11:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)

DRV:64bit: - [2009/06/17 09:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2009/06/17 09:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/04/08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/03/09 15:08:14 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV:64bit: - [2009/02/13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV:64bit: - [2008/04/16 15:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV - [2012/05/29 11:56:53 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2008/11/14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)

DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-645954481-4171391755-2920796181-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blekko.com/ws/?source={SourceID}&toolbarid=TOOLBARNAMESPACE&u=USERGUID&tbp=homepage

IE - HKU\S-1-5-21-645954481-4171391755-2920796181-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-645954481-4171391755-2920796181-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 85 31 47 3E 93 86 CA 01 [binary data]

IE - HKU\S-1-5-21-645954481-4171391755-2920796181-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found

IE - HKU\S-1-5-21-645954481-4171391755-2920796181-1000\..\SearchScopes,DefaultScope = {E519AA1F-E8A8-47ED-92E3-BCFB65055819}

IE - HKU\S-1-5-21-645954481-4171391755-2920796181-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-645954481-4171391755-2920796181-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = ${ChromeSearchURLIE}

IE - HKU\S-1-5-21-645954481-4171391755-2920796181-1000\..\SearchScopes\{E519AA1F-E8A8-47ED-92E3-BCFB65055819}: "URL" = http://search.comcast.net/search?cat=Web&con=toolbar&q={searchTerms}

IE - HKU\S-1-5-21-645954481-4171391755-2920796181-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-645954481-4171391755-2920796181-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@comrade.gamespy.com/comrade: C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll (IGN Entertainment)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()

FF - HKLM\Software\MozillaPlugins\@millisecond.com/npInquisit,version=3.0: C:\Users\Hayden\Documents\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3040.dll (Millisecond Software)

FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll File not found

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll (RayV)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@millisecond.com/npInquisit,version=3.0: C:\Users\Hayden\Documents\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3040.dll (Millisecond Software)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hayden\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hayden\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/23 21:25:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/07 01:02:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/18 22:44:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/23 21:25:42 | 000,000,000 | ---D | M]

[2011/09/29 21:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hayden\AppData\Roaming\Mozilla\Extensions

[2012/07/07 01:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hayden\AppData\Roaming\Mozilla\Firefox\Profiles\om1tisbe.default\extensions

[2012/07/01 02:32:37 | 000,000,000 | ---D | M] (blekko search bar) -- C:\Users\Hayden\AppData\Roaming\Mozilla\Firefox\Profiles\om1tisbe.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}

[2012/04/06 17:39:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/05/19 15:47:57 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\HAYDEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OM1TISBE.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI

[2012/05/19 15:47:57 | 000,044,607 | ---- | M] () (No name found) -- C:\USERS\HAYDEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OM1TISBE.DEFAULT\EXTENSIONS\WORKSPACE@ANTENNASOFT.NET.XPI

[2012/07/07 01:02:12 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/02/22 20:11:15 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/02/22 20:11:15 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Hayden\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Hayden\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Hayden\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Hayden\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

CHR - plugin: Comrade Plugin (Enabled) = C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - plugin: Java Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: RayV Plugin (Enabled) = C:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Hayden\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Inquisit Web Edition (Enabled) = C:\Users\Hayden\Documents\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3040.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - Extension: Entanglement = C:\Users\Hayden\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\

CHR - Extension: TooManyTabs for Chrome = C:\Users\Hayden\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp\1.9.2_0\

CHR - Extension: Session Manager = C:\Users\Hayden\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi\0.4_0\

CHR - Extension: YouTube = C:\Users\Hayden\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Add to Amazon Wish List = C:\Users\Hayden\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_0\

CHR - Extension: Google Search = C:\Users\Hayden\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Offline Google Mail = C:\Users\Hayden\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.18_0\

CHR - Extension: Boomerang for Gmail = C:\Users\Hayden\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdkdbdadolokifeomchamhifddohomii\1.0_0\

CHR - Extension: Page Monitor = C:\Users\Hayden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd\3.2.7_0\

CHR - Extension: Evernote Web Clipper = C:\Users\Hayden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.5.1_0\

CHR - Extension: Gmail = C:\Users\Hayden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/07 19:20:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKU\S-1-5-21-645954481-4171391755-2920796181-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.dll (C-Media Corporation)

O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))

O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

O4 - HKU\.DEFAULT..\Run: [MotoCast] C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk ()

