Jump to content

Gadgetbox Toolbar Removal Help


Rehzi
 Share

Recommended Posts

  • Replies 53
  • Created
  • Last Reply

Top Posters In This Topic

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.6001.19298 BrowserJavaVersion: 10.5.0

Run by Owner at 23:35:54 on 2012-08-16

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2974.1052 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG10\avgchsva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\STacSV64.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\AESTSr64.exe

C:\Windows\system32\agr64svc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\SMINST\BLService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

C:\Program Files (x86)\AVG\AVG10\avgemca.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\System32\mobsync.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\PROGRA~2\AVG\AVG10\avgrsa.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\sdclt.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_clipbook.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe

C:\Users\Owner\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe

C:\Users\Owner\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler64.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.gboxapp.com/?affid=gb2

uSearch Bar =

mStart Page = hxxp://search.gboxapp.com/?affid=gb2

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mSearchAssistant =

uURLSearchHooks: H - No File

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

TB: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet

uRun: [speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup

uRun: [cdloader] "C:\Users\Owner\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY

uRun: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000

uRun: [Facebook Update] "C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start

mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"

mRun: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction

StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMVU.lnk - C:\Users\Owner\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Free YouTube to MP3 Converter - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 24.244.175.2 65.75.69.58

TCP: Interfaces\{C2370A83-364F-4105-905A-275EB21DFC24} : DhcpNameServer = 216.137.13.22 216.137.13.23

TCP: Interfaces\{D00227C2-EAC7-4390-B069-BB86459BA6AD} : DhcpNameServer = 24.244.175.2 65.75.69.58

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB-X64: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start

mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun-x64: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"

mRun-x64: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe

mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/06/27 03:43:11];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\AESTSr64.exe [?]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-1-13 365952]

R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]

R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]

R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-10 935008]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-1-13 228408]

R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate1ca3c727dd2f4e0;Google Update Service (gupdate1ca3c727dd2f4e0);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-23 133104]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 250056]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-12 167264]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-23 133104]

S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-08-17 03:09:25 3993600 ----a-w- C:\Program Files (x86)\GUTB819.tmp

2012-08-17 03:09:25 -------- d-----w- C:\Program Files (x86)\GUMB7F8.tmp

2012-08-17 03:08:57 -------- d-----w- C:\Users\Owner\AppData\Local\Apps

2012-08-17 03:08:56 -------- d-----w- C:\Users\Owner\AppData\Local\Deployment

2012-08-17 01:04:42 -------- d-----w- C:\ProgramData\GBox

2012-08-17 01:03:47 -------- d-----w- C:\ProgramData\OptimizerPro1

2012-08-17 00:54:10 -------- d-----w- C:\Users\Owner\AppData\Local\CRE

2012-08-17 00:45:18 -------- d-----w- C:\Users\Owner\AppData\Roaming\TuneUp Software

2012-08-17 00:45:02 -------- d-----w- C:\ProgramData\TuneUp Software

2012-08-17 00:44:22 -------- d-sh--w- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2012-08-17 00:42:25 -------- d-----w- C:\Users\Owner\AppData\Roaming\OpenCandy

2012-08-16 22:31:53 -------- d-----w- C:\Users\Owner\AppData\Local\{586CA352-1720-4600-AD29-880131CDA80A}

2012-08-16 22:31:41 -------- d-----w- C:\Users\Owner\AppData\Local\{516B12F4-4507-4A5B-A3F3-30D15D29F5C0}

2012-08-15 07:08:53 2769408 ----a-w- C:\Windows\System32\win32k.sys

2012-08-15 04:13:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-15 04:13:59 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-15 04:13:11 788480 ----a-w- C:\Windows\System32\localspl.dll

2012-08-15 04:13:10 623616 ----a-w- C:\Windows\SysWow64\localspl.dll

2012-08-15 03:49:18 -------- d-----w- C:\Users\Owner\AppData\Local\{DB8781D5-C187-40ED-9A6B-6C4174E78E82}

2012-08-15 03:48:35 -------- d-----w- C:\Users\Owner\AppData\Local\{1B9A8D27-2328-4AF0-A165-B52C21788D11}

2012-08-14 11:24:22 -------- d-----w- C:\Users\Owner\AppData\Local\{3F54377C-9887-4505-B67C-8C541B1104DD}

2012-08-14 11:24:04 -------- d-----w- C:\Users\Owner\AppData\Local\{68F39A9F-D37A-4BE8-81C0-4C82E131F828}

2012-08-13 23:23:52 -------- d-----w- C:\Users\Owner\AppData\Local\{3D1089BB-174D-4DB8-B98D-B5C3658388A1}

2012-08-13 23:23:28 -------- d-----w- C:\Users\Owner\AppData\Local\{F02D1E9C-2B18-4312-B21D-A47FCB619C52}

2012-08-13 05:27:17 -------- d-----w- C:\Users\Owner\AppData\Local\{F23C64D8-7B53-4F8C-B73C-B9BF060D8553}

2012-08-13 05:27:05 -------- d-----w- C:\Users\Owner\AppData\Local\{DCC0A7F3-4215-41D6-A3BF-D2F20A5FBB41}

2012-08-12 17:26:43 -------- d-----w- C:\Users\Owner\AppData\Local\{743FD2D7-F2E8-4C24-80E2-34E97496C1A7}

2012-08-12 17:26:31 -------- d-----w- C:\Users\Owner\AppData\Local\{22AC21F1-E0A1-41A6-848D-B14621CCD21E}

2012-08-11 23:50:16 -------- d-----w- C:\Users\Owner\AppData\Local\{C3118F00-73AD-4150-B900-8C300D21D28C}

2012-08-11 23:49:57 -------- d-----w- C:\Users\Owner\AppData\Local\{A0F35CB8-4968-4542-A8E7-2524261B2122}

2012-08-11 11:49:38 -------- d-----w- C:\Users\Owner\AppData\Local\{EB200201-FB3F-4874-94C5-8357277388B7}

2012-08-11 11:49:19 -------- d-----w- C:\Users\Owner\AppData\Local\{F3573169-36A1-4CE1-957D-CB1C612ED567}

2012-08-10 15:08:46 -------- d-----w- C:\Users\Owner\AppData\Local\{AA507E1F-7BB2-4407-B8AC-574CBED60DB3}

