Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Multiple Infections limiting internet access

Started by AZCMer , Jul 05 2011 12:14 AM

Page 5 of 7
3
4
5
6
7

Please log in to reply

#61
AZCMer

Posted 31 July 2011 - 08:10 PM

Member

Topic Starter
Member
108 posts

OTL log:

OTL logfile created on: 7/31/2011 7:04:46 PM - Run 12
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\The Reeve Family\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 3.84 Gb Available Physical Memory | 66.71% Memory free
17.47 Gb Paging File | 15.51 Gb Available in Paging File | 88.81% Paging File free
Paging file location(s): c:\pagefile.sys 12000 18000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.07 Gb Total Space | 125.04 Gb Free Space | 21.41% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 1.86 Gb Free Space | 15.49% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 0.01 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: FAMILYCOMPUTER | User Name: The Reeve Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/25 08:17:02 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\real\realplayer\Update\realsched.exe
PRC - [2011/07/14 16:43:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
PRC - [2011/06/22 13:49:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/11/18 04:42:52 | 000,275,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/05/08 16:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 16:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/05/01 14:35:10 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/02/27 19:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2006/06/10 02:10:57 | 000,351,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE

========== Modules (SafeList) ==========

MOD - [2011/07/14 16:43:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
MOD - [2010/11/20 05:19:48 | 002,341,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/13 18:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009/07/13 18:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll
MOD - [2009/07/13 18:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/12/03 20:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/11/23 15:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/11/23 15:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/07/21 14:13:38 | 004,407,664 | ---- | M] (MediaMall Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/07/07 20:07:04 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/08 13:32:52 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/14 21:28:24 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/14 09:33:14 | 002,746,624 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvtcam.sys -- (DCamUSBNovatek)
DRV:64bit: - [2010/01/26 17:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2010/01/24 22:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/10/14 10:02:20 | 000,027,304 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2009/07/31 00:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/20 11:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/09/12 09:03:34 | 000,651,776 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2008/09/12 09:03:34 | 000,539,520 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/02/16 10:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A6 9F CC 01 38 B8 C9 48 8F 66 58 1D D4 DC B4 BA [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {47624dda-b77e-4feb-820a-e4f077d5d4ca}:11.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..keyword.URL: "http://search.yahoo....type=685749&p="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57131
FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\The Reeve Family\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\The Reeve Family\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/15 17:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/08/07 01:03:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/07/18 13:52:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/25 08:17:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/25 08:17:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/25 08:17:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\The Reeve Family\AppData\Roaming\Move Networks [2010/01/09 18:18:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/15 17:51:54 | 000,000,000 | ---D | M]

[2011/05/07 18:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Extensions
[2011/05/07 18:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/26 01:31:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions
[2011/06/21 12:57:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/07/26 13:48:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions
[2009/11/29 23:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/29 23:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\staged-xpis
[2010/09/22 10:01:11 | 000,002,160 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\searchplugins\startpage-https.xml
[2010/09/22 10:00:52 | 000,002,152 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\searchplugins\startpage.xml
[2011/07/14 13:14:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/27 08:40:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/18 13:52:39 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2011/07/25 08:17:17 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/06/22 13:49:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 09:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2010/11/27 08:40:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 09:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/06/03 09:50:13 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [L07AXLRD_2040898] C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] File not found
O4 - Startup: C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: grillflame.net ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: hp.com ([h50203.www5] https in Trusted sites)
O15 - HKCU\..Trusted Domains: hp.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5....DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/27 09:36:45 | 000,000,067 | ---- | M] () - J:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{c4a68fca-da37-11de-8546-90e6ba3e780b}\Shell - "" = AutoRun
O33 - MountPoints2\{c4a68fca-da37-11de-8546-90e6ba3e780b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/30 12:22:37 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Desktop\GooredFix Backups
[2011/07/30 12:21:02 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\The Reeve Family\Desktop\GooredFix.exe
[2011/07/28 01:00:57 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2011/07/27 10:47:44 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\The Reeve Family\Desktop\aswMBR.exe
[2011/07/26 12:38:42 | 000,000,000 | ---D | C] -- C:\Seagate temp
[2011/07/26 12:32:14 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Desktop\Guides
[2011/07/26 12:31:54 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Desktop\Bin
[2011/07/26 12:11:09 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/26 12:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/26 12:11:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/26 12:10:12 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\The Reeve Family\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/26 00:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayOn
[2011/07/26 00:35:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ffdshowEx
[2011/07/25 18:20:29 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\space
[2011/07/25 18:14:53 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{352BF278-585C-4743-806A-B98D33E7D45D}
[2011/07/25 13:28:26 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AdobeLicensingFilesBackup
[2011/07/25 13:20:54 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Desktop\LicenseRecovery
[2011/07/25 08:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2011/07/25 08:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/07/25 08:17:04 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011/07/25 08:16:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\real
[2011/07/22 09:25:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/07/22 09:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/22 09:24:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/07/22 09:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/22 09:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/22 09:22:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/07/21 11:33:03 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{30EA9FC9-73C1-4C23-93C5-CD71DA605E4D}
[2011/07/20 23:32:22 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{76B61CD7-2761-40DF-8287-3650EFD84036}
[2011/07/20 11:31:52 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{B8B4B3B5-3134-4656-B26A-C4D8FFD82FD5}
[2011/07/19 17:21:04 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{FB299AB1-FA1E-4EA9-BE44-03F5008574D2}
[2011/07/18 15:38:08 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/07/18 14:19:44 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{E8E54F29-E756-49E0-8CEB-E6FF97176581}
[2011/07/18 13:54:03 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\AVG10
[2011/07/18 13:52:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/07/18 13:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/07/18 13:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/07/18 13:51:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011/07/18 13:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/07/17 10:00:57 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{A9EF14E6-79B5-421B-B12D-66FD94EF180D}
[2011/07/16 21:36:51 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{17B13259-5F2C-462D-91CB-AD30350303B8}
[2011/07/16 09:36:07 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{1215F29A-B3F7-476F-AA31-8FB10CBAFECA}
[2011/07/15 19:33:20 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{E8387885-8DB2-4738-9CF8-B6FD2731184D}
[2011/07/15 03:01:32 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{4AD10F14-3EF0-4320-A841-4DB04FB164ED}
[2011/07/14 16:43:11 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
[2011/07/14 13:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/14 10:14:04 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{4DDEA5E2-ADA6-4F52-810B-519A012D8AF2}
[2011/07/14 07:06:50 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\HPAppData
[2011/07/13 11:24:49 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2011/07/13 11:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2011/07/13 11:07:29 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Simply Super Software
[2011/07/13 11:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/07/10 19:17:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/07/10 09:38:14 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{5A0D5837-605D-4C59-82A9-0ECF369D9AEE}
[2011/07/09 22:45:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/09 20:37:59 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{2F4725B1-CD02-43BB-94A1-6A43FA5685B4}
[2011/07/09 20:37:48 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{39A35FF1-12DF-4C1A-B3C5-461CAC397838}
[2011/07/09 08:37:10 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{D78AA17E-C1AE-4A03-A1E0-EFE804A80412}
[2011/07/08 13:11:24 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{C37D2A75-0ACA-4BA4-B813-852E172DE875}
[2011/07/08 13:10:54 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{2C411667-EE6F-41DD-A08D-A59E2D7F885B}
[2011/07/08 00:04:11 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{1BA57C1F-805C-4C0A-AA48-3C062D1EED45}
[2011/07/08 00:04:00 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{68A82311-8337-4565-82BB-EF91BDF1AD0D}
[2011/07/07 17:44:56 | 000,000,000 | ---D | C] -- C:\ProgramData\PhotoStitch
[2011/07/07 16:57:45 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\ZoomBrowser EX
[2011/07/07 12:03:15 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{E85CC538-A8B5-4622-930F-F10FCAF03B93}
[2011/07/06 14:02:19 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{9EFAC25E-B872-4E4D-9E2A-71FC08A14B00}
[2011/07/05 21:48:41 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{02D52A9B-68E2-4381-9FCF-51113F4A5747}
[2011/07/05 11:27:10 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Photography
[2011/07/05 09:48:00 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{152FDEF7-6DF2-42A0-88F9-E16E54781D77}
[2011/07/03 17:22:37 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Tessera

========== Files - Modified Within 30 Days ==========

[2011/07/31 18:16:57 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/31 18:16:57 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/31 18:12:52 | 126,425,482 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/07/31 18:09:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/31 18:09:02 | 334,942,207 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/31 15:51:15 | 000,007,597 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Local\Resmon.ResmonCfg
[2011/07/31 15:39:03 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/07/30 13:41:11 | 002,447,334 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Local\[j0003]-[p06].bmp
[2011/07/30 12:34:47 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/30 12:34:47 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/30 12:34:47 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/30 12:21:03 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\The Reeve Family\Desktop\GooredFix.exe
[2011/07/27 14:09:45 | 000,000,512 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\MBR.dat
[2011/07/27 10:48:34 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\The Reeve Family\Desktop\aswMBR.exe
[2011/07/27 10:34:05 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForThe Reeve Family.job
[2011/07/27 09:53:01 | 000,099,118 | ---- | M] () -- C:\Users\The Reeve Family\Documents\Sample Truth Focus Staements.pdf
[2011/07/26 12:42:39 | 000,002,150 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2011/07/26 12:11:10 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/26 12:10:17 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\The Reeve Family\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/26 00:35:26 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\PlayOn.lnk
[2011/07/25 08:17:29 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/07/25 08:17:04 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011/07/22 09:25:08 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/21 23:36:26 | 000,000,112 | ---- | M] () -- C:\Windows\SysWow64\573779942
[2011/07/21 12:04:12 | 000,001,135 | ---- | M] () -- C:\Users\The Reeve Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/07/20 12:32:26 | 000,606,208 | ---- | M] () -- C:\Users\The Reeve Family\Documents\The Healing Codes Manual - Dr Alexander Loyd.pdf
[2011/07/19 20:57:20 | 001,595,740 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\USBDRVEN.EXE
[2011/07/18 13:52:41 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/07/18 13:52:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\incavi.avm
[2011/07/18 13:52:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavichjw.avm
[2011/07/15 13:04:06 | 000,000,573 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\MBR.zip
[2011/07/14 16:43:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
[2011/07/14 13:46:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\file.ext
[2011/07/14 13:20:04 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/13 21:42:36 | 000,377,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/04 21:56:57 | 000,006,102 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Roaming\B1C6.454

========== Files Created - No Company Name ==========

[2011/07/31 18:12:52 | 126,425,482 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/07/30 13:41:10 | 002,447,334 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\[j0003]-[p06].bmp
[2011/07/27 14:09:45 | 000,000,512 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\MBR.dat
[2011/07/27 09:53:01 | 000,099,118 | ---- | C] () -- C:\Users\The Reeve Family\Documents\Sample Truth Focus Staements.pdf
[2011/07/26 12:42:39 | 000,002,150 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2011/07/26 12:11:10 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/26 00:35:26 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\PlayOn.lnk
[2011/07/25 08:17:29 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/07/22 09:25:08 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/20 12:25:30 | 000,606,208 | ---- | C] () -- C:\Users\The Reeve Family\Documents\The Healing Codes Manual - Dr Alexander Loyd.pdf
[2011/07/19 20:57:19 | 001,595,740 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\USBDRVEN.EXE
[2011/07/18 13:52:41 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/07/15 13:04:06 | 000,000,573 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\MBR.zip
[2011/07/14 13:20:04 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/13 11:08:35 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForThe Reeve Family.job
[2011/07/02 22:32:56 | 000,006,102 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Roaming\B1C6.454
[2011/07/01 22:30:14 | 000,000,112 | ---- | C] () -- C:\Windows\SysWow64\573779942
[2010/07/15 18:07:36 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat.temp
[2010/07/15 17:46:54 | 000,171,932 | ---- | C] () -- C:\Windows\hpoins37.dat
[2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/06/27 13:29:20 | 000,000,070 | ---- | C] () -- C:\Windows\FSaver.ini
[2010/06/27 13:29:19 | 000,000,103 | ---- | C] () -- C:\Windows\Wingmakers.ini
[2010/06/06 08:18:23 | 000,003,235 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\Temp11.html
[2010/06/06 08:18:08 | 000,000,778 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\Temp1.html
[2010/04/30 22:34:58 | 000,000,036 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\housecall.guid.cache
[2010/04/30 06:37:02 | 000,003,276 | ---- | C] () -- C:\Windows\SysWow64\NVTBM.ini
[2010/04/08 10:53:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/22 08:00:15 | 000,007,597 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\Resmon.ResmonCfg
[2010/02/02 13:05:58 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat
[2009/12/21 10:06:32 | 000,002,325 | ---- | C] () -- C:\Windows\checkip.dat
[2009/12/12 09:01:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/07 14:41:31 | 000,000,022 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/11/27 09:05:23 | 000,000,848 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009/11/26 10:12:08 | 000,001,092 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Roaming\wklnhst.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007/09/05 17:01:22 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2007/08/23 09:55:34 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2000/06/28 03:00:00 | 000,124,416 | ---- | C] () -- C:\Windows\SysWow64\dXCtrls.dll