O4 - HKU\S-1-5-18..\Run: [MotoCast] C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk ()

O4 - HKU\S-1-5-21-645954481-4171391755-2920796181-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)

O4 - HKU\S-1-5-21-645954481-4171391755-2920796181-1000..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\952\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)

O4 - HKU\S-1-5-21-645954481-4171391755-2920796181-1000..\Run: [MotoCast] C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk ()

O4 - HKU\S-1-5-21-645954481-4171391755-2920796181-1000..\Run: [MusicManager] C:\Users\Hayden\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)

O4 - HKU\S-1-5-21-645954481-4171391755-2920796181-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()

O4 - HKU\S-1-5-21-645954481-4171391755-2920796181-1000..\Run: [snarl] C:\Program Files (x86)\full phat\Snarl\snarl.exe (full phat products)

O4 - HKU\S-1-5-21-645954481-4171391755-2920796181-1000..\Run: [spotify Web Helper] C:\Users\Hayden\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()

O4 - HKU\S-1-5-21-645954481-4171391755-2920796181-1000..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-645954481-4171391755-2920796181-1000..\Run: [Tonido] C:\Users\Hayden\AppData\Roaming\Tonido\launcher.exe (CodeLathe LLC)

O4 - HKU\S-1-5-21-645954481-4171391755-2920796181-1000..\Run: [Xvid] C:\Program Files (x86)\XviD\CheckUpdate.exe ()

O4 - Startup: C:\Users\Hayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O4 - Startup: C:\Users\Hayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hayden\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\Hayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-645954481-4171391755-2920796181-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-645954481-4171391755-2920796181-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 99

O7 - HKU\S-1-5-21-645954481-4171391755-2920796181-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]

O7 - HKU\S-1-5-21-645954481-4171391755-2920796181-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8:64bit: - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found

O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )

O15 - HKU\S-1-5-21-645954481-4171391755-2920796181-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-645954481-4171391755-2920796181-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-645954481-4171391755-2920796181-1000\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-645954481-4171391755-2920796181-1000\..Trusted Domains: sony.com ([]* in Trusted sites)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab (SysInfo Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://dl.pplive.com/PluginSetup.cab (PPLive Lite Class)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10CA6D3A-A668-46A4-8C13-85D6687E1361}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{990CE7FE-1950-487C-949D-158AB7F09A2C}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2003/08/27 03:47:12 | 000,000,000 | ---D | M] - D:\AutoRun -- [ CDFS ]

O32 - AutoRun File - [2003/08/27 03:47:12 | 000,000,059 | R--- | M] () - D:\autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/09 17:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe 2

[2012/07/07 19:20:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/07/07 19:00:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/07/07 19:00:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/07/07 19:00:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/07/07 19:00:40 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/07/07 19:00:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/07/07 17:36:54 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/07/07 13:57:01 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Roaming\Malwarebytes

[2012/07/07 13:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/07 13:56:56 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/07/07 13:56:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/07/07 13:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/07/06 14:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subsonic

[2012/07/06 14:18:44 | 000,000,000 | ---D | C] -- C:\subsonic

[2012/07/06 14:18:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Subsonic

[2012/07/02 13:01:21 | 000,000,000 | ---D | C] -- C:\Users\Hayden\.pdfsam

[2012/07/02 11:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfsam

[2012/07/02 11:17:52 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge

[2012/07/02 11:07:06 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Roaming\ParmisPDF

[2012/07/02 10:49:07 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Roaming\PrimoPDF

[2012/07/02 10:48:32 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Roaming\OpenCandy

[2012/07/02 00:37:46 | 000,000,000 | ---D | C] -- C:\Users\Hayden\Documents\SimCity 4

[2012/07/02 00:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis

[2012/07/02 00:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxis

[2012/07/01 17:08:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote

[2012/07/01 02:33:27 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Roaming\EAC

[2012/07/01 02:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy

[2012/07/01 02:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Exact Audio Copy

[2012/07/01 02:32:36 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Local\blekkotb_031

[2012/07/01 02:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\blekkotb_031

[2012/07/01 02:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor

[2012/06/27 17:19:19 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Roaming\Nitro PDF

[2012/06/27 17:18:28 | 000,029,704 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll

[2012/06/27 17:18:28 | 000,017,936 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll

[2012/06/27 17:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF

[2012/06/27 17:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF

[2012/06/27 17:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF

[2012/06/27 17:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF

[2012/06/27 14:50:17 | 000,000,000 | ---D | C] -- C:\Users\Hayden\.cpan

[2012/06/26 18:07:26 | 000,000,000 | ---D | C] -- C:\Users\Hayden\Documents\WebOps Projects (Notepad++)

[2012/06/24 21:47:42 | 000,069,640 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\SysWow64\NLSSRV32.EXE

[2012/06/24 19:35:23 | 000,000,000 | ---D | C] -- C:\ProgramData\phpDesigner

[2012/06/19 20:45:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola Media Link

[2012/06/13 20:07:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ken Ward's Makeup

[2012/06/09 20:21:19 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Roaming\Audacity

[2012/06/09 20:19:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity

[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/09 17:59:31 | 000,000,600 | ---- | M] () -- C:\Users\Hayden\AppData\Roaming\winscp.rnd

[2012/07/09 17:22:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-645954481-4171391755-2920796181-1000UA.job

[2012/07/09 07:22:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-645954481-4171391755-2920796181-1000Core.job

[2012/07/07 19:35:47 | 000,020,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/07 19:35:46 | 000,020,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/07 19:20:23 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl

[2012/07/07 19:20:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/07/07 19:19:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/07 19:18:49 | 1066,749,950 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/07 19:17:50 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000001-00000000-00000000-00001102-0000000B-00431102}.rfx

[2012/07/07 19:17:50 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000001-00000000-00000000-00001102-0000000B-00431102}.rfx

[2012/07/07 19:17:50 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000001-00000000-00000000-00001102-0000000B-00431102}.rfx

[2012/07/07 13:56:58 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/07 03:48:03 | 101,270,096 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm

[2012/07/06 14:18:47 | 000,001,925 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Subsonic.lnk

[2012/07/05 21:50:31 | 000,000,600 | ---- | M] () -- C:\Users\Hayden\AppData\Local\PUTTY.RND

[2012/07/04 15:19:55 | 000,000,221 | ---- | M] () -- C:\Users\Hayden\Desktop\Tribes Ascend.url

[2012/07/02 11:21:29 | 000,085,965 | ---- | M] () -- C:\Users\Hayden\Documents\1_pdfsam_test.pdf

[2012/07/02 11:21:29 | 000,079,683 | ---- | M] () -- C:\Users\Hayden\Documents\4_pdfsam_test.pdf

[2012/07/02 11:21:29 | 000,079,562 | ---- | M] () -- C:\Users\Hayden\Documents\3_pdfsam_test.pdf

[2012/07/02 11:12:40 | 000,092,754 | ---- | M] () -- C:\Users\Hayden\Documents\test0002.pdf

[2012/07/02 11:12:40 | 000,091,159 | ---- | M] () -- C:\Users\Hayden\Documents\test0001.pdf

[2012/07/02 11:12:40 | 000,091,118 | ---- | M] () -- C:\Users\Hayden\Documents\test0004.pdf

[2012/07/02 11:12:40 | 000,090,995 | ---- | M] () -- C:\Users\Hayden\Documents\test0003.pdf

[2012/07/02 11:11:14 | 000,101,412 | ---- | M] () -- C:\Users\Hayden\Documents\test.pdf

[2012/07/02 10:53:20 | 000,024,164 | ---- | M] () -- C:\Users\Hayden\Documents\Batch Print Invoices.pdf

[2012/07/02 00:32:13 | 000,000,528 | ---- | M] () -- C:\Windows\eReg.dat

[2012/07/01 02:33:18 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Exact Audio Copy.lnk

[2012/06/30 03:23:17 | 000,002,403 | ---- | M] () -- C:\Users\Hayden\Desktop\Google Chrome.lnk

[2012/06/27 17:18:18 | 000,002,059 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Pro 7.lnk

[2012/06/26 23:11:30 | 000,087,712 | ---- | M] () -- C:\Users\Hayden\Documents\AdminEditOrder.asp

[2012/06/26 22:56:49 | 000,057,951 | ---- | M] () -- C:\Users\Hayden\Documents\OrdInvoice.asp

[2012/06/24 21:47:42 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWow64\NLSSRV32.EXE

[2012/06/24 21:47:08 | 000,029,704 | ---- | M] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll

[2012/06/24 17:44:15 | 000,289,422 | ---- | M] () -- C:\Users\Hayden\Documents\NewDatabase.kdbx