2012-08-10 15:08:35 -------- d-----w- C:\Users\Owner\AppData\Local\{AA605221-3133-4E1D-953A-C5B494D5AEAB}

2012-08-10 03:50:39 -------- d-----w- C:\Users\Owner\AppData\Local\{FD014226-6FCA-4B2A-A39C-B8D3F5F99CA4}

2012-08-09 15:20:34 -------- d-----w- C:\Users\Owner\AppData\Local\{44BF61EE-7BB3-49D6-95D0-5DB7B53A6721}

2012-08-09 15:20:31 -------- d-----w- C:\Users\Owner\AppData\Local\{DD080915-90CC-4BC2-AA27-697E889CFC23}

2012-08-09 02:40:30 -------- d-----w- C:\Users\Owner\AppData\Local\{F619C492-5F90-4D05-8EE5-0ADAFADEB83F}

2012-08-09 01:42:41 -------- d-----w- C:\Users\Owner\AppData\Local\{9F6C6776-7ABF-4A69-92BD-80741BD5CB0B}

2012-08-08 20:43:42 -------- d-----w- C:\Users\Owner\AppData\Local\{C8284D45-BE23-4C90-82B4-987C608337C7}

2012-08-08 00:19:25 -------- d-----w- C:\Users\Owner\AppData\Local\{0BFE1DC5-572D-47CE-8EDC-DC7BCDAC8AF5}

2012-08-08 00:18:24 -------- d-----w- C:\Users\Owner\AppData\Local\{92E2CAE5-7A37-45EE-9965-71A3C7034E8A}

2012-08-05 17:07:59 -------- d-----w- C:\Users\Owner\AppData\Local\{C30A53FE-91E1-4E99-B6A7-9D9C1347F015}

2012-08-05 17:07:37 -------- d-----w- C:\Users\Owner\AppData\Local\{2AFBAC85-6917-48A3-BF11-41F7E383109D}

2012-08-05 05:07:23 -------- d-----w- C:\Users\Owner\AppData\Local\{4677C6CF-B387-4DC4-911B-AA43F0226DC3}

2012-08-05 05:07:12 -------- d-----w- C:\Users\Owner\AppData\Local\{BD15115B-B715-4007-A325-EAFD20BE7233}

2012-08-04 17:06:57 -------- d-----w- C:\Users\Owner\AppData\Local\{0D6E2524-F47E-4876-A402-8A0EC18FBBBB}

2012-08-04 17:06:29 -------- d-----w- C:\Users\Owner\AppData\Local\{097CE671-E1FE-4666-ACF9-1659A64AA1F9}

2012-08-04 05:06:13 -------- d-----w- C:\Users\Owner\AppData\Local\{87DD8C1D-3C42-4FE2-B425-49DD2AFE5F86}

2012-08-04 05:05:45 -------- d-----w- C:\Users\Owner\AppData\Local\{DE91F878-ED27-4DA2-85E5-7258B0638D43}

2012-08-03 00:52:50 -------- d-----w- C:\Users\Owner\AppData\Local\{8C01D110-0830-4408-B85F-F7EC665BDFC2}

2012-08-03 00:52:42 -------- d-----w- C:\Users\Owner\AppData\Local\{4B1D3E14-0E1D-414C-92B7-B429205D2345}

2012-08-02 00:59:14 -------- d-----w- C:\Users\Owner\AppData\Local\{3A5EDFA9-834E-4BD4-AEB9-ECE256AA1009}

2012-07-31 03:12:11 -------- d-----w- C:\Users\Owner\AppData\Local\{7613F652-496F-4D15-876C-2D3D78F23272}

2012-07-30 13:05:50 -------- d-----w- C:\Users\Owner\AppData\Local\{FE418F77-0BBC-421A-96B3-E3294652A9D0}

2012-07-30 13:05:32 -------- d-----w- C:\Users\Owner\AppData\Local\{23010EEB-A69F-4154-9724-27E1E03C8F8E}

2012-07-30 01:05:16 -------- d-----w- C:\Users\Owner\AppData\Local\{0DBD0D6A-5C31-4C12-B4FF-02D38D8D6CE4}

2012-07-30 01:05:04 -------- d-----w- C:\Users\Owner\AppData\Local\{0A7D94BC-054F-4400-8C3A-AE13AEA6829F}

2012-07-29 02:08:03 -------- d-----w- C:\Users\Owner\AppData\Local\{C8BEF97E-71E7-4A90-83FD-DD1A8FE676B9}

2012-07-29 02:07:50 -------- d-----w- C:\Users\Owner\AppData\Local\{5CE5F527-4D42-42F7-BF96-8D44AFC4BBCB}

2012-07-28 13:39:09 -------- d-----w- C:\Users\Owner\AppData\Local\{21ED6A2E-8E5E-4507-9167-0F5157F5EBCF}

2012-07-28 13:38:51 -------- d-----w- C:\Users\Owner\AppData\Local\{302D687D-BB1F-42CC-B05E-CA14748881A3}

2012-07-28 01:38:31 -------- d-----w- C:\Users\Owner\AppData\Local\{4335A695-BE8E-4E7C-B9E0-B81E28FFE414}

2012-07-28 01:38:16 -------- d-----w- C:\Users\Owner\AppData\Local\{9662F91B-866E-416F-A9E5-806FE6D9E522}

2012-07-25 15:16:11 -------- d-----r- C:\Program Files (x86)\Skype

2012-07-25 12:56:23 -------- d-----w- C:\Users\Owner\AppData\Local\{D254FE0B-D5D8-42F4-81E4-5F354AB3BB61}

2012-07-25 12:56:22 -------- d-----w- C:\Users\Owner\AppData\Local\{ED91366C-8549-4F37-AA50-9E96BD95BF13}

2012-07-23 18:31:33 -------- d-----w- C:\Users\Owner\AppData\Local\{B14557AB-276D-4CEC-A80F-29F9E8C8E7BC}

2012-07-23 18:31:10 -------- d-----w- C:\Users\Owner\AppData\Local\{CA66F96D-CA44-4648-AA5E-DD42D53B252D}

2012-07-22 15:53:26 -------- d-----w- C:\Users\Owner\AppData\Local\{BEE15832-0535-4570-B10C-2124AACDF077}

2012-07-22 15:52:53 -------- d-----w- C:\Users\Owner\AppData\Local\{009278CF-85EB-41F3-AA4E-CEAF0D972DF9}