========== LOP Check ==========

[2011/03/24 13:22:25 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Amazon
[2010/01/20 09:15:56 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Audio Recorder for Free
[2011/07/18 13:54:03 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\AVG10
[2010/05/28 18:01:32 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Barnes & Noble
[2009/11/27 07:32:06 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\BNeReader
[2010/05/29 12:00:54 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\calibre
[2011/06/20 23:37:11 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Canon
[2010/11/04 07:37:06 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Digiarty
[2011/06/07 07:12:03 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Dropbox
[2009/12/02 09:14:06 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Foxit
[2010/01/07 23:08:35 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Foxit Software
[2011/03/19 11:53:45 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Jasc
[2010/03/26 18:02:45 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Leadertech
[2010/08/24 15:32:49 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\muvee Technologies
[2010/07/15 06:30:48 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\OpenDNS Updater
[2010/01/09 18:27:12 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\OverDrive
[2011/07/28 01:00:57 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2009/11/25 20:14:55 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\PictureMover
[2010/11/27 14:49:57 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\QuickScan
[2011/07/26 12:36:49 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\SecondLife
[2010/03/24 21:27:43 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\SystemRequirementsLab
[2009/11/26 10:12:30 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Template
[2011/05/07 18:47:17 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Thunderbird
[2011/02/02 11:46:05 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Visan
[2009/12/18 20:09:29 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\WildTangent
[2009/11/26 21:09:37 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\WinBatch
[2010/08/07 18:35:16 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Windows Live Writer
[2010/07/03 07:49:54 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\WTouch
[2011/07/31 15:39:03 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/05/26 11:17:36 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 985 bytes -> C:\Users\The Reeve Family\Documents\Lezli, welcome to www_realmindpowersecrets_com !.eml:OECustomProperty
@Alternate Data Stream - 1719 bytes -> C:\Users\The Reeve Family\Documents\Nieuwjaar 2010.eml:OECustomProperty
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >

#62
Cold Titanium

Posted 04 August 2011 - 03:17 PM

Trusted Helper

Malware Removal
1,735 posts

Step #1

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57131
FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost,127.0.0.1"
[2011/07/02 22:32:56 | 000,006,102 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Roaming\B1C6.454
[2011/07/01 22:30:14 | 000,000,112 | ---- | C] () -- C:\Windows\SysWow64\573779942

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step #2

Delete your current copy of Combofix, if you have it

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\Combofix.txt in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step #3

Re-open MalwareBytes and click the Update tab
Update it
Click the scanner Tab and perform a Full Scan
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post OTL.txt, Combofix.txt, and the MBAM report

#63
AZCMer

Posted 05 August 2011 - 10:33 AM

Member

Topic Starter
Member
108 posts

As I recall, the last time I ran ComboFix, I lost my workspace and didn't have access to any data. I had to restore to a previous time to get my desktop back. I still don't understand what happened back then and am wondering what the chances are of that happening again. If that happens again, what do I do? I'll await your response before running ComboFix.

Also, I notice there are some 'redirects' that keep being listed under IE in the OTL list. Is that anything worth looking at?

Anyway, here is my OTL log:

OTL logfile created on: 8/5/2011 9:17:38 AM - Run 13
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\The Reeve Family\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.08 Gb Available Physical Memory | 71.02% Memory free
17.47 Gb Paging File | 15.80 Gb Available in Paging File | 90.45% Paging File free
Paging file location(s): c:\pagefile.sys 12000 18000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.07 Gb Total Space | 123.95 Gb Free Space | 21.22% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 1.86 Gb Free Space | 15.49% Space Free | Partition Type: NTFS
Drive E: | 2.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FAMILYCOMPUTER | User Name: The Reeve Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/25 08:17:02 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\real\realplayer\Update\realsched.exe
PRC - [2011/07/14 16:43:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/11/18 04:42:52 | 000,275,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/05/08 16:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 16:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/05/01 14:35:10 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/02/27 19:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2006/06/10 02:10:57 | 000,351,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE

========== Modules (SafeList) ==========

MOD - [2011/07/14 16:43:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
MOD - [2010/11/20 05:19:48 | 002,341,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/13 18:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009/07/13 18:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll
MOD - [2009/07/13 18:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/12/03 20:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/11/23 15:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/11/23 15:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/07/21 14:13:38 | 004,407,664 | ---- | M] (MediaMall Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/07/07 20:07:04 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/08 13:32:52 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/14 21:28:24 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/14 09:33:14 | 002,746,624 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvtcam.sys -- (DCamUSBNovatek)
DRV:64bit: - [2010/01/26 17:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2010/01/24 22:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/10/14 10:02:20 | 000,027,304 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2009/07/31 00:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/20 11:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/09/12 09:03:34 | 000,651,776 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2008/09/12 09:03:34 | 000,539,520 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/02/16 10:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A6 9F CC 01 38 B8 C9 48 8F 66 58 1D D4 DC B4 BA [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {47624dda-b77e-4feb-820a-e4f077d5d4ca}:11.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..keyword.URL: "http://search.yahoo....type=685749&p="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57131
FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\The Reeve Family\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\The Reeve Family\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/15 17:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/08/07 01:03:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/08/04 09:57:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/25 08:17:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/25 08:17:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/05 08:56:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\The Reeve Family\AppData\Roaming\Move Networks [2010/01/09 18:18:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/15 17:51:54 | 000,000,000 | ---D | M]

[2011/05/07 18:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Extensions
[2011/05/07 18:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/08/03 00:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions
[2011/08/03 00:32:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/07/26 13:48:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions
[2009/11/29 23:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/29 23:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\staged-xpis
[2010/09/22 10:01:11 | 000,002,160 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\searchplugins\startpage-https.xml
[2010/09/22 10:00:52 | 000,002,152 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\searchplugins\startpage.xml
[2011/07/14 13:14:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/27 08:40:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011/08/04 09:57:29 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2011/07/25 08:17:17 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/06/22 13:49:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 09:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2010/11/27 08:40:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 09:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/06/03 09:50:13 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [L07AXLRD_2040898] C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] File not found
O4 - Startup: C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: grillflame.net ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: hp.com ([h50203.www5] https in Trusted sites)
O15 - HKCU\..Trusted Domains: hp.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5....DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/12 15:01:58 | 000,000,073 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009/08/25 17:35:19 | 000,000,000 | ---D | M] - E:\Autoplay -- [ CDFS ]
O32 - AutoRun File - [2008/07/08 04:04:00 | 000,189,808 | R--- | M] (Adobe Systems Incorporated) - E:\Autoplay.exe -- [ CDFS ]
O33 - MountPoints2\{306e804f-b4fc-11de-b707-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{306e804f-b4fc-11de-b707-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autoplay.exe -- [2008/07/08 04:04:00 | 000,189,808 | R--- | M] (Adobe Systems Incorporated)
O33 - MountPoints2\{c4a68fca-da37-11de-8546-90e6ba3e780b}\Shell - "" = AutoRun
O33 - MountPoints2\{c4a68fca-da37-11de-8546-90e6ba3e780b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/05 08:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/04 21:22:26 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{2A15DEC5-2FD4-4354-B2F7-98881254EFDF}
[2011/08/04 17:30:47 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Camera_Raw_6_2
[2011/08/04 12:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2011/08/04 12:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/08/04 12:32:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\syncdb
[2011/08/01 11:23:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2011/08/01 11:21:54 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\BitTorrent
[2011/07/30 12:22:37 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Desktop\GooredFix Backups
[2011/07/30 12:21:02 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\The Reeve Family\Desktop\GooredFix.exe
[2011/07/28 01:00:57 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2011/07/27 10:47:44 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\The Reeve Family\Desktop\aswMBR.exe
[2011/07/26 12:38:42 | 000,000,000 | ---D | C] -- C:\Seagate temp
[2011/07/26 12:11:09 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/26 12:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/26 12:11:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/26 12:10:12 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\The Reeve Family\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/26 00:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayOn
[2011/07/26 00:35:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ffdshowEx
[2011/07/25 18:20:29 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\space
[2011/07/25 18:14:53 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{352BF278-585C-4743-806A-B98D33E7D45D}
[2011/07/25 13:28:26 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AdobeLicensingFilesBackup
[2011/07/25 13:20:54 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Desktop\LicenseRecovery
[2011/07/25 08:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2011/07/25 08:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/07/25 08:17:04 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011/07/25 08:16:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\real
[2011/07/22 09:25:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/07/22 09:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/22 09:24:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/07/22 09:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/22 09:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/22 09:22:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/07/21 11:33:03 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{30EA9FC9-73C1-4C23-93C5-CD71DA605E4D}
[2011/07/20 23:32:22 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{76B61CD7-2761-40DF-8287-3650EFD84036}
[2011/07/20 11:31:52 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{B8B4B3B5-3134-4656-B26A-C4D8FFD82FD5}
[2011/07/19 17:21:04 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{FB299AB1-FA1E-4EA9-BE44-03F5008574D2}
[2011/07/18 15:38:08 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/07/18 14:19:44 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{E8E54F29-E756-49E0-8CEB-E6FF97176581}
[2011/07/18 13:54:03 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\AVG10
[2011/07/18 13:52:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/07/18 13:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/07/18 13:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/07/18 13:51:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011/07/18 13:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/07/17 10:00:57 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{A9EF14E6-79B5-421B-B12D-66FD94EF180D}
[2011/07/16 21:36:51 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{17B13259-5F2C-462D-91CB-AD30350303B8}
[2011/07/16 09:36:07 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{1215F29A-B3F7-476F-AA31-8FB10CBAFECA}
[2011/07/15 19:33:20 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{E8387885-8DB2-4738-9CF8-B6FD2731184D}
[2011/07/15 03:01:32 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{4AD10F14-3EF0-4320-A841-4DB04FB164ED}
[2011/07/14 16:43:11 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
[2011/07/14 13:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/14 10:14:04 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{4DDEA5E2-ADA6-4F52-810B-519A012D8AF2}
[2011/07/14 07:06:50 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\HPAppData
[2011/07/13 11:24:49 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2011/07/13 11:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2011/07/13 11:07:29 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Simply Super Software
[2011/07/13 11:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/07/10 19:17:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/07/10 09:38:14 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{5A0D5837-605D-4C59-82A9-0ECF369D9AEE}
[2011/07/09 22:45:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/09 20:37:59 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{2F4725B1-CD02-43BB-94A1-6A43FA5685B4}
[2011/07/09 20:37:48 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{39A35FF1-12DF-4C1A-B3C5-461CAC397838}
[2011/07/09 08:37:10 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{D78AA17E-C1AE-4A03-A1E0-EFE804A80412}
[2011/07/08 13:11:24 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{C37D2A75-0ACA-4BA4-B813-852E172DE875}
[2011/07/08 13:10:54 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{2C411667-EE6F-41DD-A08D-A59E2D7F885B}
[2011/07/08 00:04:11 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{1BA57C1F-805C-4C0A-AA48-3C062D1EED45}
[2011/07/08 00:04:00 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{68A82311-8337-4565-82BB-EF91BDF1AD0D}
[2011/07/07 17:44:56 | 000,000,000 | ---D | C] -- C:\ProgramData\PhotoStitch
[2011/07/07 16:57:45 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\ZoomBrowser EX
[2011/07/07 12:03:15 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{E85CC538-A8B5-4622-930F-F10FCAF03B93}
[2011/07/06 14:02:19 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{9EFAC25E-B872-4E4D-9E2A-71FC08A14B00}