[2012/06/24 17:35:14 | 000,000,942 | ---- | M] () -- C:\Users\Hayden\Desktop\JetBrains PhpStorm 4.0.1.lnk

[2012/06/24 17:06:40 | 000,003,745 | ---- | M] () -- C:\Users\Hayden\Documents\ChurKirbys sequences part 2.m3u

[2012/06/18 18:49:41 | 000,000,219 | ---- | M] () -- C:\Users\Hayden\Desktop\Counter-Strike Source.url

[2012/06/12 00:44:33 | 000,008,901 | ---- | M] () -- C:\Users\Hayden\Documents\hayden taxes.ods

[2012/06/09 20:19:43 | 000,001,007 | ---- | M] () -- C:\Users\Hayden\Desktop\Audacity.lnk

[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/09 17:27:54 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk

[2012/07/07 19:00:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/07/07 19:00:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/07/07 19:00:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/07/07 19:00:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/07/07 19:00:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/07/07 13:56:58 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/06 14:18:47 | 000,001,925 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Subsonic.lnk

[2012/07/04 15:19:55 | 000,000,221 | ---- | C] () -- C:\Users\Hayden\Desktop\Tribes Ascend.url

[2012/07/02 11:20:31 | 000,079,683 | ---- | C] () -- C:\Users\Hayden\Documents\4_pdfsam_test.pdf

[2012/07/02 11:20:31 | 000,079,562 | ---- | C] () -- C:\Users\Hayden\Documents\3_pdfsam_test.pdf

[2012/07/02 11:20:30 | 000,085,965 | ---- | C] () -- C:\Users\Hayden\Documents\1_pdfsam_test.pdf

[2012/07/02 11:12:40 | 000,092,754 | ---- | C] () -- C:\Users\Hayden\Documents\test0002.pdf

[2012/07/02 11:12:40 | 000,091,159 | ---- | C] () -- C:\Users\Hayden\Documents\test0001.pdf

[2012/07/02 11:12:40 | 000,091,118 | ---- | C] () -- C:\Users\Hayden\Documents\test0004.pdf

[2012/07/02 11:12:40 | 000,090,995 | ---- | C] () -- C:\Users\Hayden\Documents\test0003.pdf

[2012/07/02 11:11:14 | 000,101,412 | ---- | C] () -- C:\Users\Hayden\Documents\test.pdf

[2012/07/02 10:53:20 | 000,024,164 | ---- | C] () -- C:\Users\Hayden\Documents\Batch Print Invoices.pdf

[2012/07/02 10:48:32 | 000,095,008 | ---- | C] () -- C:\Windows\SysNative\Primomonnt.dll

[2012/07/02 00:32:13 | 000,000,528 | ---- | C] () -- C:\Windows\eReg.dat

[2012/07/01 02:33:18 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Exact Audio Copy.lnk

[2012/06/27 17:18:18 | 000,002,059 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Pro 7.lnk

[2012/06/27 17:18:16 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 7.lnk

[2012/06/26 23:11:08 | 000,087,712 | ---- | C] () -- C:\Users\Hayden\Documents\AdminEditOrder.asp

[2012/06/26 22:56:08 | 000,057,951 | ---- | C] () -- C:\Users\Hayden\Documents\OrdInvoice.asp

[2012/06/24 18:07:44 | 000,289,422 | ---- | C] () -- C:\Users\Hayden\Documents\NewDatabase.kdbx

[2012/06/24 17:06:40 | 000,003,745 | ---- | C] () -- C:\Users\Hayden\Documents\ChurKirbys sequences part 2.m3u

[2012/06/18 18:49:41 | 000,000,219 | ---- | C] () -- C:\Users\Hayden\Desktop\Counter-Strike Source.url

[2012/06/09 20:19:43 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk

[2012/06/09 20:19:43 | 000,001,007 | ---- | C] () -- C:\Users\Hayden\Desktop\Audacity.lnk

[2012/05/23 21:21:58 | 000,165,715 | ---- | C] () -- C:\Windows\hpoins28.dat

[2012/05/23 21:21:57 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat

[2012/04/05 20:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/04/05 20:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2012/02/22 20:05:34 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix108.dll