2012-07-21 15:40:25 -------- d-----w- C:\Users\Owner\AppData\Local\{A7F8406C-1CA7-4792-AF8B-EC4E76FC5ED9}

2012-07-21 15:40:02 -------- d-----w- C:\Users\Owner\AppData\Local\{CE901E48-C6FC-4952-9D8E-D47DC4B61213}

2012-07-21 03:39:42 -------- d-----w- C:\Users\Owner\AppData\Local\{F6CD5E0E-44E7-4C55-8C23-0A2F7CB8DE2F}

2012-07-21 03:39:19 -------- d-----w- C:\Users\Owner\AppData\Local\{401C74EF-BA1B-4BD8-AF9D-A354E6D7D28C}

2012-07-20 07:52:43 -------- d-----w- C:\Users\Owner\AppData\Local\{62A5C2E3-A095-4E42-8CB3-3FD78D6636E7}

2012-07-20 07:52:16 -------- d-----w- C:\Users\Owner\AppData\Local\{043C80A6-2207-44B2-8980-1B1BFCEA76F6}

2012-07-19 19:52:00 -------- d-----w- C:\Users\Owner\AppData\Local\{32301A49-D492-42DD-8F5E-3B6A3DF6A803}

2012-07-19 19:51:45 -------- d-----w- C:\Users\Owner\AppData\Local\{0B038B68-6DEE-49F7-BAE8-DE87473D4A74}

2012-07-18 20:13:09 -------- d-----w- C:\Users\Owner\AppData\Local\{F39A2834-A0FD-4234-A770-FE3D1FB96C40}

2012-07-18 20:12:08 -------- d-----w- C:\Users\Owner\AppData\Local\{45C0E9F7-D06D-4BCF-AF82-32763B745859}

2012-07-18 08:11:47 -------- d-----w- C:\Users\Owner\AppData\Local\{6FFCFBF1-6D76-4941-913C-356BFECCAA1F}

2012-07-18 08:11:17 -------- d-----w- C:\Users\Owner\AppData\Local\{21D24F35-F65D-4929-A06B-E5190730AA4E}

.

==================== Find3M ====================

.

2012-08-15 03:56:45 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-15 03:56:45 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-06 15:01:26 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-07-06 15:01:26 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-06-28 11:37:42 916992 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-28 11:32:02 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2012-06-28 11:31:38 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-28 11:31:23 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll

2012-06-28 11:31:23 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2012-06-28 09:59:23 385024 ----a-w- C:\Windows\SysWow64\html.iec

2012-06-28 08:19:39 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-28 06:53:20 1147392 ----a-w- C:\Windows\System32\wininet.dll

2012-06-28 06:48:35 56832 ----a-w- C:\Windows\System32\licmgr10.dll

2012-06-28 06:48:17 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-28 06:47:59 77312 ----a-w- C:\Windows\System32\iesetup.dll

2012-06-28 06:47:59 132096 ----a-w- C:\Windows\System32\iesysprep.dll

2012-06-28 05:54:02 479232 ----a-w- C:\Windows\System32\html.iec

2012-06-28 05:11:19 162816 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-16 11:19:57 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-06-16 07:02:13 610816 ----a-w- C:\Windows\System32\vbscript.dll

2012-06-07 00:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 19:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 19:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe

2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll

.

============= FINISH: 23:36:49.41 ===============

Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 6/27/2009 6:02:18 AM

System Uptime: 8/16/2012 11:11:38 PM (0 hours ago)

.

Motherboard: Quanta | | 3627

Processor: Intel® Core2 Duo CPU T6500 @ 2.10GHz | CPU | 2100/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 285 GiB total, 113.762 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 1.438 GiB free.

E: is CDROM (UDF)

F: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0005

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter #3

PNP Device ID: ROOT\*ISATAP\0005

Service: tunnel

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet 4500 G510n-z

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet 4500 G510n-z

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet 6000 E609n

Device ID: ROOT\MULTIFUNCTION\0001

Manufacturer: HP

Name: Officejet 6000 E609n

PNP Device ID: ROOT\MULTIFUNCTION\0001

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HP Color LaserJet CM2320nf MFP

Device ID: ROOT\MULTIFUNCTION\0002

Manufacturer: Hewlett-Packard

Name: HP Color LaserJet CM2320nf MFP

PNP Device ID: ROOT\MULTIFUNCTION\0002

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HP DesignJet 750C Plus (C4709B)

Device ID: ROOT\MULTIFUNCTION\0003

Manufacturer: Hewlett-Packard

Name: HP DesignJet 750C Plus (C4709B)

PNP Device ID: ROOT\MULTIFUNCTION\0003

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Deskjet 3050 J610 series

Device ID: ROOT\MULTIFUNCTION\0004

Manufacturer: HP

Name: Deskjet 3050 J610 series

PNP Device ID: ROOT\MULTIFUNCTION\0004

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet 6500 E710a-f

Device ID: ROOT\MULTIFUNCTION\0005

Manufacturer: HP

Name: Officejet 6500 E710a-f

PNP Device ID: ROOT\MULTIFUNCTION\0005

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HP Color LaserJet 3600

Device ID: ROOT\MULTIFUNCTION\0006

Manufacturer: Hewlett-Packard

Name: HP Color LaserJet 3600

PNP Device ID: ROOT\MULTIFUNCTION\0006

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HP Color LaserJet 4700

Device ID: ROOT\MULTIFUNCTION\0007

Manufacturer: Hewlett-Packard

Name: HP Color LaserJet 4700

PNP Device ID: ROOT\MULTIFUNCTION\0007

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet Pro L7600

Device ID: ROOT\MULTIFUNCTION\0008

Manufacturer: HP

Name: Officejet Pro L7600

PNP Device ID: ROOT\MULTIFUNCTION\0008

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HP Color LaserJet 4700

Device ID: ROOT\MULTIFUNCTION\0009

Manufacturer: Hewlett-Packard

Name: HP Color LaserJet 4700

PNP Device ID: ROOT\MULTIFUNCTION\0009

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet Pro K5400

Device ID: ROOT\MULTIFUNCTION\0010

Manufacturer: HP

Name: Officejet Pro K5400

PNP Device ID: ROOT\MULTIFUNCTION\0010

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Deskjet 6980 series

Device ID: ROOT\MULTIFUNCTION\0011

Manufacturer: HP

Name: Deskjet 6980 series

PNP Device ID: ROOT\MULTIFUNCTION\0011

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart D110 series

Device ID: ROOT\MULTIFUNCTION\0012

Manufacturer: HP

Name: Photosmart D110 series

PNP Device ID: ROOT\MULTIFUNCTION\0012

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: DesignJet 1055CM (C6075A)