========== Files - Modified Within 30 Days ==========

[2011/08/05 09:19:55 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/05 09:19:55 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/05 09:12:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/05 09:12:28 | 000,377,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/05 09:12:07 | 334,942,207 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/05 08:04:13 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/04 18:11:46 | 126,908,866 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/08/04 12:41:05 | 000,001,215 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
[2011/08/04 09:57:29 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/08/02 23:58:04 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForThe Reeve Family.job
[2011/08/01 11:23:54 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2011/07/31 15:51:15 | 000,007,597 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Local\Resmon.ResmonCfg
[2011/07/31 15:39:03 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/07/30 13:41:11 | 002,447,334 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Local\[j0003]-[p06].bmp
[2011/07/30 12:34:47 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/30 12:34:47 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/30 12:34:47 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/30 12:21:03 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\The Reeve Family\Desktop\GooredFix.exe
[2011/07/27 10:48:34 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\The Reeve Family\Desktop\aswMBR.exe
[2011/07/27 09:53:01 | 000,099,118 | ---- | M] () -- C:\Users\The Reeve Family\Documents\Sample Truth Focus Staements.pdf
[2011/07/26 12:42:39 | 000,002,150 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2011/07/26 12:11:10 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/26 12:10:17 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\The Reeve Family\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/26 00:35:26 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\PlayOn.lnk
[2011/07/25 08:17:29 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/07/25 08:17:04 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011/07/22 09:25:08 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/21 12:04:12 | 000,001,135 | ---- | M] () -- C:\Users\The Reeve Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/07/20 12:32:26 | 000,606,208 | ---- | M] () -- C:\Users\The Reeve Family\Documents\The Healing Codes Manual - Dr Alexander Loyd.pdf
[2011/07/19 20:57:20 | 001,595,740 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\USBDRVEN.EXE
[2011/07/18 13:52:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\incavi.avm
[2011/07/18 13:52:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavichjw.avm
[2011/07/15 13:04:06 | 000,000,573 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\MBR.zip
[2011/07/14 16:43:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
[2011/07/14 13:46:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\file.ext
[2011/07/14 13:20:04 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/08/05 08:04:13 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/04 18:11:46 | 126,908,866 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/08/04 12:41:05 | 000,001,227 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 8.0.lnk
[2011/08/04 12:41:05 | 000,001,215 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
[2011/08/01 11:23:54 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2011/07/30 13:41:10 | 002,447,334 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\[j0003]-[p06].bmp
[2011/07/27 09:53:01 | 000,099,118 | ---- | C] () -- C:\Users\The Reeve Family\Documents\Sample Truth Focus Staements.pdf
[2011/07/26 12:42:39 | 000,002,150 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2011/07/26 12:11:10 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/26 00:35:26 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\PlayOn.lnk
[2011/07/25 08:17:29 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/07/22 09:25:08 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/20 12:25:30 | 000,606,208 | ---- | C] () -- C:\Users\The Reeve Family\Documents\The Healing Codes Manual - Dr Alexander Loyd.pdf
[2011/07/19 20:57:19 | 001,595,740 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\USBDRVEN.EXE
[2011/07/18 13:52:41 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/07/15 13:04:06 | 000,000,573 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\MBR.zip
[2011/07/14 13:20:04 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/13 11:08:35 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForThe Reeve Family.job
[2010/07/15 18:07:36 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat.temp
[2010/07/15 17:46:54 | 000,171,932 | ---- | C] () -- C:\Windows\hpoins37.dat
[2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/06/27 13:29:20 | 000,000,070 | ---- | C] () -- C:\Windows\FSaver.ini
[2010/06/27 13:29:19 | 000,000,103 | ---- | C] () -- C:\Windows\Wingmakers.ini
[2010/06/06 08:18:23 | 000,003,235 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\Temp11.html
[2010/06/06 08:18:08 | 000,000,778 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\Temp1.html
[2010/04/30 22:34:58 | 000,000,036 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\housecall.guid.cache
[2010/04/30 06:37:02 | 000,003,276 | ---- | C] () -- C:\Windows\SysWow64\NVTBM.ini
[2010/04/08 10:53:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/22 08:00:15 | 000,007,597 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\Resmon.ResmonCfg
[2010/02/02 13:05:58 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat
[2009/12/21 10:06:32 | 000,002,325 | ---- | C] () -- C:\Windows\checkip.dat
[2009/12/12 09:01:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/07 14:41:31 | 000,000,022 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/11/27 09:05:23 | 000,000,848 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009/11/26 10:12:08 | 000,001,092 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Roaming\wklnhst.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007/09/05 17:01:22 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2007/08/23 09:55:34 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2000/06/28 03:00:00 | 000,124,416 | ---- | C] () -- C:\Windows\SysWow64\dXCtrls.dll

========== LOP Check ==========

[2011/03/24 13:22:25 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Amazon
[2010/01/20 09:15:56 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Audio Recorder for Free
[2011/07/18 13:54:03 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\AVG10
[2010/05/28 18:01:32 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Barnes & Noble
[2011/08/02 21:24:32 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\BitTorrent
[2009/11/27 07:32:06 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\BNeReader
[2010/05/29 12:00:54 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\calibre
[2011/06/20 23:37:11 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Canon
[2010/11/04 07:37:06 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Digiarty
[2011/06/07 07:12:03 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Dropbox
[2009/12/02 09:14:06 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Foxit
[2010/01/07 23:08:35 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Foxit Software
[2011/03/19 11:53:45 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Jasc
[2010/03/26 18:02:45 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Leadertech
[2010/08/24 15:32:49 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\muvee Technologies
[2010/07/15 06:30:48 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\OpenDNS Updater
[2010/01/09 18:27:12 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\OverDrive
[2011/07/28 01:00:57 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2009/11/25 20:14:55 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\PictureMover
[2010/11/27 14:49:57 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\QuickScan
[2011/07/26 12:36:49 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\SecondLife
[2010/03/24 21:27:43 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\SystemRequirementsLab
[2009/11/26 10:12:30 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Template
[2011/05/07 18:47:17 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Thunderbird
[2011/02/02 11:46:05 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Visan
[2009/12/18 20:09:29 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\WildTangent
[2009/11/26 21:09:37 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\WinBatch
[2010/08/07 18:35:16 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Windows Live Writer
[2010/07/03 07:49:54 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\WTouch
[2011/07/31 15:39:03 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/05/26 11:17:36 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 985 bytes -> C:\Users\The Reeve Family\Documents\Lezli, welcome to www_realmindpowersecrets_com !.eml:OECustomProperty
@Alternate Data Stream - 1719 bytes -> C:\Users\The Reeve Family\Documents\Nieuwjaar 2010.eml:OECustomProperty
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >

#64
Cold Titanium

Posted 05 August 2011 - 11:56 AM

Trusted Helper

Malware Removal
1,735 posts

The last time, you had a rootkit interfering. Now that it is gone it shouldn't cause problems. Go ahead with my instructions.

#65
AZCMer

Posted 05 August 2011 - 12:35 PM

Member

Topic Starter
Member
108 posts

Ok. Thanks. Will do. Be right back with the results.

#66
AZCMer

Posted 05 August 2011 - 01:25 PM

Member

Topic Starter
Member
108 posts

When combofix completed, I couldn't run anything. The error I got was 'registry key marked for deletion'. I rebooted and the system rebooted normally and I am here with the log:

ComboFix 11-08-05.01 - The Reeve Family 08/05/2011 11:52:15.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.3800 [GMT -7:00]
Running from: c:\users\The Reeve Family\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\users\The Reeve Family\GoToAssistDownloadHelper.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\FAST2002.ocx
.
.
((((((((((((((((((((((((( Files Created from 2011-07-05 to 2011-08-05 )))))))))))))))))))))))))))))))
.
.
2011-08-05 18:57 . 2011-08-05 18:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-05 15:56 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2011-08-05 15:56 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
2011-08-05 15:56 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2011-08-04 19:41 . 2008-06-16 10:00 55024 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2011-08-04 19:39 . 2011-08-04 19:39 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-08-04 19:39 . 2011-08-04 19:39 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2011-08-04 19:32 . 2011-08-04 19:32 -------- d-----w- c:\windows\SysWow64\syncdb
2011-08-01 18:23 . 2011-08-01 18:23 -------- d-----w- c:\program files (x86)\BitTorrent
2011-08-01 18:21 . 2011-08-03 04:24 -------- d-----w- c:\users\The Reeve Family\AppData\Roaming\BitTorrent
2011-07-28 08:00 . 2011-07-28 08:00 -------- d-----w- c:\users\The Reeve Family\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
2011-07-27 16:41 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E519DE36-3744-46AF-A2A4-F861340AC9F9}\mpengine.dll
2011-07-26 19:38 . 2011-07-26 19:38 -------- d-----w- C:\Seagate temp
2011-07-26 19:11 . 2011-07-07 02:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-26 19:11 . 2011-07-26 19:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-26 07:35 . 2011-07-26 07:35 -------- d-----w- c:\program files (x86)\Common Files\ffdshowEx
2011-07-25 20:28 . 2011-07-25 20:30 -------- d-----w- c:\users\The Reeve Family\AdobeLicensingFilesBackup
2011-07-25 15:17 . 2011-07-25 15:17 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2011-07-25 15:17 . 2011-07-25 15:17 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-07-25 15:17 . 2011-07-25 15:17 150712 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2011-07-25 15:17 . 2011-07-25 15:17 105472 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2011-07-25 15:16 . 2011-07-25 15:17 -------- d-----w- c:\program files (x86)\real
2011-07-22 16:24 . 2011-07-22 16:25 -------- d-----w- c:\program files\iTunes
2011-07-22 16:24 . 2011-07-22 16:25 -------- d-----w- c:\program files (x86)\iTunes
2011-07-22 16:24 . 2011-07-22 16:24 -------- d-----w- c:\program files\iPod
2011-07-22 16:22 . 2011-07-22 16:22 -------- d-----w- c:\program files\Bonjour
2011-07-22 16:22 . 2011-07-22 16:22 -------- d-----w- c:\program files (x86)\Bonjour
2011-07-18 22:38 . 2011-07-18 22:38 -------- d-----w- C:\$AVG
2011-07-18 20:54 . 2011-07-18 20:54 -------- d-----w- c:\users\The Reeve Family\AppData\Roaming\AVG10
2011-07-18 20:52 . 2011-07-18 20:52 -------- d--h--w- c:\programdata\Common Files
2011-07-18 20:51 . 2011-08-05 16:53 -------- d-----w- c:\windows\system32\drivers\AVG
2011-07-18 20:51 . 2011-07-18 20:53 -------- d-----w- c:\programdata\AVG10
2011-07-18 20:47 . 2011-07-18 20:54 -------- d-----w- c:\programdata\MFAData
2011-07-14 20:20 . 2011-07-14 20:20 -------- d-----w- c:\program files\CCleaner
2011-07-14 14:06 . 2011-07-14 14:06 -------- d-----w- c:\users\The Reeve Family\AppData\Roaming\HPAppData
2011-07-13 18:01 . 2011-07-13 18:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-13 17:49 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 17:49 . 2011-06-03 06:57 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-13 17:49 . 2011-06-03 06:57 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 17:49 . 2011-06-03 06:53 338944 ----a-w- c:\windows\system32\conhost.exe
2011-07-13 17:49 . 2011-06-03 06:57 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-13 17:49 . 2011-06-03 06:57 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-13 17:49 . 2011-06-03 06:57 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-13 17:49 . 2011-06-03 06:00 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-13 17:49 . 2011-06-03 05:57 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-13 17:49 . 2011-06-03 05:56 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-13 17:49 . 2011-06-03 03:53 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-13 17:48 . 2011-06-03 03:53 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-13 17:11 . 2011-07-13 17:42 -------- d-----w- c:\users\HP New
2011-07-13 04:48 . 2011-08-05 18:51 -------- d-----w- c:\users\TEMP
2011-07-12 18:34 . 2011-07-12 18:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:34 . 2011-07-12 18:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-08 00:44 . 2011-07-08 00:48 -------- d-----w- c:\programdata\PhotoStitch
2011-07-07 23:57 . 2011-07-08 01:50 -------- d-----w- c:\users\The Reeve Family\AppData\Roaming\ZoomBrowser EX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-18 20:47 . 2010-01-29 23:53 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-07-07 02:52 . 2010-05-01 06:54 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 01:37 . 2011-07-06 01:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-07-06 01:37 . 2011-07-06 01:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-06-17 00:42 . 2011-06-06 05:44 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-03 05:57 . 2011-07-13 17:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 11:02 . 2009-12-01 22:28 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-05-28 11:02 . 2010-05-18 23:03 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-05-28 11:02 . 2010-06-02 23:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-05-28 11:02 . 2009-12-05 23:00 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-27 02:45 . 2009-12-01 22:27 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-05-27 02:45 . 2010-05-18 23:03 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-05-26 19:26 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-05-26 19:26 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-05-25 02:14 . 2009-12-06 14:40 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-29 15:18 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 15:18 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 15:18 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 15:18 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 15:18 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-10 15:06 . 2011-05-10 15:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 15:06 . 2011-05-10 15:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"L07AXLRD_2040898"="c:\program files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" [2006-06-10 351000]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2011-04-19 2334560]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-20 421736]
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2011-07-25 273544]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10s_ActiveX.exe" [2011-06-06 240288]
.
c:\users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 AppIDSvc32;Application Identity ;c:\windows\system32\mmcico32.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Netlogon32;Netlogon ;c:\windows\system32\NlsLexicons001332.exe [x]
R3 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-04-19 7398752]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-15 92216]
R3 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe [2011-07-21 4407664]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
R4 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 127784]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 DCamUSBNovatek;USB2.0 UVC Camera;c:\windows\system32\Drivers\nvtcam.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-03 c:\windows\Tasks\HPCeeScheduleForThe Reeve Family.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
2011-07-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-30 16335976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: grillflame.net\www
Trusted Zone: hp.com\h50203.www5
Trusted Zone: hp.com\www
Trusted Zone: mcafee.com
TCP: Interfaces\{F1A0FBCA-0112-4F48-9677-74A15FF817D4}: NameServer = 68.105.28.12,68.105.29.12
FF - ProfilePath - c:\users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 57131
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1088720637-78751619-3950019920-1000\Software\SecuROM\License information*]
"datasecu"=hex:08,97,33,34,fa,95,8a,2e,6b,af,e5,75,48,48,78,1c,4d,e8,f2,a0,88,
b0,21,82,04,0f,e2,47,3a,a2,ee,ad,7e,78,33,ec,67,b4,ce,f9,fa,9e,2a,77,3c,f0,\
"rkeysecu"=hex:60,fa,bb,39,2f,f0,f2,8d,87,2d,b0,36,24,c9,bc,ac
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"
"DisplayName"=expand:"@fdeploy.dll,-261"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"DisplayName"=expand:"@%SystemRoot%\\System32\\dskquota.dll,-100"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"%SystemRoot%\\System32\\dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"DisplayName"=expand:"@gptext.dll,-201"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4bcd6cde-777b-48b6-9804-43568e23545d}]
@DACL=(02 0000)
@="Remote Desktop USB Redirection"
"DllName"=expand:"%SystemRoot%\\System32\\TsUsbRedirectionGroupPolicyExtension.dll"
"RequiresSuccessfulRegistry"=dword:00000001
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"NoGPOListChanges"=dword:00000001
"NoUserPolicy"=dword:00000001
"DisplayName"=expand:"@%SystemRoot%\\System32\\TsUsbRedirectionGroupPolicyExtension.dll,-100"
"NoBackgroundPolicy"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
@DACL=(02 0000)
@="Windows Search Group Policy Extension"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"=expand:"%SystemRoot%\\System32\\srchadmin.dll"
"RequiresSuccessfulRegistry"=dword:00000001
"NoSlowLink"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoUserPolicy"=dword:00000000
"NoMachinePolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"EnableAsynchronousProcessing"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}]
@DACL=(02 0000)
@="Deployed Printer Connections"
"DisplayName"=expand:"@%systemroot%\\system32\\gpprnext.dll,-1"
"DllName"=expand:"%systemroot%\\system32\\gpprnext.dll"
"EnableAsynchronousProcessing"=dword:00000001
"ExtensionEventSource"=""
"GenerateGroupPolicy"="PrinterGenerateGroupPolicy"
"MaxNoGPOListChangesInterval"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000001
"NotifyLinkTransition"=dword:00000000
"NoUserPolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="PrinterProcessGroupPolicy"
"ProcessGroupPolicyEx"="PrinterProcessGroupPolicyEx"
"RequiresSuccessfulRegistry"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}]
@DACL=(02 0000)
@="TCPIP"
"DisplayName"=expand:"@gptext.dll,-204"
"ProcessGroupPolicy"="ProcessTCPIPPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicyEx"="ProcessIPSECPolicyEx"
"GenerateGroupPolicy"="GenerateIPSECPolicy"
"DllName"=expand:"%SystemRoot%\\System32\\polstore.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000
"DisplayName"=expand:"@c:\\Windows\\system32\\polstore.dll,-5012"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}]
@DACL=(02 0000)
@="Audit Policy Configuration"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"DllName"=expand:"auditcse.dll"
"NoUserPolicy"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
"ForceRefreshFG"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}]
@DACL=(02 0000)
@="Enterprise QoS"
"DisplayName"=expand:"@gptext.dll,-203"
"ProcessGroupPolicy"="ProcessEQoSPolicy"
"DllName"=expand:"gptext.dll"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}]
@DACL=(02 0000)
@="CP"
"DisplayName"=expand:"@gptext.dll,-205"
"ProcessGroupPolicy"="ProcessConnectivityPlatformPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2011-08-05 12:06:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-05 19:06
ComboFix2.txt 2011-07-11 02:17
ComboFix3.txt 2011-07-11 01:20
.
Pre-Run: 134,310,031,360 bytes free
Post-Run: 134,207,332,352 bytes free
.
- - End Of File - - BF2933307130203F69F7387F3CF81D31