[2012/02/22 20:05:34 | 000,000,338 | ---- | C] () -- C:\Windows\Cm108.ini.cfl

[2012/02/22 20:04:55 | 000,002,029 | ---- | C] () -- C:\Windows\Cm108.ini.cfg

[2012/02/22 20:04:55 | 000,000,252 | ---- | C] () -- C:\Windows\Cm108.ini.imi

[2012/02/22 20:04:53 | 000,001,353 | ---- | C] () -- C:\Windows\cm108.ini

[2012/02/17 19:10:56 | 000,000,201 | ---- | C] () -- C:\Users\Hayden\.gitconfig

[2011/12/25 19:54:47 | 000,003,190 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat

[2011/12/23 02:12:28 | 000,197,688 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011/11/03 20:29:21 | 000,001,521 | ---- | C] () -- C:\Users\Hayden\.bash_history

[2011/11/03 20:29:19 | 000,000,939 | ---- | C] () -- C:\Users\Hayden\.gitk

[2011/10/30 23:46:16 | 000,001,702 | ---- | C] () -- C:\Users\Hayden\_viminfo

[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll

[2011/09/23 23:18:44 | 000,000,600 | ---- | C] () -- C:\Users\Hayden\AppData\Roaming\winscp.rnd

[2011/09/23 22:05:41 | 000,000,600 | ---- | C] () -- C:\Users\Hayden\AppData\Local\PUTTY.RND

[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/07/17 22:57:04 | 000,017,857 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat

[2011/07/12 22:42:05 | 000,007,606 | ---- | C] () -- C:\Users\Hayden\AppData\Local\Resmon.ResmonCfg

[2011/07/12 22:07:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011/06/23 16:33:36 | 000,415,408 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe

[2011/06/16 15:31:09 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011/06/16 15:31:09 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011/01/07 17:46:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2010/12/18 15:46:19 | 000,641,021 | ---- | C] () -- C:\Windows\unins000.exe

[2010/12/18 15:46:19 | 000,187,904 | ---- | C] () -- C:\Windows\SysWow64\Lame.exe

[2010/12/18 15:46:19 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\Lame_enc.dll

[2010/12/18 15:46:19 | 000,001,680 | ---- | C] () -- C:\Windows\unins000.dat

[2010/12/08 03:08:59 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat

[2010/08/27 18:50:54 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI

[2010/08/27 18:50:08 | 000,940,702 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/02/25 20:56:00 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini

========== Custom Scans ==========

< %USERPROFILE%\*.* >

[2011/11/20 14:05:50 | 000,001,521 | ---- | M] () -- C:\Users\Hayden\.bash_history

[2012/02/17 19:11:06 | 000,000,201 | ---- | M] () -- C:\Users\Hayden\.gitconfig

[2012/05/24 23:35:39 | 000,000,939 | ---- | M] () -- C:\Users\Hayden\.gitk

[2012/07/09 18:12:01 | 012,320,768 | ---- | M] () -- C:\Users\Hayden\ntuser.dat

[2012/07/09 18:12:00 | 000,262,144 | -HS- | M] () -- C:\Users\Hayden\ntuser.dat.LOG1

[2009/10/30 17:31:30 | 000,000,000 | -HS- | M] () -- C:\Users\Hayden\ntuser.dat.LOG2

[2009/10/30 17:43:18 | 000,065,536 | -HS- | M] () -- C:\Users\Hayden\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf

[2009/10/30 17:43:18 | 000,524,288 | -HS- | M] () -- C:\Users\Hayden\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms

[2009/10/30 17:43:18 | 000,524,288 | -HS- | M] () -- C:\Users\Hayden\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms

[2010/08/25 05:15:52 | 000,065,536 | -HS- | M] () -- C:\Users\Hayden\ntuser.dat{0de26f32-aed3-11df-85f2-002618086de8}.TM.blf

[2010/08/25 05:15:52 | 000,524,288 | -HS- | M] () -- C:\Users\Hayden\ntuser.dat{0de26f32-aed3-11df-85f2-002618086de8}.TMContainer00000000000000000001.regtrans-ms

[2010/08/25 05:15:52 | 000,524,288 | -HS- | M] () -- C:\Users\Hayden\ntuser.dat{0de26f32-aed3-11df-85f2-002618086de8}.TMContainer00000000000000000002.regtrans-ms

[2010/06/11 05:20:09 | 000,065,536 | -HS- | M] () -- C:\Users\Hayden\ntuser.dat{1f3646e8-6dd0-11df-bbd5-002618086de8}.TM.blf