Device ID: ROOT\MULTIFUNCTION\0013

Manufacturer: Hewlett-Packard

Name: DesignJet 1055CM (C6075A)

PNP Device ID: ROOT\MULTIFUNCTION\0013

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet Pro 8500 A909a

Device ID: ROOT\MULTIFUNCTION\0014

Manufacturer: HP

Name: Officejet Pro 8500 A909a

PNP Device ID: ROOT\MULTIFUNCTION\0014

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet Pro 8500 A909a

Device ID: ROOT\MULTIFUNCTION\0015

Manufacturer: HP

Name: Officejet Pro 8500 A909a

PNP Device ID: ROOT\MULTIFUNCTION\0015

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HP LaserJet 5200

Device ID: ROOT\MULTIFUNCTION\0016

Manufacturer: Hewlett-Packard

Name: HP LaserJet 5200

PNP Device ID: ROOT\MULTIFUNCTION\0016

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: hp LaserJet 1320 series

Device ID: ROOT\MULTIFUNCTION\0017

Manufacturer: Hewlett-Packard

Name: hp LaserJet 1320 series

PNP Device ID: ROOT\MULTIFUNCTION\0017

Service:

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

4500_G510nz_Help

4500G510nz

4500G510nz_Software_Min

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.1)

Adobe Shockwave Player 11.5

Agatha Christie - Death on the Nile

Aiseesoft iPad Transfer 6.1.30

Algebra and Trigonometry with Analytic Geometry

Apple Application Support

Apple Software Update

ArcSoft Panorama Maker 5

BufferChm

Compatibility Pack for the 2007 Office system

CopyTrans Suite Remove Only

CyberLink DVD Suite

D3DX10

Destinations

DeviceDiscovery

DocMgr

DocProc

ESU for Microsoft Vista

Facebook Video Calling 1.2.0.159

Fax

File Uploader

Final Fantasy VII - Ultima Edition

Free YouTube to MP3 Converter version 3.11.26.706

FxFoto by Triscape

Google Chrome

Google Earth

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

GooReader

GPBaseService2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Advisor

HP Common Access Service Library

HP Customer Experience Enhancements

HP Help and Support

HP MediaSmart DVD

HP MediaSmart Music/Photo/Video

HP MediaSmart SlingPlayer

HP MediaSmart TV

HP MediaSmart Webcam

HP Product Detection

HP Quick Launch Buttons

HP Total Care Setup

HP Update

HP User Guides 0126

HP Wireless Assistant

HPAsset component for HP Active Support Library

HPDiagnosticAlert

HPProductAssistant

HPSSupply

IDT Audio

Java Auto Updater

Java 6 Update 26

Java 6 Update 7

Java 7 Update 5

JavaFX 2.1.1

Juno Preloader

LabelPrint

LightScribe System Software

magicJack

MarketResearch

Microsoft Live Search Toolbar

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Live Add-in 1.5

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee Reveal

My HP Games

NetZero Preloader

Nikon Transfer

Physical Geology

Picture Control Utility

Prism Video File Converter

Project64 1.6

QLBCASL

QuickTime

Realtek 8169 8168 8101E 8102E Ethernet Driver

Realtek USB 2.0 Card Reader

RETScreen

RETScreen Version 4

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Segoe UI

Skype™ 5.10

Slingbox - Watch Your TV Anywhere

SlingPlayer

SmartWebPrinting

SolutionCenter

Spelling Dictionaries Support For Adobe Reader 9

Status

Toolbox

TrayApp

Triscape FxFoto

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

ViewNX

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR archiver

WM Converter 2.0

Yahoo! Detect

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

8/16/2012 9:36:50 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {D5641912-E47A-429C-879E-CFE13EAC7A13} as /. The error: "740" Happened while starting this command: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe -Embedding

8/16/2012 9:21:56 PM, Error: EventLog [6008] - The previous system shutdown at 9:19:48 PM on 8/16/2012 was unexpected.

8/16/2012 10:59:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

8/16/2012 10:59:47 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/16/2012 10:31:45 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.

8/15/2012 4:08:21 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

8/15/2012 3:13:01 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

8/15/2012 3:13:01 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/15/2012 3:08:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/15/2012 2:11:21 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.103 for the Network Card with network address 00255693BDA2 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

8/14/2012 11:48:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

8/12/2012 9:17:57 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate1ca3c727dd2f4e0) service terminated unexpectedly. It has done this 1 time(s).

8/11/2012 9:34:32 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.99.196 for the Network Card with network address 00238BE9F1DB has been denied by the DHCP server 192.168.99.1 (The DHCP Server sent a DHCPNACK message).

8/11/2012 8:42:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Com4QLBEx service to connect.

8/11/2012 8:42:58 PM, Error: Service Control Manager [7000] - The Com4QLBEx service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/11/2012 8:42:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service Com4QLBEx with arguments "" in order to run the server: {DB536E5D-10F7-4B34-B443-140161048E2E}

8/11/2012 8:40:18 PM, Error: EventLog [6008] - The previous system shutdown at 8:37:45 PM on 8/11/2012 was unexpected.

8/10/2012 8:33:18 AM, Error: Microsoft-Windows-Diagnostics-Networking [5300] - An error occurred. The Network Diagnostics Framework failed to complete the repair phase of operation. A Windows Error Report was generated. [2147942487]

8/10/2012 11:03:51 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.108 for the Network Card with network address 00255693BDA2 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

8/10/2012 10:27:44 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.99.196 for the Network Card with network address 00238BE9F1DB has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

Link to post
Share on other sites

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version

Started in : Normal mode

User: Owner [Admin rights]

Mode: Scan -- Date: 08/17/2012 09:08:20

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\Owner\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-2935616890-3038444645-374369962-1000[...]\Run : cdloader ("C:\Users\Owner\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND

[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320325AS ATA Device +++++

--- User ---

[MBR] e27a466fbc46f9fe3fce8639861ee371

[bSP] 22972e2f49c6b730a388b231012a0ee3 : Toshiba tatooed MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 291893 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 597798912 | Size: 13348 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++