#67
AZCMer

Posted 05 August 2011 - 03:44 PM

Member

Topic Starter
Member
108 posts

MBam log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7388

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

8/5/2011 2:33:39 PM
mbam-log-2011-08-05 (14-33-38).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 596946
Time elapsed: 2 hour(s), 3 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#68
Cold Titanium

Posted 06 August 2011 - 10:16 AM

Trusted Helper

Malware Removal
1,735 posts

We are going to run a boot-time scan with Avast. Doing so requires the removal of AVG. Afterwards you can reinstall it if you wish.

Download Avast! Anti-Virus free edition

Download the AVG Removal Tool and run it to remove AVG from your system.

Right click and Run As Administrator on Avast.

Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.

After it finishes, see if it found anything.

Then re-run ComboFix

#69
AZCMer

Posted 06 August 2011 - 07:40 PM

Member

Topic Starter
Member
108 posts

Ok. Thanks for your patience.

First of all, when I booted up this morning, I got a popup asking which program I wanted to open a file called 'The' with. I canceled that. All the times I've rebooted since have not brought this up again.

Removed AVG and brought in AVAST and ran a boot scan. AVAST did not find anything. When I rebooted, I reran ComboFix. Once that finished and I rebooted, I had to reset my internet connections. The error I got was 'DHCP not enabled for lan'. Now that I'm back online, here is the log:

ComboFix 11-08-06.02 - The Reeve Family 08/06/2011 17:59:25.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4410 [GMT -7:00]
Running from: c:\users\The Reeve Family\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-07 to 2011-08-07 )))))))))))))))))))))))))))))))
.
.
2011-08-07 01:06 . 2011-08-07 01:06 -------- d-----w- c:\users\Default\AppData\Local\tem
2011-08-06 21:34 . 2011-07-04 11:32 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-06 21:34 . 2011-07-04 11:36 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-06 21:34 . 2011-07-04 11:32 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-06 21:34 . 2011-07-04 11:35 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-06 21:34 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-06 21:34 . 2011-07-04 11:32 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-06 21:34 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-06 21:33 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-06 21:33 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-08-06 21:33 . 2011-08-06 21:33 -------- d-----w- c:\programdata\AVAST Software
2011-08-06 21:33 . 2011-08-06 21:33 -------- d-----w- c:\program files\AVAST Software
2011-08-06 02:56 . 2011-08-06 02:56 -------- d-----w- c:\windows\en
2011-08-06 02:51 . 2011-08-06 02:51 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ba4d10601cc53e301\MeshBetaRemover.exe
2011-08-05 15:56 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2011-08-05 15:56 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
2011-08-05 15:56 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2011-08-04 19:41 . 2008-06-16 10:00 55024 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2011-08-04 19:39 . 2011-08-04 19:39 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-08-04 19:39 . 2011-08-04 19:39 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2011-08-04 19:32 . 2011-08-04 19:32 -------- d-----w- c:\windows\SysWow64\syncdb
2011-08-01 18:23 . 2011-08-01 18:23 -------- d-----w- c:\program files (x86)\BitTorrent
2011-08-01 18:21 . 2011-08-03 04:24 -------- d-----w- c:\users\The Reeve Family\AppData\Roaming\BitTorrent
2011-07-28 08:00 . 2011-07-28 08:00 -------- d-----w- c:\users\The Reeve Family\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
2011-07-27 16:41 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E519DE36-3744-46AF-A2A4-F861340AC9F9}\mpengine.dll
2011-07-26 19:38 . 2011-07-26 19:38 -------- d-----w- C:\Seagate temp
2011-07-26 19:11 . 2011-07-07 02:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-26 19:11 . 2011-07-26 19:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-26 07:35 . 2011-07-26 07:35 -------- d-----w- c:\program files (x86)\Common Files\ffdshowEx
2011-07-25 20:28 . 2011-07-25 20:30 -------- d-----w- c:\users\The Reeve Family\AdobeLicensingFilesBackup
2011-07-25 15:17 . 2011-07-25 15:17 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2011-07-25 15:17 . 2011-07-25 15:17 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-07-25 15:17 . 2011-07-25 15:17 150712 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2011-07-25 15:17 . 2011-07-25 15:17 105472 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2011-07-25 15:16 . 2011-07-25 15:17 -------- d-----w- c:\program files (x86)\real
2011-07-22 16:24 . 2011-07-22 16:25 -------- d-----w- c:\program files\iTunes
2011-07-22 16:24 . 2011-07-22 16:25 -------- d-----w- c:\program files (x86)\iTunes
2011-07-22 16:24 . 2011-07-22 16:24 -------- d-----w- c:\program files\iPod
2011-07-22 16:22 . 2011-07-22 16:22 -------- d-----w- c:\program files\Bonjour
2011-07-22 16:22 . 2011-07-22 16:22 -------- d-----w- c:\program files (x86)\Bonjour
2011-07-18 22:38 . 2011-07-18 22:38 -------- d-----w- C:\$AVG
2011-07-18 20:54 . 2011-07-18 20:54 -------- d-----w- c:\users\The Reeve Family\AppData\Roaming\AVG10
2011-07-18 20:52 . 2011-07-18 20:52 -------- d--h--w- c:\programdata\Common Files
2011-07-18 20:51 . 2011-08-06 21:28 -------- d-----w- c:\programdata\AVG10
2011-07-18 20:47 . 2011-07-18 20:54 -------- d-----w- c:\programdata\MFAData
2011-07-14 20:20 . 2011-07-14 20:20 -------- d-----w- c:\program files\CCleaner
2011-07-14 14:06 . 2011-07-14 14:06 -------- d-----w- c:\users\The Reeve Family\AppData\Roaming\HPAppData
2011-07-13 18:01 . 2011-07-13 18:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-13 17:49 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 17:49 . 2011-06-03 06:57 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-13 17:49 . 2011-06-03 06:57 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 17:49 . 2011-06-03 06:53 338944 ----a-w- c:\windows\system32\conhost.exe
2011-07-13 17:49 . 2011-06-03 06:57 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-13 17:49 . 2011-06-03 06:57 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-13 17:49 . 2011-06-03 06:57 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-13 17:49 . 2011-06-03 06:00 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-13 17:49 . 2011-06-03 05:57 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-13 17:49 . 2011-06-03 05:56 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-13 17:49 . 2011-06-03 03:53 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-13 17:48 . 2011-06-03 03:53 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-13 17:11 . 2011-07-13 17:42 -------- d-----w- c:\users\HP New
2011-07-13 04:48 . 2011-08-05 18:51 -------- d-----w- c:\users\TEMP
2011-07-12 18:34 . 2011-07-12 18:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:34 . 2011-07-12 18:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-06 02:53 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-18 20:47 . 2010-01-29 23:53 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-07-07 02:52 . 2010-05-01 06:54 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 01:37 . 2011-07-06 01:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-07-06 01:37 . 2011-07-06 01:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-06-17 00:42 . 2011-06-06 05:44 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-03 05:57 . 2011-07-13 17:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 11:02 . 2009-12-01 22:28 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-05-28 11:02 . 2010-05-18 23:03 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-05-28 11:02 . 2010-06-02 23:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-05-28 11:02 . 2009-12-05 23:00 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-27 02:45 . 2009-12-01 22:27 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-05-27 02:45 . 2010-05-18 23:03 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-05-26 19:26 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-05-26 19:26 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-05-25 02:14 . 2009-12-06 14:40 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-29 15:18 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 15:18 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 15:18 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 15:18 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 15:18 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-13 23:03 . 2011-05-13 23:03 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2011-05-13 22:42 . 2011-05-13 22:42 302448 ----a-w- c:\windows\WLXPGSS.SCR
2011-05-10 15:06 . 2011-05-10 15:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 15:06 . 2011-05-10 15:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-05_18.59.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-08-05 16:52 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-08-07 00:39 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-08-05 16:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-07 00:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-21 19:32 . 2011-08-07 01:11 99156 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-07 01:11 46102 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-26 03:08 . 2011-08-07 01:11 32062 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1088720637-78751619-3950019920-1000_UserData.bin
+ 2010-07-04 14:17 . 2011-08-07 01:08 16966 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat
- 2010-07-04 14:17 . 2011-08-05 18:59 16966 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat
+ 2009-11-26 07:04 . 2011-08-07 01:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-26 07:04 . 2011-08-05 16:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-26 07:04 . 2011-08-05 16:48 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-26 07:04 . 2011-08-07 01:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-26 07:04 . 2011-08-05 16:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-26 07:04 . 2011-08-07 01:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-26 03:12 . 2011-08-07 01:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-26 03:12 . 2011-08-05 18:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-26 03:12 . 2011-08-05 18:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-26 03:12 . 2011-08-07 01:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-06 02:52 . 2011-08-06 02:52 24576 c:\windows\Installer\1a07b97.msp
+ 2010-10-27 03:00 . 2010-10-27 03:00 56832 c:\windows\Installer\1a07b90.msi
+ 2011-08-06 02:52 . 2011-08-06 02:52 30720 c:\windows\Installer\1a07b8b.msp
+ 2010-10-27 03:00 . 2010-10-27 03:00 74240 c:\windows\Installer\1a07b86.msi
+ 2011-08-06 02:52 . 2011-08-06 02:52 23552 c:\windows\Installer\1a07b81.msp
+ 2010-10-27 03:00 . 2010-10-27 03:00 29696 c:\windows\Installer\1a07b7c.msi
+ 2011-08-06 02:52 . 2011-08-06 02:52 60416 c:\windows\Installer\1a07b76.msp
+ 2011-08-06 02:52 . 2011-08-06 02:52 29184 c:\windows\Installer\1a07b1b.msp
+ 2011-08-06 02:52 . 2011-08-06 02:52 67072 c:\windows\Installer\1a07b11.msi
+ 2011-08-06 02:51 . 2011-08-06 02:51 39936 c:\windows\Installer\1a079aa.msp
+ 2010-10-27 02:59 . 2010-10-27 02:59 74240 c:\windows\Installer\1a079a5.msi
+ 2011-08-06 02:51 . 2011-08-06 02:51 26112 c:\windows\Installer\1a0799c.msi
+ 2011-08-06 02:54 . 2011-08-06 02:54 80395 c:\windows\Installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}\MsblIco.Exe
+ 2011-08-06 03:00 . 2011-08-06 03:00 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\b157714d9a1eecaee02d81f42659673d\WindowsLiveWriter.ni.exe
+ 2011-08-06 03:00 . 2011-08-06 03:00 80896 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5021733bc84350d4e639b00f51bad421\WindowsLive.Writer.Passport.ni.dll
- 2011-08-05 18:58 . 2011-08-05 18:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-07 01:07 . 2011-08-07 01:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-05 18:58 . 2011-08-05 18:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-07 01:07 . 2011-08-07 01:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-29 03:31 . 2011-03-29 03:31 209280 c:\windows\SysWOW64\LIVESSP.DLL
- 2010-09-21 21:49 . 2010-09-21 21:49 252800 c:\windows\system32\LIVESSP.DLL
+ 2011-03-29 04:11 . 2011-03-29 04:11 252800 c:\windows\system32\LIVESSP.DLL
- 2009-07-14 05:01 . 2011-08-05 18:57 329124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-08-07 01:07 329124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-27 03:00 . 2010-10-27 03:00 153600 c:\windows\Installer\1a07b71.msi
+ 2011-08-06 02:52 . 2011-08-06 02:52 509952 c:\windows\Installer\1a07b5a.msp
+ 2011-08-06 02:52 . 2011-08-06 02:52 636416 c:\windows\Installer\1a07b50.msp
+ 2011-08-06 02:52 . 2011-08-06 02:52 468480 c:\windows\Installer\1a07b38.msp
+ 2011-08-06 02:52 . 2011-08-06 02:52 626688 c:\windows\Installer\1a07b29.msp
+ 2011-08-06 02:52 . 2011-08-06 02:52 205824 c:\windows\Installer\1a07ae9.msp
+ 2010-10-27 03:00 . 2010-10-27 03:00 775168 c:\windows\Installer\1a07ae0.msi
+ 2011-08-06 02:51 . 2011-08-06 02:51 715264 c:\windows\Installer\1a07a0b.msp
+ 2011-08-06 02:51 . 2011-08-06 02:51 136704 c:\windows\Installer\1a079e1.msp
+ 2010-10-27 03:00 . 2010-10-27 03:00 429056 c:\windows\Installer\1a079dc.msi
+ 2011-08-06 03:00 . 2011-08-06 03:00 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\02110a6f87ffcb2c40ceee71def8834d\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2011-08-06 03:00 . 2011-08-06 03:00 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8dedee905cdb043a3f38f5f25d14532d\WindowsLive.Writer.Mshtml.ni.dll
+ 2011-08-06 03:00 . 2011-08-06 03:00 156672 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\892c55a38fa06d5772403fa5badb6fe1\WindowsLive.Writer.HtmlParser.ni.dll
+ 2011-08-06 03:00 . 2011-08-06 03:00 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\874448785f46950fafe2b985bf141fde\WindowsLive.Writer.SpellChecker.ni.dll
+ 2011-08-06 03:00 . 2011-08-06 03:00 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\778a0688350cf9fca7a63ac412bb0553\WindowsLive.Writer.Interop.ni.dll
+ 2011-08-06 03:00 . 2011-08-06 03:00 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6826e9a87c71e98d1d7096c1d34f38b4\WindowsLive.Writer.Extensibility.ni.dll
+ 2011-08-06 03:00 . 2011-08-06 03:00 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5f1bf2163683d96aa713bd3027f023ca\WindowsLive.Writer.BlogClient.ni.dll
+ 2011-08-06 03:00 . 2011-08-06 03:00 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\56550d800bd929d19a15a794bb60c711\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2011-08-06 03:00 . 2011-08-06 03:00 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\360c3474e29d4b032c6a93bfc61aff00\WindowsLive.Writer.FileDestinations.ni.dll
+ 2011-08-06 03:00 . 2011-08-06 03:00 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2fd0e0605143ef5f3a853312f78dae36\WindowsLive.Writer.Api.ni.dll
+ 2011-08-06 03:00 . 2011-08-06 03:00 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\151f9aee909569971f120f49d9d6086d\WindowsLive.Writer.BrowserControl.ni.dll
+ 2011-08-06 03:00 . 2011-08-06 03:00 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\10b4b88976e779c6d348fd079ae7229c\WindowsLive.Writer.Instrumentation.ni.dll
+ 2011-08-06 03:00 . 2011-08-06 03:00 374272 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0403af327e2ce5bab0bb0cf8464f7b60\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2011-08-06 03:00 . 2011-08-06 03:00 780800 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\037db0a0b200ca58c37f9c0191a116fc\WindowsLive.Writer.Controls.ni.dll
+ 2011-08-06 03:00 . 2011-08-06 03:00 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\dc40bf7a05469f0c9961d33b7d6681a3\WindowsLive.Client.ni.dll
- 2009-07-14 04:54 . 2011-08-05 16:52 2015232 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-07 00:39 2015232 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-06 02:52 . 2011-08-06 02:52 2146816 c:\windows\Installer\1a07b6b.msp
+ 2010-10-27 03:00 . 2010-10-27 03:00 4250112 c:\windows\Installer\1a07b60.msi
+ 2010-10-27 03:00 . 2010-10-27 03:00 4175360 c:\windows\Installer\1a07b55.msi
+ 2010-10-27 03:00 . 2010-10-27 03:00 3410944 c:\windows\Installer\1a07b4a.msi
+ 2011-08-06 02:52 . 2011-08-06 02:52 6661632 c:\windows\Installer\1a07b45.msi
+ 2010-10-27 03:00 . 2010-10-27 03:00 1070592 c:\windows\Installer\1a07b2e.msi
+ 2010-10-27 03:00 . 2010-10-27 03:00 1492992 c:\windows\Installer\1a07b20.msi
+ 2011-08-06 02:52 . 2011-08-06 02:52 1828864 c:\windows\Installer\1a07b0b.msp
+ 2010-10-27 03:00 . 2010-10-27 03:00 3454976 c:\windows\Installer\1a07b02.msi
+ 2011-08-06 02:52 . 2011-08-06 02:52 3103744 c:\windows\Installer\1a07afc.msp
+ 2010-10-27 03:00 . 2010-10-27 03:00 6195200 c:\windows\Installer\1a07af1.msi
+ 2011-08-06 02:52 . 2011-08-06 02:52 3731968 c:\windows\Installer\1a07ad7.msp
+ 2011-08-06 02:51 . 2011-08-06 02:51 2956288 c:\windows\Installer\1a07a8f.msp
+ 2010-10-27 03:00 . 2010-10-27 03:00 8313856 c:\windows\Installer\1a07a75.msi
+ 2011-08-06 02:51 . 2011-08-06 02:51 5872128 c:\windows\Installer\1a07a70.msp
+ 2011-08-06 02:51 . 2011-08-06 02:51 3313152 c:\windows\Installer\1a07a2f.msp
+ 2010-10-27 03:00 . 2010-10-27 03:00 8332288 c:\windows\Installer\1a07a13.msi
+ 2011-08-06 02:51 . 2011-08-06 02:51 2310656 c:\windows\Installer\1a079fa.msi
+ 2011-08-06 02:51 . 2011-08-06 02:51 1139200 c:\windows\Installer\1a079f2.msp
+ 2010-10-27 03:00 . 2010-10-27 03:00 4004864 c:\windows\Installer\1a079e6.msi
+ 2011-08-06 02:51 . 2011-08-06 02:51 2933248 c:\windows\Installer\1a079d7.msp
+ 2010-10-27 03:00 . 2010-10-27 03:00 7710720 c:\windows\Installer\1a079c3.msi
+ 2011-08-06 02:51 . 2011-08-06 02:51 4425728 c:\windows\Installer\1a079be.msp
+ 2010-10-27 02:59 . 2010-10-27 02:59 9433088 c:\windows\Installer\1a079af.msi
+ 2011-08-06 02:51 . 2011-08-06 02:51 8822784 c:\windows\Installer\1a07998.msi
+ 2010-09-23 07:17 . 2010-09-23 07:17 1204584 c:\windows\Installer\$PatchCache$\Managed\032440EF5AC97F34B985A55C2AA8F133\15.4.3502\wlarp.exe
+ 2011-08-06 03:00 . 2011-08-06 03:00 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b77219effe571078c2c191966dfed6a6\WindowsLive.Writer.Localization.ni.dll
+ 2011-08-06 03:00 . 2011-08-06 03:00 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9fd12277f004a6ca2c7f77b7ee0d0a64\WindowsLive.Writer.CoreServices.ni.dll
+ 2011-08-06 03:00 . 2011-08-06 03:00 1285632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9d2f444ed259c37d17a6b961ec01a67b\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2011-08-06 03:00 . 2011-08-06 03:00 7025152 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8271226662dfed651808c9791c66f09d\WindowsLive.Writer.PostEditor.ni.dll
+ 2009-11-26 17:37 . 2011-08-07 01:07 13305220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1088720637-78751619-3950019920-1000-8192.dat
- 2009-11-26 17:37 . 2011-08-05 18:57 13305220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1088720637-78751619-3950019920-1000-8192.dat
+ 2010-10-27 03:00 . 2010-10-27 03:00 11846656 c:\windows\Installer\1a07ace.msi
+ 2011-08-06 02:52 . 2011-08-06 02:52 14623744 c:\windows\Installer\1a07ac6.msp
+ 2010-10-27 03:00 . 2010-10-27 03:00 34193408 c:\windows\Installer\1a07a9a.msi
+ 2010-10-27 03:00 . 2010-10-27 03:00 13850624 c:\windows\Installer\1a07a59.msi
+ 2011-08-06 02:51 . 2011-08-06 02:51 22647296 c:\windows\Installer\1a07a42.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"L07AXLRD_2040898"="c:\program files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" [2006-06-10 351000]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-20 421736]
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2011-07-25 273544]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10s_ActiveX.exe" [2011-06-06 240288]
.
c:\users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 AppIDSvc32;Application Identity ;c:\windows\system32\mmcico32.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Netlogon32;Netlogon ;c:\windows\system32\NlsLexicons001332.exe [x]
R3 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-15 92216]
R3 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe [2011-07-21 4407664]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
R4 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 127784]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 DCamUSBNovatek;USB2.0 UVC Camera;c:\windows\system32\Drivers\nvtcam.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-03 c:\windows\Tasks\HPCeeScheduleForThe Reeve Family.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
2011-07-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-30 16335976]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: grillflame.net\www
Trusted Zone: hp.com\h50203.www5
Trusted Zone: hp.com\www
Trusted Zone: mcafee.com
TCP: Interfaces\{F1A0FBCA-0112-4F48-9677-74A15FF817D4}: NameServer = 68.105.28.12,68.105.29.12
FF - ProfilePath - c:\users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 57131
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1088720637-78751619-3950019920-1000\Software\SecuROM\License information*]
"datasecu"=hex:08,97,33,34,fa,95,8a,2e,6b,af,e5,75,48,48,78,1c,4d,e8,f2,a0,88,
b0,21,82,04,0f,e2,47,3a,a2,ee,ad,7e,78,33,ec,67,b4,ce,f9,fa,9e,2a,77,3c,f0,\
"rkeysecu"=hex:60,fa,bb,39,2f,f0,f2,8d,87,2d,b0,36,24,c9,bc,ac
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"
"DisplayName"=expand:"@fdeploy.dll,-261"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"DisplayName"=expand:"@%SystemRoot%\\System32\\dskquota.dll,-100"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"%SystemRoot%\\System32\\dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"DisplayName"=expand:"@gptext.dll,-201"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4bcd6cde-777b-48b6-9804-43568e23545d}]
@DACL=(02 0000)
@="Remote Desktop USB Redirection"
"DllName"=expand:"%SystemRoot%\\System32\\TsUsbRedirectionGroupPolicyExtension.dll"
"RequiresSuccessfulRegistry"=dword:00000001
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"NoGPOListChanges"=dword:00000001
"NoUserPolicy"=dword:00000001
"DisplayName"=expand:"@%SystemRoot%\\System32\\TsUsbRedirectionGroupPolicyExtension.dll,-100"
"NoBackgroundPolicy"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
@DACL=(02 0000)
@="Windows Search Group Policy Extension"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"=expand:"%SystemRoot%\\System32\\srchadmin.dll"
"RequiresSuccessfulRegistry"=dword:00000001
"NoSlowLink"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoUserPolicy"=dword:00000000
"NoMachinePolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"EnableAsynchronousProcessing"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}]
@DACL=(02 0000)
@="Deployed Printer Connections"
"DisplayName"=expand:"@%systemroot%\\system32\\gpprnext.dll,-1"
"DllName"=expand:"%systemroot%\\system32\\gpprnext.dll"
"EnableAsynchronousProcessing"=dword:00000001
"ExtensionEventSource"=""
"GenerateGroupPolicy"="PrinterGenerateGroupPolicy"
"MaxNoGPOListChangesInterval"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000001
"NotifyLinkTransition"=dword:00000000
"NoUserPolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="PrinterProcessGroupPolicy"
"ProcessGroupPolicyEx"="PrinterProcessGroupPolicyEx"
"RequiresSuccessfulRegistry"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}]
@DACL=(02 0000)
@="TCPIP"
"DisplayName"=expand:"@gptext.dll,-204"
"ProcessGroupPolicy"="ProcessTCPIPPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicyEx"="ProcessIPSECPolicyEx"
"GenerateGroupPolicy"="GenerateIPSECPolicy"
"DllName"=expand:"%SystemRoot%\\System32\\polstore.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000
"DisplayName"=expand:"@c:\\Windows\\system32\\polstore.dll,-5012"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}]
@DACL=(02 0000)
@="Audit Policy Configuration"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"DllName"=expand:"auditcse.dll"
"NoUserPolicy"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
"ForceRefreshFG"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}]
@DACL=(02 0000)
@="Enterprise QoS"
"DisplayName"=expand:"@gptext.dll,-203"
"ProcessGroupPolicy"="ProcessEQoSPolicy"
"DllName"=expand:"gptext.dll"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}]
@DACL=(02 0000)
@="CP"
"DisplayName"=expand:"@gptext.dll,-205"
"ProcessGroupPolicy"="ProcessConnectivityPlatformPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
**************************************************************************
.
Completion time: 2011-08-06 18:17:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-07 01:17
ComboFix2.txt 2011-08-05 19:06
ComboFix3.txt 2011-07-11 02:17
ComboFix4.txt 2011-07-11 01:20
.
Pre-Run: 133,148,835,840 bytes free
Post-Run: 133,088,624,640 bytes free
.
- - End Of File - - 386565BD636ECC4869737C438C7F222D