[2010/06/11 05:20:09 | 000,524,288 | -HS- | M] () -- C:\Users\Hayden\ntuser.dat{1f3646e8-6dd0-11df-bbd5-002618086de8}.TMContainer00000000000000000001.regtrans-ms

[2010/06/11 05:20:09 | 000,524,288 | -HS- | M] () -- C:\Users\Hayden\ntuser.dat{1f3646e8-6dd0-11df-bbd5-002618086de8}.TMContainer00000000000000000002.regtrans-ms

[2010/03/04 17:28:37 | 000,065,536 | -HS- | M] () -- C:\Users\Hayden\ntuser.dat{396de841-27dd-11df-9ff2-002618086de9}.TM.blf

[2010/03/04 17:28:37 | 000,524,288 | -HS- | M] () -- C:\Users\Hayden\ntuser.dat{396de841-27dd-11df-9ff2-002618086de9}.TMContainer00000000000000000001.regtrans-ms

[2010/03/04 17:28:37 | 000,524,288 | -HS- | M] () -- C:\Users\Hayden\ntuser.dat{396de841-27dd-11df-9ff2-002618086de9}.TMContainer00000000000000000002.regtrans-ms

[2009/12/19 14:37:32 | 000,065,536 | -HS- | M] () -- C:\Users\Hayden\NTUSER.DAT{4cc835cb-ecd5-11de-af22-002618086de8}.TM.blf

[2009/12/19 14:37:32 | 000,524,288 | -HS- | M] () -- C:\Users\Hayden\NTUSER.DAT{4cc835cb-ecd5-11de-af22-002618086de8}.TMContainer00000000000000000001.regtrans-ms

[2009/12/19 14:37:32 | 000,524,288 | -HS- | M] () -- C:\Users\Hayden\NTUSER.DAT{4cc835cb-ecd5-11de-af22-002618086de8}.TMContainer00000000000000000002.regtrans-ms

[2012/05/29 21:58:32 | 001,048,576 | -HS- | M] () -- C:\Users\Hayden\ntuser.dat{84b07aa9-7be5-11e0-8774-002618086de8}.TxR.0.regtrans-ms

[2012/05/29 21:58:32 | 001,048,576 | -HS- | M] () -- C:\Users\Hayden\ntuser.dat{84b07aa9-7be5-11e0-8774-002618086de8}.TxR.1.regtrans-ms

[2012/05/29 21:58:32 | 001,048,576 | -HS- | M] () -- C:\Users\Hayden\ntuser.dat{84b07aa9-7be5-11e0-8774-002618086de8}.TxR.2.regtrans-ms

[2012/05/29 21:58:32 | 000,065,536 | -HS- | M] () -- C:\Users\Hayden\ntuser.dat{84b07aa9-7be5-11e0-8774-002618086de8}.TxR.blf

[2011/05/16 18:51:27 | 000,065,536 | -HS- | M] () -- C:\Users\Hayden\ntuser.dat{84b07aaa-7be5-11e0-8774-002618086de8}.TM.blf

[2011/05/16 18:51:27 | 000,524,288 | -HS- | M] () -- C:\Users\Hayden\ntuser.dat{84b07aaa-7be5-11e0-8774-002618086de8}.TMContainer00000000000000000001.regtrans-ms

[2011/05/16 18:51:27 | 000,524,288 | -HS- | M] () -- C:\Users\Hayden\ntuser.dat{84b07aaa-7be5-11e0-8774-002618086de8}.TMContainer00000000000000000002.regtrans-ms

[2010/02/26 04:29:38 | 000,065,536 | -HS- | M] () -- C:\Users\Hayden\NTUSER.DAT{9c7a8c93-22b8-11df-a126-002618086de9}.TM.blf

[2010/02/26 04:29:38 | 000,524,288 | -HS- | M] () -- C:\Users\Hayden\NTUSER.DAT{9c7a8c93-22b8-11df-a126-002618086de9}.TMContainer00000000000000000001.regtrans-ms

[2010/02/26 04:29:38 | 000,524,288 | -HS- | M] () -- C:\Users\Hayden\NTUSER.DAT{9c7a8c93-22b8-11df-a126-002618086de9}.TMContainer00000000000000000002.regtrans-ms

[2010/08/13 06:01:39 | 000,065,536 | -HS- | M] () -- C:\Users\Hayden\ntuser.dat{a98c4342-a6b1-11df-b78a-002618086de8}.TM.blf