--- User ---

[MBR] e1081c0feb0c15b931ef016b4c9f1ce1

[bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown

Partition table:

0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3776 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Not much showing...please do this:

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassoci...T-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

Link to post
Share on other sites

OTL logfile created on: 8/17/2012 9:22:41 AM - Run 2

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Owner\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19298)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.90 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 29.47% Memory free

6.04 Gb Paging File | 2.98 Gb Available in Paging File | 49.35% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285.05 Gb Total Space | 110.91 Gb Free Space | 38.91% Space Free | Partition Type: NTFS

Drive D: | 13.04 Gb Total Space | 1.44 Gb Free Space | 11.04% Space Free | Partition Type: NTFS

Drive E: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive F: | 3.68 Gb Total Space | 1.02 Gb Free Space | 27.82% Space Free | Partition Type: FAT32

Computer Name: IWES | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/17 09:22:11 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL (1).exe

PRC - [2012/07/11 12:44:15 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Users\Owner\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe

PRC - [2012/07/10 23:23:59 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

PRC - [2012/07/10 23:21:55 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe

PRC - [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

PRC - [2012/02/23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

PRC - [2012/02/23 12:22:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

PRC - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

PRC - [2012/01/17 20:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe

PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010/09/13 09:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2009/09/15 18:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe

PRC - [2008/12/17 20:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe

PRC - [2008/11/26 20:13:08 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

PRC - [2008/11/26 20:13:08 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/14 00:30:59 | 000,442,392 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll

MOD - [2012/08/14 00:30:58 | 012,235,288 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll

MOD - [2012/08/14 00:30:57 | 003,997,720 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll

MOD - [2012/08/14 00:29:28 | 000,144,424 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\21.0.1180.79\avutil-51.dll

MOD - [2012/08/14 00:29:27 | 000,266,792 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\21.0.1180.79\avformat-54.dll

MOD - [2012/08/14 00:29:26 | 002,480,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\21.0.1180.79\avcodec-54.dll

MOD - [2012/07/10 23:24:05 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll

MOD - [2012/07/10 23:21:55 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe

MOD - [2012/06/13 04:31:47 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll

MOD - [2012/06/13 04:26:35 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll

MOD - [2012/06/13 03:26:51 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll

MOD - [2012/06/13 03:26:26 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll

MOD - [2012/06/13 03:24:28 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll

MOD - [2012/05/12 04:20:13 | 000,187,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\5ebaa15cccc356bc3afba0c8f56977f7\UIAutomationTypes.ni.dll

MOD - [2012/05/12 04:20:00 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll

MOD - [2012/05/12 04:18:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll

MOD - [2012/05/12 04:18:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll

MOD - [2012/05/12 04:14:04 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll

MOD - [2012/05/12 04:13:20 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll

MOD - [2012/05/12 04:13:05 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll

MOD - [2012/05/12 04:12:33 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll

MOD - [2012/05/12 04:12:29 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll

MOD - [2012/05/12 04:12:19 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll

MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

MOD - [2009/11/19 10:20:44 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

MOD - [2009/11/19 10:20:42 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

MOD - [2009/11/19 10:20:42 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MOD - [2009/08/26 13:11:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll

MOD - [2009/08/26 13:11:30 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll

MOD - [2009/08/26 13:11:22 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll

MOD - [2009/08/26 13:11:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll

MOD - [2009/08/26 13:11:22 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

MOD - [2009/08/26 13:11:20 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll

MOD - [2009/08/26 13:11:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll

MOD - [2009/08/26 13:11:02 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll

MOD - [2009/05/26 21:06:28 | 000,913,408 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll

MOD - [2009/03/30 00:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2009/01/13 13:00:42 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/02/22 21:08:10 | 000,267,776 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\STacSV64.exe -- (STacSV)

SRV:64bit: - [2009/02/12 04:21:34 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\AESTSr64.exe -- (AESTFilters)

SRV:64bit: - [2008/03/18 19:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)

SRV:64bit: - [2008/03/18 08:26:56 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)

SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/08/14 23:56:47 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/10 23:23:59 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)

SRV - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/11/10 09:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009/05/21 21:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/12/17 20:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)

SRV - [2008/11/26 20:13:08 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)

SRV - [2008/11/26 20:13:08 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)

SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/05/27 19:05:14 | 000,117,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSDriver.Sys -- (AVGIDSDriver)

DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2011/02/22 08:12:34 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)

DRV:64bit: - [2011/02/10 07:53:22 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSFilter.Sys -- (AVGIDSFilter)

DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2010/06/23 09:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\revoflt.sys -- (Revoflt)

DRV:64bit: - [2009/11/26 13:42:40 | 002,685,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)

DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/04/29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2009/04/11 01:39:37 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser.sys -- (usbser)

DRV:64bit: - [2009/02/22 21:08:10 | 000,473,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)

DRV:64bit: - [2008/10/29 15:55:52 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2008/10/28 04:33:30 | 008,039,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)

DRV:64bit: - [2008/09/22 01:49:58 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)

DRV:64bit: - [2008/09/19 20:43:58 | 000,068,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)

DRV:64bit: - [2008/09/04 13:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)

DRV:64bit: - [2008/07/24 12:48:10 | 000,250,928 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)

DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)

DRV:64bit: - [2008/03/27 15:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2008/03/27 15:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)

DRV:64bit: - [2008/01/20 22:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)

DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)

DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)

DRV - [2008/11/28 21:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/06/27 03:43:11] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{682A7A5C-953E-4F46-BE75-B46823CC9E8B}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/?affid=gb2

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKLM\..\SearchScopes\{682A7A5C-953E-4F46-BE75-B46823CC9E8B}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468

IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?affid=gb2&q={searchTerms}

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\..\SearchScopes\{AB40DD79-0845-416A-B585-4A78A6EE9897}: "URL" = http://search.avg.com/route/?d=4cc9492a&v=6.103.18.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\..\SearchScopes\{AB40DD79-0845-416A-B585-4A78A6EE9897}: "URL" = http://search.avg.com/route/?d=4cc9492a&v=6.103.18.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2935616890-3038444645-374369962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKU\S-1-5-21-2935616890-3038444645-374369962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/?affid=gb2

IE - HKU\S-1-5-21-2935616890-3038444645-374369962-1000\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found

IE - HKU\S-1-5-21-2935616890-3038444645-374369962-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found