#70
Cold Titanium

Posted 08 August 2011 - 04:32 PM

Trusted Helper

Malware Removal
1,735 posts

If CF asks to update, let it

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

DDS::
R2 AppIDSvc32;Application Identity ;c:\windows\system32\mmcico32.exe [x]
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 57131

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

#71
AZCMer

Posted 08 August 2011 - 08:34 PM

Member

Topic Starter
Member
108 posts

I created the txt file with the code you requested and called it just as you requested. I then dragged it to ComboFix. ComboFix requested to update and I allowed it and it then ran. I hope I did this correctly. Here is the log:

ComboFix 11-08-08.03 - The Reeve Family 08/08/2011 18:46:06.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4256 [GMT -7:00]
Running from: c:\users\The Reeve Family\Desktop\ComboFix.exe
Command switches used :: c:\users\The Reeve Family\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 )))))))))))))))))))))))))))))))
.
.
2011-08-09 01:59 . 2011-08-09 01:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-07 21:54 . 2011-05-23 07:32 5777200 ----a-w- c:\program files\Internet Explorer\ienrbreakaway.exe
2011-08-06 21:34 . 2011-07-04 11:32 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-06 21:34 . 2011-07-04 11:36 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-06 21:34 . 2011-07-04 11:32 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-06 21:34 . 2011-07-04 11:35 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-06 21:34 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-06 21:34 . 2011-07-04 11:32 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-06 21:34 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-06 21:33 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-06 21:33 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-08-06 21:33 . 2011-08-06 21:33 -------- d-----w- c:\programdata\AVAST Software
2011-08-06 21:33 . 2011-08-06 21:33 -------- d-----w- c:\program files\AVAST Software
2011-08-06 02:56 . 2011-08-06 02:56 -------- d-----w- c:\windows\en
2011-08-06 02:51 . 2011-08-06 02:51 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ba4d10601cc53e301\MeshBetaRemover.exe
2011-08-05 15:56 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2011-08-05 15:56 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
2011-08-05 15:56 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2011-08-04 19:41 . 2008-06-16 10:00 55024 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2011-08-04 19:39 . 2011-08-04 19:39 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-08-04 19:39 . 2011-08-04 19:39 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2011-08-04 19:32 . 2011-08-04 19:32 -------- d-----w- c:\windows\SysWow64\syncdb
2011-08-01 18:23 . 2011-08-01 18:23 -------- d-----w- c:\program files (x86)\BitTorrent
2011-08-01 18:21 . 2011-08-03 04:24 -------- d-----w- c:\users\The Reeve Family\AppData\Roaming\BitTorrent
2011-07-28 08:00 . 2011-07-28 08:00 -------- d-----w- c:\users\The Reeve Family\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
2011-07-27 16:41 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E519DE36-3744-46AF-A2A4-F861340AC9F9}\mpengine.dll
2011-07-26 19:38 . 2011-07-26 19:38 -------- d-----w- C:\Seagate temp
2011-07-26 19:11 . 2011-07-07 02:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-26 19:11 . 2011-07-26 19:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-26 07:35 . 2011-07-26 07:35 -------- d-----w- c:\program files (x86)\Common Files\ffdshowEx
2011-07-25 20:28 . 2011-07-25 20:30 -------- d-----w- c:\users\The Reeve Family\AdobeLicensingFilesBackup
2011-07-25 15:17 . 2011-07-25 15:17 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2011-07-25 15:17 . 2011-07-25 15:17 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-07-25 15:17 . 2011-07-25 15:17 150712 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2011-07-25 15:17 . 2011-07-25 15:17 105472 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2011-07-25 15:16 . 2011-07-25 15:17 -------- d-----w- c:\program files (x86)\real
2011-07-22 16:24 . 2011-07-22 16:25 -------- d-----w- c:\program files\iTunes
2011-07-22 16:24 . 2011-07-22 16:25 -------- d-----w- c:\program files (x86)\iTunes
2011-07-22 16:24 . 2011-07-22 16:24 -------- d-----w- c:\program files\iPod
2011-07-22 16:22 . 2011-07-22 16:22 -------- d-----w- c:\program files\Bonjour
2011-07-22 16:22 . 2011-07-22 16:22 -------- d-----w- c:\program files (x86)\Bonjour
2011-07-18 22:38 . 2011-07-18 22:38 -------- d-----w- C:\$AVG
2011-07-18 20:54 . 2011-07-18 20:54 -------- d-----w- c:\users\The Reeve Family\AppData\Roaming\AVG10
2011-07-18 20:52 . 2011-07-18 20:52 -------- d--h--w- c:\programdata\Common Files
2011-07-18 20:51 . 2011-08-06 21:28 -------- d-----w- c:\programdata\AVG10
2011-07-18 20:47 . 2011-07-18 20:54 -------- d-----w- c:\programdata\MFAData
2011-07-14 20:20 . 2011-07-14 20:20 -------- d-----w- c:\program files\CCleaner
2011-07-14 14:06 . 2011-07-14 14:06 -------- d-----w- c:\users\The Reeve Family\AppData\Roaming\HPAppData
2011-07-13 18:01 . 2011-07-13 18:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-13 17:49 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 17:49 . 2011-06-03 06:57 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-13 17:49 . 2011-06-03 06:57 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 17:49 . 2011-06-03 06:53 338944 ----a-w- c:\windows\system32\conhost.exe
2011-07-13 17:49 . 2011-06-03 06:57 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-13 17:49 . 2011-06-03 06:57 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-13 17:49 . 2011-06-03 06:57 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-13 17:49 . 2011-06-03 06:00 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-13 17:49 . 2011-06-03 05:57 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-13 17:49 . 2011-06-03 05:56 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-13 17:49 . 2011-06-03 03:53 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-13 17:48 . 2011-06-03 03:53 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-13 17:11 . 2011-07-13 17:42 -------- d-----w- c:\users\HP New
2011-07-13 04:48 . 2011-08-05 18:51 -------- d-----w- c:\users\TEMP
2011-07-12 18:34 . 2011-07-12 18:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:34 . 2011-07-12 18:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-06 02:53 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-18 20:47 . 2010-01-29 23:53 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-07-07 02:52 . 2010-05-01 06:54 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 01:37 . 2011-07-06 01:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-07-06 01:37 . 2011-07-06 01:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-06-17 00:42 . 2011-06-06 05:44 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-03 05:57 . 2011-07-13 17:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 11:02 . 2009-12-01 22:28 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-05-28 11:02 . 2010-05-18 23:03 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-05-28 11:02 . 2010-06-02 23:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-05-28 11:02 . 2009-12-05 23:00 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-27 02:45 . 2009-12-01 22:27 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-05-27 02:45 . 2010-05-18 23:03 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-05-26 19:26 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-05-26 19:26 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-05-25 02:14 . 2009-12-06 14:40 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-29 15:18 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 15:18 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 15:18 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 15:18 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 15:18 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-13 23:03 . 2011-05-13 23:03 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2011-05-13 22:42 . 2011-05-13 22:42 302448 ----a-w- c:\windows\WLXPGSS.SCR
.
.
((((((((((((((((((((((((((((( SnapShot_2011-08-07_01.10.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-07 21:53 . 2011-08-07 21:53 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2011-08-07 21:53 . 2011-08-07 21:53 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2011-08-07 21:53 . 2011-08-07 21:53 54272 c:\windows\SysWOW64\pngfilt.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 48640 c:\windows\SysWOW64\mshtmler.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 11776 c:\windows\SysWOW64\mshta.exe
+ 2011-08-07 21:53 . 2011-08-07 21:53 10752 c:\windows\SysWOW64\msfeedssync.exe
+ 2011-08-07 21:53 . 2011-08-07 21:53 41472 c:\windows\SysWOW64\msfeedsbs.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 23552 c:\windows\SysWOW64\licmgr10.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 78848 c:\windows\SysWOW64\inseng.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 35840 c:\windows\SysWOW64\imgutil.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 86528 c:\windows\SysWOW64\iesysprep.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 74752 c:\windows\SysWOW64\iesetup.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 31744 c:\windows\SysWOW64\iernonce.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 74240 c:\windows\SysWOW64\ie4uinit.exe
+ 2011-08-07 21:53 . 2011-08-07 21:53 66048 c:\windows\SysWOW64\icardie.dll
- 2009-07-14 04:54 . 2011-08-07 00:39 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-08-09 02:01 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-08-07 00:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-09 02:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-21 19:32 . 2011-08-09 02:02 99724 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-09 02:02 46570 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-26 03:08 . 2011-08-09 02:02 32294 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1088720637-78751619-3950019920-1000_UserData.bin
+ 2011-08-07 21:53 . 2011-08-07 21:53 91648 c:\windows\system32\SetIEInstalledDate.exe
+ 2011-08-07 21:53 . 2011-08-07 21:53 89088 c:\windows\system32\RegisterIEPKEYs.exe
+ 2011-08-07 21:53 . 2011-08-07 21:53 65024 c:\windows\system32\pngfilt.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 48640 c:\windows\system32\mshtmler.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 96256 c:\windows\system32\mshtmled.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 12288 c:\windows\system32\mshta.exe
+ 2011-08-07 21:53 . 2011-08-07 21:53 10752 c:\windows\system32\msfeedssync.exe
+ 2011-08-07 21:53 . 2011-08-07 21:53 55296 c:\windows\system32\msfeedsbs.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 30720 c:\windows\system32\licmgr10.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 85504 c:\windows\system32\jsproxy.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 49664 c:\windows\system32\imgutil.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 85504 c:\windows\system32\iesetup.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 39936 c:\windows\system32\iernonce.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 89088 c:\windows\system32\ie4uinit.exe
+ 2011-08-07 21:53 . 2011-08-07 21:53 82432 c:\windows\system32\icardie.dll
- 2010-07-04 14:17 . 2011-08-07 01:08 16966 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat
+ 2010-07-04 14:17 . 2011-08-09 02:01 16966 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat
+ 2009-11-26 03:00 . 2011-08-08 15:52 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-26 03:00 . 2011-08-01 18:25 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-07 21:53 . 2011-08-08 15:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-01 18:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-08 15:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-26 07:04 . 2011-08-07 01:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-26 07:04 . 2011-08-07 19:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-08-08 17:06 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-11-26 07:04 . 2011-08-07 01:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-26 07:04 . 2011-08-07 19:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-26 07:04 . 2011-08-07 19:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-26 07:04 . 2011-08-07 01:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-26 03:12 . 2011-08-07 23:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-26 03:12 . 2011-08-07 01:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-26 03:12 . 2011-08-07 23:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-26 03:12 . 2011-08-07 01:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-18 07:24 . 2011-08-05 16:11 3460 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2009-12-18 07:24 . 2011-08-07 15:18 3460 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-08-09 02:01 . 2011-08-09 02:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-07 01:07 . 2011-08-07 01:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-09 02:01 . 2011-08-09 02:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-07 01:07 . 2011-08-07 01:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-07 21:53 . 2011-08-07 21:53 152064 c:\windows\SysWOW64\wextract.exe
+ 2011-08-07 21:53 . 2011-08-07 21:53 203776 c:\windows\SysWOW64\webcheck.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 420864 c:\windows\SysWOW64\vbscript.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 231936 c:\windows\SysWOW64\url.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 123392 c:\windows\SysWOW64\occache.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 162304 c:\windows\SysWOW64\msrating.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 161792 c:\windows\SysWOW64\msls31.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 580608 c:\windows\SysWOW64\msfeeds.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 716800 c:\windows\SysWOW64\jscript.dll
- 2011-04-14 00:17 . 2011-02-18 05:41 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 150528 c:\windows\SysWOW64\iexpress.exe
+ 2011-08-07 21:53 . 2011-08-07 21:53 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2011-07-14 20:42 . 2011-04-22 19:09 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 118784 c:\windows\SysWOW64\iepeers.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 353584 c:\windows\SysWOW64\iedkcs32.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 434176 c:\windows\SysWOW64\ieapfltr.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 163840 c:\windows\SysWOW64\ieakui.dll
- 2009-07-13 23:42 . 2009-07-14 01:05 163840 c:\windows\SysWOW64\ieakui.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 227840 c:\windows\SysWOW64\ieaksie.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 130560 c:\windows\SysWOW64\ieakeng.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 110592 c:\windows\SysWOW64\IEAdvpack.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 223232 c:\windows\SysWOW64\dxtrans.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 353792 c:\windows\SysWOW64\dxtmsft.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 101888 c:\windows\SysWOW64\admparse.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 160256 c:\windows\system32\wextract.exe
+ 2011-08-07 21:53 . 2011-08-07 21:53 249344 c:\windows\system32\webcheck.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 603648 c:\windows\system32\vbscript.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 236544 c:\windows\system32\url.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 149504 c:\windows\system32\occache.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 197120 c:\windows\system32\msrating.dll
- 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system32\msls31.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 222208 c:\windows\system32\msls31.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 697344 c:\windows\system32\msfeeds.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 818176 c:\windows\system32\jscript.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 103936 c:\windows\system32\inseng.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 165888 c:\windows\system32\iexpress.exe
+ 2011-08-07 21:53 . 2011-08-07 21:53 173056 c:\windows\system32\ieUnatt.exe
+ 2011-08-07 21:53 . 2011-08-07 21:53 248320 c:\windows\system32\ieui.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 111616 c:\windows\system32\iesysprep.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 145920 c:\windows\system32\iepeers.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 403248 c:\windows\system32\iedkcs32.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 534528 c:\windows\system32\ieapfltr.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 163840 c:\windows\system32\ieakui.dll
- 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system32\ieakui.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 267776 c:\windows\system32\ieaksie.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system32\ieaksie.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 160256 c:\windows\system32\ieakeng.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 135168 c:\windows\system32\IEAdvpack.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 282112 c:\windows\system32\dxtrans.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 452608 c:\windows\system32\dxtmsft.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 114176 c:\windows\system32\admparse.dll
+ 2009-07-14 05:01 . 2011-08-09 02:00 329124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-08-07 01:07 329124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-07 21:53 . 2011-08-07 21:53 1126912 c:\windows\SysWOW64\wininet.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 1102336 c:\windows\SysWOW64\urlmon.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 1797632 c:\windows\SysWOW64\jscript9.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 1785344 c:\windows\SysWOW64\iertutil.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 9703936 c:\windows\SysWOW64\ieframe.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 3695416 c:\windows\SysWOW64\ieapfltr.dat
- 2009-07-14 04:54 . 2011-08-07 00:39 2015232 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-09 02:01 2015232 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-07 21:53 . 2011-08-07 21:53 1389056 c:\windows\system32\wininet.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 1344000 c:\windows\system32\urlmon.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 2303488 c:\windows\system32\jscript9.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 2136064 c:\windows\system32\iertutil.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 3695416 c:\windows\system32\ieapfltr.dat
- 2009-07-14 04:45 . 2011-07-26 20:47 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-08-07 23:11 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-11-26 17:37 . 2011-08-09 02:00 4110232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-09-29 07:17 . 2011-08-09 02:00 4565780 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1088720637-78751619-3950019920-1000-4096.dat
+ 2011-08-07 21:53 . 2011-08-07 21:53 12269056 c:\windows\SysWOW64\mshtml.dll
- 2009-07-14 02:34 . 2011-07-14 20:55 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-08-07 23:08 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-08-07 21:53 . 2011-08-07 21:53 17773568 c:\windows\system32\mshtml.dll
+ 2011-08-07 21:53 . 2011-08-07 21:53 10885632 c:\windows\system32\ieframe.dll
+ 2009-11-26 17:37 . 2011-08-09 02:00 13305220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1088720637-78751619-3950019920-1000-8192.dat
- 2009-11-26 17:37 . 2011-08-07 01:07 13305220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1088720637-78751619-3950019920-1000-8192.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"L07AXLRD_2040898"="c:\program files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" [2006-06-10 351000]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-20 421736]
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2011-07-25 273544]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10s_ActiveX.exe" [2011-06-06 240288]
.
c:\users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 AppIDSvc32;Application Identity ;c:\windows\system32\mmcico32.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Netlogon32;Netlogon ;c:\windows\system32\NlsLexicons001332.exe [x]
R3 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-15 92216]
R3 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe [2011-07-21 4407664]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
R4 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 127784]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 DCamUSBNovatek;USB2.0 UVC Camera;c:\windows\system32\Drivers\nvtcam.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-09 c:\windows\Tasks\HPCeeScheduleForThe Reeve Family.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
2011-07-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-30 16335976]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: grillflame.net\www
Trusted Zone: hp.com\h50203.www5
Trusted Zone: hp.com\www
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{F1A0FBCA-0112-4F48-9677-74A15FF817D4}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
FF - ProfilePath - c:\users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 57131
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1088720637-78751619-3950019920-1000\Software\SecuROM\License information*]
"datasecu"=hex:08,97,33,34,fa,95,8a,2e,6b,af,e5,75,48,48,78,1c,4d,e8,f2,a0,88,
b0,21,82,04,0f,e2,47,3a,a2,ee,ad,7e,78,33,ec,67,b4,ce,f9,fa,9e,2a,77,3c,f0,\
"rkeysecu"=hex:60,fa,bb,39,2f,f0,f2,8d,87,2d,b0,36,24,c9,bc,ac
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"
"DisplayName"=expand:"@fdeploy.dll,-261"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"DisplayName"=expand:"@%SystemRoot%\\System32\\dskquota.dll,-100"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"%SystemRoot%\\System32\\dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"DisplayName"=expand:"@gptext.dll,-201"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4bcd6cde-777b-48b6-9804-43568e23545d}]
@DACL=(02 0000)
@="Remote Desktop USB Redirection"
"DllName"=expand:"%SystemRoot%\\System32\\TsUsbRedirectionGroupPolicyExtension.dll"
"RequiresSuccessfulRegistry"=dword:00000001
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"NoGPOListChanges"=dword:00000001
"NoUserPolicy"=dword:00000001
"DisplayName"=expand:"@%SystemRoot%\\System32\\TsUsbRedirectionGroupPolicyExtension.dll,-100"
"NoBackgroundPolicy"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
@DACL=(02 0000)
@="Windows Search Group Policy Extension"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"=expand:"%SystemRoot%\\System32\\srchadmin.dll"
"RequiresSuccessfulRegistry"=dword:00000001
"NoSlowLink"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoUserPolicy"=dword:00000000
"NoMachinePolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"EnableAsynchronousProcessing"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}]
@DACL=(02 0000)
@="Deployed Printer Connections"
"DisplayName"=expand:"@%systemroot%\\system32\\gpprnext.dll,-1"
"DllName"=expand:"%systemroot%\\system32\\gpprnext.dll"
"EnableAsynchronousProcessing"=dword:00000001
"ExtensionEventSource"=""
"GenerateGroupPolicy"="PrinterGenerateGroupPolicy"
"MaxNoGPOListChangesInterval"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000001
"NotifyLinkTransition"=dword:00000000
"NoUserPolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="PrinterProcessGroupPolicy"
"ProcessGroupPolicyEx"="PrinterProcessGroupPolicyEx"
"RequiresSuccessfulRegistry"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}]
@DACL=(02 0000)
@="TCPIP"
"DisplayName"=expand:"@gptext.dll,-204"
"ProcessGroupPolicy"="ProcessTCPIPPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicyEx"="ProcessIPSECPolicyEx"
"GenerateGroupPolicy"="GenerateIPSECPolicy"
"DllName"=expand:"%SystemRoot%\\System32\\polstore.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000
"DisplayName"=expand:"@c:\\Windows\\system32\\polstore.dll,-5012"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}]
@DACL=(02 0000)
@="Audit Policy Configuration"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"DllName"=expand:"auditcse.dll"
"NoUserPolicy"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
"ForceRefreshFG"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}]
@DACL=(02 0000)
@="Enterprise QoS"
"DisplayName"=expand:"@gptext.dll,-203"
"ProcessGroupPolicy"="ProcessEQoSPolicy"
"DllName"=expand:"gptext.dll"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}]
@DACL=(02 0000)
@="CP"
"DisplayName"=expand:"@gptext.dll,-205"
"ProcessGroupPolicy"="ProcessConnectivityPlatformPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
**************************************************************************
.
Completion time: 2011-08-08 19:23:07 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-09 02:22
ComboFix2.txt 2011-08-07 01:17
ComboFix3.txt 2011-08-05 19:06
ComboFix4.txt 2011-07-11 02:17
ComboFix5.txt 2011-08-09 01:44
.
Pre-Run: 142,913,654,784 bytes free
Post-Run: 142,659,293,184 bytes free
.
- - End Of File - - 6D8633FE75E4FCB033A7BD632085C23A