[2010/08/13 06:01:39 | 000,524,288 | -HS- | M] () -- C:\Users\Hayden\ntuser.dat{a98c4342-a6b1-11df-b78a-002618086de8}.TMContainer00000000000000000001.regtrans-ms

[2010/08/13 06:01:39 | 000,524,288 | -HS- | M] () -- C:\Users\Hayden\ntuser.dat{a98c4342-a6b1-11df-b78a-002618086de8}.TMContainer00000000000000000002.regtrans-ms

[2010/09/08 17:33:28 | 000,065,536 | -HS- | M] () -- C:\Users\Hayden\ntuser.dat{d471f896-bb8a-11df-82e9-002618086de8}.TM.blf

[2010/09/08 17:33:28 | 000,524,288 | -HS- | M] () -- C:\Users\Hayden\ntuser.dat{d471f896-bb8a-11df-82e9-002618086de8}.TMContainer00000000000000000001.regtrans-ms

[2010/09/08 17:33:28 | 000,524,288 | -HS- | M] () -- C:\Users\Hayden\ntuser.dat{d471f896-bb8a-11df-82e9-002618086de8}.TMContainer00000000000000000002.regtrans-ms

[2009/10/30 17:31:30 | 000,000,020 | -HS- | M] () -- C:\Users\Hayden\ntuser.ini

[2011/09/08 23:33:31 | 000,044,544 | -HS- | M] () -- C:\Users\Hayden\Thumbs.db

[2012/05/24 23:37:18 | 000,001,702 | ---- | M] () -- C:\Users\Hayden\_viminfo

< %USERPROFILE%\AppData\Local\*.* >

[2012/05/23 21:37:13 | 000,114,352 | ---- | M] () -- C:\Users\Hayden\AppData\Local\GDIPFONTCACHEV1.DAT

[2012/07/07 19:17:31 | 001,460,494 | -H-- | M] () -- C:\Users\Hayden\AppData\Local\IconCache.db

[2012/07/05 21:50:31 | 000,000,600 | ---- | M] () -- C:\Users\Hayden\AppData\Local\PUTTY.RND

[2011/07/12 22:42:05 | 000,007,606 | ---- | M] () -- C:\Users\Hayden\AppData\Local\Resmon.ResmonCfg

< %USERPROFILE%\AppData\Roaming\*.* >

[2012/07/09 18:00:00 | 000,788,656 | ---- | M] () -- C:\Users\Hayden\AppData\Roaming\Clock+.log

[2012/07/07 19:22:12 | 000,084,904 | ---- | M] () -- C:\Users\Hayden\AppData\Roaming\ez_style_engine.log

[2012/07/07 19:22:44 | 000,020,897 | ---- | M] () -- C:\Users\Hayden\AppData\Roaming\TMinus.log

[2012/07/09 17:59:31 | 000,000,600 | ---- | M] () -- C:\Users\Hayden\AppData\Roaming\winscp.rnd

[2012/07/07 19:23:53 | 000,011,443 | ---- | M] () -- C:\Users\Hayden\AppData\Roaming\wlanmonitor.log

< %windir%\temp\*.* >

[2012/07/09 17:31:17 | 000,001,844 | ---- | M] () -- C:\Windows\temp\hpqddsvc.log

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >

hjc1710 · July 9, 2012

Post was too long for both. In fact, Extras.txt was too long for one post, split it on the HKEY-64 reg section.

Extras.txt:

OTL Extras logfile created on: 7/9/2012 6:05:02 PM - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Hayden\Desktop\downloads

64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 7.60 Gb Available Physical Memory | 63.34% Memory free

23.98 Gb Paging File | 19.42 Gb Available in Paging File | 80.98% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 82.37 Gb Free Space | 8.84% Space Free | Partition Type: NTFS

Drive D: | 641.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive L: | 931.39 Gb Total Space | 467.34 Gb Free Space | 50.18% Space Free | Partition Type: NTFS

Computer Name: HAYDEN-PC | User Name: Hayden | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)

.ini[@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

.js[@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)

.ini [@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)

.js [@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)

[HKEY_USERS\S-1-5-21-645954481-4171391755-2920796181-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /k cd "%1" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [git_shell] -- wscript "C:\Program Files (x86)\Git\Git Bash.vbs" "%1"

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [tralih] -- "C:\Program Files (x86)\Trader's Little Helper\tralih.exe" /0 "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)