IE - HKU\S-1-5-21-2935616890-3038444645-374369962-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\S-1-5-21-2935616890-3038444645-374369962-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-2935616890-3038444645-374369962-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-2935616890-3038444645-374369962-1000\..\SearchScopes\{682A7A5C-953E-4F46-BE75-B46823CC9E8B}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKU\S-1-5-21-2935616890-3038444645-374369962-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.dm/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enBB342

IE - HKU\S-1-5-21-2935616890-3038444645-374369962-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={520A4C0B-E0D2-4329-93F2-8E0549790DF3}&mid=27c7f56d07e9442dafd5ec6d32621f2a-f1cf3f2cc362b13f5ef9d7dd0b7e8eb5952313cc〈=us&ds=AVG&pr=fr&d=2011-12-10 09:10:27&v=9.0.0.18&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-2935616890-3038444645-374369962-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468

IE - HKU\S-1-5-21-2935616890-3038444645-374369962-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?affid=gb2&q={searchTerms}

IE - HKU\S-1-5-21-2935616890-3038444645-374369962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012/02/03 10:03:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/22 12:22:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/10 23:24:44 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/22 12:22:50 | 000,000,000 | ---D | M]

[2012/04/01 15:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions

[2009/09/25 13:19:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

[2011/12/19 06:40:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\extensions

[2011/09/06 19:41:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}

[2012/07/10 23:21:48 | 000,003,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - homepage:

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage:

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll

CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll

CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll

CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.11.21.5_0\plugins/np-cwmp.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: uTorrentControl_v2 = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.11.21.5_0\

CHR - Extension: AVG Safe Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKU\S-1-5-21-2935616890-3038444645-374369962-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()

O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()

O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2935616890-3038444645-374369962-1000..\Run: [cdloader] C:\Users\Owner\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)

O4 - HKU\S-1-5-21-2935616890-3038444645-374369962-1000..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)

O4 - HKU\S-1-5-21-2935616890-3038444645-374369962-1000..\Run: [Facebook Update] C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-2935616890-3038444645-374369962-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)

O4 - HKU\S-1-5-21-2935616890-3038444645-374369962-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKU\S-1-5-21-2935616890-3038444645-374369962-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O4 - HKU\S-1-5-21-2935616890-3038444645-374369962-1000..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000 File not found

O4 - HKU\S-1-5-21-2935616890-3038444645-374369962-1000..\Run: [speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2935616890-3038444645-374369962-1000..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found

O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O7 - HKU\S-1-5-21-2935616890-3038444645-374369962-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2935616890-3038444645-374369962-1000\..Trusted Domains: localhost ([]http in Computer)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.5.0)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.5.0)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.244.175.2 65.75.69.58

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2370A83-364F-4105-905A-275EB21DFC24}: DhcpNameServer = 216.137.13.22 216.137.13.23

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D00227C2-EAC7-4390-B069-BB86459BA6AD}: DhcpNameServer = 24.244.175.2 65.75.69.58

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll ()

O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/12/19 06:10:27 | 000,000,000 | RH-- | M] () - E:\autorun.wbcat -- [ UDF ]

O32 - AutoRun File - [2011/12/19 06:10:53 | 000,000,124 | ---- | M] () - E:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{0a07ac47-a43e-11de-8671-00238be9f1db}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL owNER.exE

O33 - MountPoints2\{7d428266-dc6e-11df-b09e-00238be9f1db}\Shell\AutoRun\command - "" = ircphate.exe

O33 - MountPoints2\{7d428266-dc6e-11df-b09e-00238be9f1db}\Shell\open\command - "" = ircphate.exe

O33 - MountPoints2\{bc812d42-c477-11de-a930-00238be9f1db}\Shell\AutoRun\command - "" = systemkernal.exe

O33 - MountPoints2\{bc812d47-c477-11de-a930-00238be9f1db}\Shell - "" = AutoRun

O33 - MountPoints2\{bc812d47-c477-11de-a930-00238be9f1db}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\{f89a1b4c-674c-11df-bd47-00238be9f1db}\Shell - "" = AutoRun

O33 - MountPoints2\{f89a1b4c-674c-11df-bd47-00238be9f1db}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe

O33 - MountPoints2\G\Shell\phone\command - "" = G:\autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/17 09:05:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine

[2012/08/17 08:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

[2012/08/17 08:27:25 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys

[2012/08/17 08:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2012/08/16 23:26:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/08/16 23:08:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apps

[2012/08/16 23:08:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Deployment

[2012/08/16 21:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\GBox

[2012/08/16 21:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\OptimizerPro1

[2012/08/16 20:54:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CRE

[2012/08/16 20:45:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TuneUp Software

[2012/08/16 20:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software

[2012/08/16 20:44:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}

[2012/08/16 20:42:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\OpenCandy

[2012/08/16 18:31:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{586CA352-1720-4600-AD29-880131CDA80A}

[2012/08/16 18:31:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{516B12F4-4507-4A5B-A3F3-30D15D29F5C0}

[2012/08/14 23:49:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DB8781D5-C187-40ED-9A6B-6C4174E78E82}

[2012/08/14 23:48:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1B9A8D27-2328-4AF0-A165-B52C21788D11}

[2012/08/14 07:24:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3F54377C-9887-4505-B67C-8C541B1104DD}

[2012/08/14 07:24:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{68F39A9F-D37A-4BE8-81C0-4C82E131F828}

[2012/08/13 19:23:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3D1089BB-174D-4DB8-B98D-B5C3658388A1}

[2012/08/13 19:23:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F02D1E9C-2B18-4312-B21D-A47FCB619C52}

[2012/08/13 01:27:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F23C64D8-7B53-4F8C-B73C-B9BF060D8553}

[2012/08/13 01:27:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DCC0A7F3-4215-41D6-A3BF-D2F20A5FBB41}

[2012/08/12 13:26:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{743FD2D7-F2E8-4C24-80E2-34E97496C1A7}

[2012/08/12 13:26:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{22AC21F1-E0A1-41A6-848D-B14621CCD21E}

[2012/08/11 19:50:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C3118F00-73AD-4150-B900-8C300D21D28C}

[2012/08/11 19:49:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A0F35CB8-4968-4542-A8E7-2524261B2122}

[2012/08/11 07:49:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{EB200201-FB3F-4874-94C5-8357277388B7}