#72
Cold Titanium

Posted 09 August 2011 - 01:34 PM

Trusted Helper

Malware Removal
1,735 posts

Step #1

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Automatic Scan report from the left and press Save button
Save it to your desktop and attach to your next post

Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step #2

Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.

Save it to the desktop.
Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
You will receive a prompt:
- Do you want to skip supplementary searches?
  click NO
If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please post the AVZ log and attach the second scan from it, then give me the Silent Runners log please....

#73
AZCMer

Posted 10 August 2011 - 08:56 AM

Member

Topic Starter
Member
108 posts

I ran the Kaspersky tool and it seemed to run fine with no malware found until it was about %90 complete and then I just got a pop up asking to uninstall. Since it had taken 8 hrs to complete, I just shut my system down and am getting ready to try again.

When I booted up this morning, I got an error message: "Windows can't find 6422218.exe. Make sure you typed the name correctly and try again." I just closed that box and allowed the desktop to keep loading.

Also, Avast started with all shields off.

Let me know how to proceed. Until then, I'll try to rerun Kaspersky and see what happens.

Here's the memory dump from Kaspersky:
221.2 MB 55.3 MB C:\Users\THEREE~1\AppData\Local\Temp\KAT.11.0.0.1245_08.09_22.52_7468.GUI.full.dmp
6 MB 1.5 MB C:\Users\THEREE~1\AppData\Local\Temp\KAT.11.0.0.1245_08.09_22.52_7468.GUI.mini.dmp
85.5 KB 21.4 KB C:\Users\THEREE~1\AppData\Local\Temp\KAT.11.0.0.1245_08.09_22.52_7468.GUI.tiny.dmp

BTW, I found the file "The" in my users folder. And I don't have a user THEREE~1 in my users folder... Except when I click on the file name in the kaspersky app to navigate to the log file, it is there. None of those 'KAT' files are there though.

I reran the system scan this morning and here is the zip.

I just tried the silent runners and what I downloaded was a script with no icon to click on. When I click on the silent runners script, it opens in notepad. (Never mind - went to silent runners website and found the FAQ to run this bugger.)

I can't run the bugger! I went to the FAQs and they said to run it from the command prompt. If I run it saying 'cscript.exe "Silent Runners.vbs"', then I get the error, "Input Error: there is no script engine for the file extention .exe" If I try running it as 'cscript "Silent Runners.vbs"' I get the error 'Input error: Cannot find the script file "c:\Users\The Reeve Family\Desktop\Silent Runners.vbs' Believe me it is there. Also, I tried saving it to my root directory C: and my system won't let me. I tried moving it to Users\The Reeve Family and I get the same errors. There is nothing in the FAQs about this. What next?

p.s. wrote to Andrew and he gave me a hint that I may have my file extensions hidden, which I do. It turns out the file was saved on my system as 'Silent Runners.vbs.txt'. Don't ask me how that happened since I followed both your directions and the directions on the website to a tee. When the scan is finished, I'll run this puppy and see what we get.

Attached Files

avptool_sysinfo.zip 10.86KB 142 downloads

Edited by AZCMer, 10 August 2011 - 05:05 PM.

#74
AZCMer

Posted 11 August 2011 - 08:27 AM

Member

Topic Starter
Member
108 posts

Kaspersky completed with no errors and no malware found. I forgot to save the report. (and after all this!) Sorry.

Attached is the scan.

Here is the result of Silent Runners:

"Silent Runners.vbs", revision 63, http://www.silentrunners.org/
Operating System: Windows 7 SP1
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"L07AXLRD_2040898" = ""C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m" [MS]
"RESTART_STICKY_NOTES" = "C:\Windows\System32\StikyNot.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\(Default) = (no title provided)
-> {HKLM...CLSID} = "avast! WebRep"
\InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll" ["AVAST Software"]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live ID Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

00avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShA64.dll" ["AVAST Software"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{5FCD4425-CA3A-48F4-A57C-B8A75C32ACB1}" = "NSE_WithSubFld"
-> {HKLM...CLSID} = "NSE_WithSubFld"
\InProcServer32\(Default) = "C:\Program Files (x86)\Hewlett-Packard\Recovery\Protect.dll" [null data]

"{B41DB860-64E4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}" = "NVIDIA Play On My TV Context Menu Extension"
-> {HKLM...CLSID} = "NVIDIA CPL Context Menu Extension"
\InProcServer32\(Default) = "C:\Windows\system32\nvshext.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShA64.dll" ["AVAST Software"]

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> ("livessp" [MS]) "Security Packages" = "kerberos"|"msv1_0"|"schannel"|"wdigest"|"tspkg"|"pku2u"|"livessp"

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync" [file not found]|"C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\(Default) = "WLIDCredentialProvider"
-> {HKLM...CLSID} = "WLIDCredentialProvider"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShA64.dll" ["AVAST Software"]

WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

00avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShA64.dll" ["AVAST Software"]

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

NvCplDesktopContext\(Default) = "{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}"
-> {HKLM...CLSID} = "NVIDIA CPL Context Menu Extension"
\InProcServer32\(Default) = "C:\Windows\system32\nvshext.dll" ["NVIDIA Corporation"]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShA64.dll" ["AVAST Software"]

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

Default executables:
--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"

HKLM\SOFTWARE\Classes\.hta\(Default) = "htafile"
<<!>> HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = "C:\Windows\SysWOW64\mshta.exe "%1" %*" [MS]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg"

Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

AdobePhotoshopElements8ShowPicturesOnArrival\
"Provider" = "Adobe Elements Organizer 8.0"
"InvokeProgID" = "PhotoshopElements.Application.8"
"InvokeVerb" = "launch"
HKLM\SOFTWARE\Classes\PhotoshopElements.Application.8\shell\launch\command\(Default) = ""C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PseProxy.exe" -v "%1"" ["Adobe Systems Incorporated"]

CanonZB4PicturesOnArrival\
"Provider" = "Canon ZoomBrowser EX"
"InvokeProgID" = "Zb.AutoplayHandler"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Zb.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files (x86)\Canon\ZoomBrowser EX MCU\MCULauncher.exe" [null data]

HPMSDVDPlayDVDMovieOnArrival\
"Provider" = "HP MediaSmart DVD"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithHPMediaSmartDVD"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithHPMediaSmartDVD\Command\(Default) = ""c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."]