[2012/08/11 07:49:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F3573169-36A1-4CE1-957D-CB1C612ED567}

[2012/08/10 11:08:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{AA507E1F-7BB2-4407-B8AC-574CBED60DB3}

[2012/08/10 11:08:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{AA605221-3133-4E1D-953A-C5B494D5AEAB}

[2012/08/09 23:50:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{FD014226-6FCA-4B2A-A39C-B8D3F5F99CA4}

[2012/08/09 11:20:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{44BF61EE-7BB3-49D6-95D0-5DB7B53A6721}

[2012/08/09 11:20:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DD080915-90CC-4BC2-AA27-697E889CFC23}

[2012/08/08 22:40:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F619C492-5F90-4D05-8EE5-0ADAFADEB83F}

[2012/08/08 21:42:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{9F6C6776-7ABF-4A69-92BD-80741BD5CB0B}

[2012/08/08 16:43:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C8284D45-BE23-4C90-82B4-987C608337C7}

[2012/08/07 20:19:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0BFE1DC5-572D-47CE-8EDC-DC7BCDAC8AF5}

[2012/08/07 20:18:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{92E2CAE5-7A37-45EE-9965-71A3C7034E8A}

[2012/08/05 13:07:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C30A53FE-91E1-4E99-B6A7-9D9C1347F015}

[2012/08/05 13:07:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2AFBAC85-6917-48A3-BF11-41F7E383109D}

[2012/08/05 01:07:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{4677C6CF-B387-4DC4-911B-AA43F0226DC3}

[2012/08/05 01:07:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{BD15115B-B715-4007-A325-EAFD20BE7233}

[2012/08/04 13:06:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0D6E2524-F47E-4876-A402-8A0EC18FBBBB}

[2012/08/04 13:06:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{097CE671-E1FE-4666-ACF9-1659A64AA1F9}

[2012/08/04 01:06:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{87DD8C1D-3C42-4FE2-B425-49DD2AFE5F86}

[2012/08/04 01:05:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DE91F878-ED27-4DA2-85E5-7258B0638D43}

[2012/08/02 20:52:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{8C01D110-0830-4408-B85F-F7EC665BDFC2}

[2012/08/02 20:52:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{4B1D3E14-0E1D-414C-92B7-B429205D2345}

[2012/08/01 20:59:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3A5EDFA9-834E-4BD4-AEB9-ECE256AA1009}

[2012/07/30 23:12:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{7613F652-496F-4D15-876C-2D3D78F23272}

[2012/07/30 09:05:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{FE418F77-0BBC-421A-96B3-E3294652A9D0}

[2012/07/30 09:05:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{23010EEB-A69F-4154-9724-27E1E03C8F8E}

[2012/07/29 21:05:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0DBD0D6A-5C31-4C12-B4FF-02D38D8D6CE4}

[2012/07/29 21:05:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0A7D94BC-054F-4400-8C3A-AE13AEA6829F}

[2012/07/28 22:08:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C8BEF97E-71E7-4A90-83FD-DD1A8FE676B9}

[2012/07/28 22:07:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{5CE5F527-4D42-42F7-BF96-8D44AFC4BBCB}

[2012/07/28 09:39:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{21ED6A2E-8E5E-4507-9167-0F5157F5EBCF}

[2012/07/28 09:38:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{302D687D-BB1F-42CC-B05E-CA14748881A3}

[2012/07/27 21:38:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{4335A695-BE8E-4E7C-B9E0-B81E28FFE414}

[2012/07/27 21:38:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{9662F91B-866E-416F-A9E5-806FE6D9E522}

[2012/07/25 11:16:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Skype

[2012/07/25 11:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012/07/25 11:16:11 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2012/07/25 11:16:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2012/07/25 11:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2012/07/25 08:56:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D254FE0B-D5D8-42F4-81E4-5F354AB3BB61}

[2012/07/25 08:56:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{ED91366C-8549-4F37-AA50-9E96BD95BF13}

[2012/07/23 14:31:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B14557AB-276D-4CEC-A80F-29F9E8C8E7BC}

[2012/07/23 14:31:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{CA66F96D-CA44-4648-AA5E-DD42D53B252D}

[2012/07/22 11:53:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{BEE15832-0535-4570-B10C-2124AACDF077}

[2012/07/22 11:52:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{009278CF-85EB-41F3-AA4E-CEAF0D972DF9}

[2012/07/21 11:40:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A7F8406C-1CA7-4792-AF8B-EC4E76FC5ED9}

[2012/07/21 11:40:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{CE901E48-C6FC-4952-9D8E-D47DC4B61213}

[2012/07/20 23:39:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F6CD5E0E-44E7-4C55-8C23-0A2F7CB8DE2F}

[2012/07/20 23:39:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{401C74EF-BA1B-4BD8-AF9D-A354E6D7D28C}

[2012/07/20 03:52:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{62A5C2E3-A095-4E42-8CB3-3FD78D6636E7}

[2012/07/20 03:52:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{043C80A6-2207-44B2-8980-1B1BFCEA76F6}

[2012/07/19 15:52:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{32301A49-D492-42DD-8F5E-3B6A3DF6A803}

[2012/07/19 15:51:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0B038B68-6DEE-49F7-BAE8-DE87473D4A74}

[2012/07/18 16:13:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F39A2834-A0FD-4234-A770-FE3D1FB96C40}

[2012/07/18 16:12:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{45C0E9F7-D06D-4BCF-AF82-32763B745859}

[2 C:\Users\Owner\Downloads\Documents\*.tmp files -> C:\Users\Owner\Downloads\Documents\*.tmp -> ]

[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/17 09:37:54 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/08/17 08:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/17 08:49:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2935616890-3038444645-374369962-1000UA.job

[2012/08/17 08:46:20 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/17 08:46:20 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/17 08:27:28 | 000,001,045 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk

[2012/08/17 08:27:28 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

[2012/08/17 07:33:04 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2935616890-3038444645-374369962-1000UA.job

[2012/08/17 06:45:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/16 23:26:08 | 000,002,042 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk

[2012/08/16 23:26:08 | 000,002,004 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/08/16 23:12:38 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/08/16 23:12:03 | 3119,714,304 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/16 20:43:29 | 000,000,009 | ---- | M] () -- C:\END

[2012/08/16 20:41:54 | 000,001,074 | ---- | M] () -- C:\Users\Owner\Desktop\DVDVideoSoft Free Studio.lnk

[2012/08/16 19:33:02 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2935616890-3038444645-374369962-1000Core.job

[2012/08/16 19:01:04 | 000,033,792 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/08/16 18:34:44 | 104,052,063 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm

[2012/08/16 17:17:12 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/08/16 17:17:12 | 000,604,752 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/08/16 17:17:12 | 000,104,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/08/16 12:49:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2935616890-3038444645-374369962-1000Core.job

[2012/08/16 09:26:29 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0EB4410A-F22D-4AFE-BB88-4402968F4519}.job

[2012/08/15 03:34:42 | 000,315,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/08/15 03:34:23 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job

[2012/08/02 13:00:25 | 000,563,847 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm

[2012/07/25 11:16:13 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2 C:\Users\Owner\Downloads\Documents\*.tmp files -> C:\Users\Owner\Downloads\Documents\*.tmp -> ]

[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/17 08:27:28 | 000,001,045 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk

[2012/08/17 08:27:28 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

[2012/08/16 23:26:08 | 000,002,042 | ---- | C] () -- C:\Users\Owner\Desktop\Google Chrome.lnk

[2012/08/16 23:26:08 | 000,002,004 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/07/25 11:16:13 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2011/09/27 00:18:23 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp

[2011/09/22 12:04:28 | 000,207,289 | ---- | C] () -- C:\Windows\hpwins28.dat

[2011/09/06 19:41:51 | 000,000,272 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\.backup.dm

[2010/12/23 07:07:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Examples

[2010/12/23 07:07:08 | 000,000,268 | RH-- | C] () -- C:\Users\Owner\AppData\Roaming\Enhance Timing

[2010/12/23 07:07:08 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Flange Saw

[2010/12/23 07:03:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Equalizer

[2010/12/23 07:03:32 | 000,000,268 | RH-- | C] () -- C:\Users\Owner\AppData\Roaming\Electric Clav

[2010/12/23 07:03:32 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Filesystems

[2010/09/06 11:36:39 | 000,006,080 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat

[2010/07/29 18:24:20 | 000,000,058 | -H-- | C] () -- C:\ProgramData\Ts_infos.ini

[2009/12/04 18:16:06 | 000,023,849 | ---- | C] () -- C:\Users\Owner\AppData\Local\tmpSNAPSHOT_20091202.3

[2009/12/04 18:16:06 | 000,023,459 | ---- | C] () -- C:\Users\Owner\AppData\Local\tmpSNAPSHOT_20091202.2

[2009/12/04 18:16:05 | 000,023,802 | ---- | C] () -- C:\Users\Owner\AppData\Local\tmpSNAPSHOT_20091202.1

[2009/12/04 18:16:04 | 000,032,205 | ---- | C] () -- C:\Users\Owner\AppData\Local\tmpSNAPSHOT_20091202.JPG

[2009/12/04 18:16:04 | 000,032,205 | ---- | C] () -- C:\Users\Owner\AppData\Local\tmpSNAPSHOT_20091202.0

[2009/12/03 10:38:03 | 000,014,469 | ---- | C] () -- C:\Users\Owner\AppData\Local\tmpL_43958B141382DEDB63AC67346AF05300.JPG

[2009/12/03 10:38:03 | 000,014,393 | ---- | C] () -- C:\Users\Owner\AppData\Local\tmpL_43958B141382DEDB63AC67346AF05300.0

[2009/12/02 18:20:17 | 000,449,536 | ---- | C] () -- C:\Users\Owner\Untitled.MSWMM

[2009/09/23 07:52:14 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2009/08/31 17:10:13 | 000,028,980 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png

[2009/08/26 18:45:04 | 000,033,792 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2010/10/28 18:41:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG10

[2010/11/20 09:14:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2012/08/16 20:42:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoft

[2012/08/16 21:05:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers

[2011/09/06 19:41:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\eBayDesktopShortcut

[2010/02/09 19:27:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FloodLightGames

[2010/07/29 18:50:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FxFotoDB

[2011/11/23 14:28:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\HEC

[2010/01/19 19:08:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\iWin

[2010/02/27 16:45:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ludia

[2012/05/06 07:03:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mjusbsp

[2009/09/28 18:58:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\muvee Technologies

[2010/12/23 07:30:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Nikon

[2012/08/16 20:42:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenCandy

[2009/08/31 17:10:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking

[2010/06/23 15:28:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayFirst

[2012/03/13 13:43:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RETScreen

[2011/07/27 18:32:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SplashupLight.8F84E54D18819F0C71CA15FE192C56A89F17989F.1

[2012/08/16 20:45:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software

[2010/02/14 16:39:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Vivox

[2009/08/27 08:49:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WildTangent

[2010/03/11 14:54:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch

[2012/08/05 19:55:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WindSolutions

[2012/08/16 19:33:02 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2935616890-3038444645-374369962-1000Core.job

[2012/08/17 07:33:04 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2935616890-3038444645-374369962-1000UA.job

[2009/08/31 18:07:06 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\NSSstub.job

[2012/08/16 23:10:59 | 000,032,522 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/08/16 09:26:29 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0EB4410A-F22D-4AFE-BB88-4402968F4519}.job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

While I look over the log, you have to make any changes in Chrome yourself:

First please make sure you have the latest version of Chrome:

Click the wrench in the upper right hand corner

Click on "About Google Chrome"

If an update is available it will be downloaded and installed

Next:

Carefully check for any odd extensions or plugins:

Type the following into the address box and hit Enter:

chrome:plugins

Do the same for:

chrome:extensions

Next:

Go to Settings > Show advanced settings........ (at the bottom)

Put a check next to all of these:

  1. Clear browsing history
  2. Clear download history
  3. Empty the cache

Click "Clear Browsing Data"

Next:

Look through the rest of Tools, Settings and View Backround Pages and make sure there's nothing suspicious.

---------------------------

Then look at this link (it's for a different infection but the way to change Chromes settings is the same)

http://deletemalware...tall-guide.html

Let me know, MrC

Link to post
Share on other sites

Please download SystemLook from the link below and save it to your Desktop.

http://jpshortstuff....temLook_x64.exe

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :regfind
    gadgetbox


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 13:41 on 17/08/2012 by Owner

Administrator - Elevation successful

========== regfind ==========

Searching for "gadgetbox"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}]

"DisplayName"="GadgetBox"

-= EOF =-

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.