HPMSDVDPlayVCDMovieOnArrival\
"Provider" = "HP MediaSmart DVD"
"InvokeProgID" = "VCD"
"InvokeVerb" = "PlayWithHPMediaSmartDVD"
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithHPMediaSmartDVD\Command\(Default) = ""c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."]

iTunesBurnCDOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.BurnCD"
"InvokeVerb" = "burn"
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]

iTunesImportSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ImportSongsOnCD"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]

iTunesPlaySongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.PlaySongsOnCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]

iTunesShowSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ShowSongsOnCD"
"InvokeVerb" = "showsongs"
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]

Jasc Paint Shop Photo Album 5HandleCDBurningOnArrival\
"Provider" = "Jasc Paint Shop Photo Album 5"
"InvokeProgID" = "JascPaintShopPhotoAlbum5Folder"
"InvokeVerb" = "BurnCD"
HKLM\SOFTWARE\Classes\JascPaintShopPhotoAlbum5Folder\shell\BurnCD\command\(Default) = "C:\PROGRA~2\JASCSO~1\PAINTS~2\pspa.exe -burncdlaunch" ["Jasc Software"]

Jasc Paint Shop Photo Album 5ShowPicturesOnArrivalHandler\
"Provider" = "Jasc Paint Shop Photo Album 5"
"InvokeProgID" = "JascPaintShopPhotoAlbum5Folder"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\JascPaintShopPhotoAlbum5Folder\shell\open\command\(Default) = "C:\PROGRA~2\JASCSO~1\PAINTS~2\pspa.exe "%1"" ["Jasc Software"]

MSLivePhotoAcquireDropHandler\
"Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10"
"InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll" [MS]

MSLiveShowPicturesOnArrival\
"Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10"
"InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll" [MS]

MSPlayCDAudioOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.AudioCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"" [MS]

MSPlayDVDMovieOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.DVD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"" [MS]

MSPlaySuperVideoCDMovieOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.VCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L"" [MS]

MSPlayVideoCDMovieOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.VCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L"" [MS]

MSWMPBurnCDOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.BurnCD"
"InvokeVerb" = "Burn"
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L"" [MS]

muveePicturesOnArrival\
"Provider" = "muvee Reveal Seagate Edition"
"InvokeProgID" = "Picture"
"InvokeVerb" = "OpenWithMuveeReveal"
HKLM\SOFTWARE\Classes\Picture\shell\OpenWithMuveeReveal\Command\(Default) = ""C:\Program Files (x86)\Seagate\muvee Reveal Seagate Edition\muveereveal.exe" -mediaarrival=%L" [null data]

muveeVideoCameraArrivalCaptureWizard\
"Provider" = "muvee Reveal Seagate Edition"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files (x86)\Seagate\muvee Reveal Seagate Edition\muveereveal.exe" -capture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

muveeVideoOnArrival\
"Provider" = "muvee Reveal Seagate Edition"
"InvokeProgID" = "Picture"
"InvokeVerb" = "OpenWithMuveeReveal"
HKLM\SOFTWARE\Classes\Picture\shell\OpenWithMuveeReveal\Command\(Default) = ""C:\Program Files (x86)\Seagate\muvee Reveal Seagate Edition\muveereveal.exe" -mediaarrival=%L" [null data]

P2GCDBurningOnArrival\
"Provider" = "Power2Go"
"InvokeProgID" = "BlankCD"
"InvokeVerb" = "OpenWithPower2Go"
HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPower2Go\Command\(Default) = ""c:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L"" ["CyberLink Corp."]

P2GDVDBurningOnArrival\
"Provider" = "Power2Go"
"InvokeProgID" = "BlankDVD"
"InvokeVerb" = "OpenWithPower2Go"
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = ""c:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L"" ["CyberLink Corp."]

Paint Shop Pro 9ShowPicturesOnArrivalHandler\
"Provider" = "Paint Shop Pro 9"
"InvokeProgID" = "PaintShopPro9.BrowserCacheFile"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\PaintShopPro9.BrowserCacheFile\shell\open\command\(Default) = "C:\PROGRA~2\JASCSO~1\PAINTS~3\PAINTS~1.EXE "/Browse" "%1" ["Jasc Software, Inc."]

Paint Shop Pro XShowPicturesOnArrivalHandler\
"Provider" = "Corel Paint Shop Pro X"
"InvokeProgID" = "PaintShopProX.Image"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\PaintShopProX.Image\shell\open\command\(Default) = ""C:\Program Files (x86)\Corel\Corel Paint Shop Pro X\Paint Shop Pro X.exe" /dde" ["Corel, Inc."]

PDirDVArrival\
"Provider" = "PowerDirector"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""c:\Program Files (x86)\CyberLink\PowerDirector\PDR.exe" /DV"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

Power2GoPlayCDAudioOnArrival\
"Provider" = "Power2Go"
"InvokeProgID" = "AudioCD"
"InvokeVerb" = "PlayWithPower2Go"
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go\Command\(Default) = ""c:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" /AudioRipper "%L"" ["CyberLink Corp."]

PStarterBlankCDArrival\
"Provider" = "DVD Suite Deluxe"
"InvokeProgID" = "BlankCD"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPowerStarter\Command\(Default) = ""c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\PowerStarter.exe" "%L"" ["CyberLink"]

PStarterDVDBurningOnArrival\
"Provider" = "DVD Suite Deluxe"
"InvokeProgID" = "BlankDVD"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPowerStarter\Command\(Default) = ""c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\PowerStarter.exe" "%L"" ["CyberLink"]

PStarterMixedCDArrival\
"Provider" = "DVD Suite Deluxe"
"InvokeProgID" = "MixedContent"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\MixedContent\shell\OpenWithPowerStarter\Command\(Default) = ""c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\PowerStarter.exe" "%L"" ["CyberLink"]

PStarterMusicFilesArrival\
"Provider" = "DVD Suite Deluxe"
"InvokeProgID" = "MusicFiles"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\MusicFiles\shell\OpenWithPowerStarter\Command\(Default) = ""c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\PowerStarter.exe" "%L"" ["CyberLink"]

PStarterPicturesArrival\
"Provider" = "DVD Suite Deluxe"
"InvokeProgID" = "Picture"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerStarter\Command\(Default) = ""c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\PowerStarter.exe" "%L"" ["CyberLink"]

PStarterVideoFilesArrival\
"Provider" = "DVD Suite Deluxe"
"InvokeProgID" = "VideoFiles"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\VideoFiles\shell\OpenWithPowerStarter\Command\(Default) = ""c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\PowerStarter.exe" "%L"" ["CyberLink"]

RPCDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.CDBurn.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""c:\program files (x86)\real\realplayer\\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]

RPDVDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVDBurn.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = ""c:\program files (x86)\real\realplayer\\RealPlay.exe" /burndvd "%1"" ["RealNetworks, Inc."]

RPPlayCDAudioOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AudioCD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""c:\program files (x86)\real\realplayer\\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]

RPPlayDVDMovieOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""c:\program files (x86)\real\realplayer\\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]

RPPlayMediaOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AutoPlay.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""c:\program files (x86)\real\realplayer\\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]

WIA_{3ABAD661-C8FD-4F9A-BB80-499296E8210E}\
"Provider" = "Microsoft Office Document Scanning"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPSCAN.EXE;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

WIA_{60342231-843D-40F6-9B78-86FBBC7A47A6}\
"Provider" = "Paint Shop Pro 9"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 9\Paint Shop Pro 9.exe -wialaunch;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

WIA_{93503A0E-27AA-4679-8387-3234AEDB7F8A}\
"Provider" = "Corel Paint Shop Pro X"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files (x86)\Corel\Corel Paint Shop Pro X\Paint Shop Pro X.exe -wialaunch;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

WIA_{A86CE40C-1B18-4caa-A58F-D0AD152FCEB0}\
"Provider" = "muvee Reveal Seagate Edition"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;"C:\Program Files (x86)\Seagate\muvee Reveal Seagate Edition\muveereveal.exe" /StiDevice:%1 /StiEvent:%2;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

WIA_{C9FD0BBC-8689-4896-AA10-0FB02E30E850}\
"Provider" = "Jasc Paint Shop Photo Album 5"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files (x86)\Jasc Software Inc\Paint Shop Photo Album 5\pspa -wialaunch;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

WIA_{CB46E9E1-1780-4488-884F-5CF0C82A48C7}\
"Provider" = "Microsoft Office Document Scanning"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPSCAN.EXE;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

WIA_{CF2A0DAB-4507-4201-A94A-5A2D452B9897}\
"Provider" = "Microsoft Office Document Scanning"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPSCAN.EXE;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

WIA_{F9C0E765-B8C3-437D-A168-6B55EC47347E}\
"Provider" = "Microsoft Office Document Scanning"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPSCAN.EXE;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

Startup items in "The Reeve Family" & "All Users" startup folders:
------------------------------------------------------------------

C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
<<!>> "hpqtra08.exe" ["Hewlett-Packard Co."]
"_uninst_55723948" -> shortcut to: "C:\Users\The Reeve Family\AppData\Local\Temp\_uninst_55723948.bat" [null data]
"_uninst_76996756" -> shortcut to: "C:\Users\The Reeve Family\AppData\Local\Temp\_uninst_76996756.bat" [null data]

Windows Sidebar Gadgets:
------------------------

C:\Users\The Reeve Family\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CShared%20Gadgets%5CaswSidebar.gadget"

Non-disabled Scheduled Tasks:
-----------------------------

C:\Windows\System32\Tasks
"ASC4_PerformanceMonitor" -> launches: "C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe" [file not found]
"CLMLSvc" -> (HIDDEN!) launches: "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" ["CyberLink"]
"DVDAgent" -> (HIDDEN!) launches: "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" ["CyberLink Corp."]
"HPCeeScheduleForThe Reeve Family" -> launches: "C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForThe Reeve Family (null)" [null data]
"HPOSIAPP64" -> launches: ""%ProgramFiles(x86)%\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe"" [null data]
"PCDRScheduledMaintenance" -> launches: "C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe -fh scripts\monthly.xml -st PCDRScheduledMaintenance" [null data]
"RealUpgradeLogonTaskS-1-5-21-1088720637-78751619-3950019920-1000" -> launches: "C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck" ["RealNetworks, Inc."]
"RealUpgradeScheduledTaskS-1-5-21-1088720637-78751619-3950019920-1000" -> launches: "C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck" ["RealNetworks, Inc."]
"User_Feed_Synchronization-{829DE164-E25B-439E-8FE6-B35296D15238}" -> (HIDDEN!) launches: "C:\Windows\system32\msfeedssync.exe sync" [MS]
"{13DDD80B-B506-4685-8D10-CB0515782276}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Users\The Reeve Family\Downloads\TLC.exe" -d C:\Windows" [MS]
"{17886BF3-CBDB-4915-B1DD-298B71E962B1}" -> launches: "C:\Program Files (x86)\Cybershaman VIII - Free\Cybershaman VIII - Free.exe" [file not found]
"{1C78FD55-ED27-4A74-A5C5-D4E22E066237}" -> launches: "C:\Windows\system32\pcalua.exe -a E:\SetupWizard.exe -d E:\" [MS]
"{1E2954E0-0FA1-4023-B352-7B23C109604B}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Users\The Reeve Family\Downloads\DiscoveryChannel.exe" -d C:\Windows" [MS]
"{30D13577-FED6-4BF7-A452-A7C87452536C}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Users\The Reeve Family\Downloads\Revision3PluginInstaller.exe" -d "C:\Program Files (x86)\Mozilla Firefox"" [MS]
"{325205B1-C752-4FB9-AA9F-5C3461D828EC}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Users\The Reeve Family\Downloads\CracklePluginInstaller.exe" -d "C:\Users\The Reeve Family\Downloads"" [MS]
"{3AD7A3CF-E64B-4985-A642-DEA45FF0CD5E}" -> launches: "C:\Program Files (x86)\Cybershaman VIII - Free\Cybershaman VIII - Free.exe" [file not found]
"{534E2FCC-71B8-4050-A015-CEA4BD41DD0C}" -> launches: "C:\Program Files (x86)\Skype\Phone\Skype.exe" ["Skype Technologies S.A."]
"{53C7EDCD-A6D1-4034-8640-59EFCA694EE1}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Users\The Reeve Family\Desktop\Revision3PluginInstaller.exe" -d "C:\Users\The Reeve Family\Desktop"" [MS]
"{763E4989-1399-49AF-BE96-406853FD1929}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Users\The Reeve Family\Downloads\ShepherdsChapel.exe" -d C:\Windows" [MS]
"{7B7D62A9-D86A-41CC-96BE-ABC22B688487}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\Windows\System32\PenTablet.cpl" [MS]
"{8498D97E-986B-450F-8D18-8791A2DB5296}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Users\The Reeve Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9C2CPI7\HuluDesktopSetup[1].exe" -d "C:\Users\The Reeve Family\Desktop"" [MS]
"{AAF1ED06-81A9-4846-A3C0-9F9DC5D0FC8F}" -> launches: "C:\Program Files (x86)\Corel\Corel Paint Shop Pro X\Paint Shop Pro X.exe" ["Corel, Inc."]
"{AC3E3380-398F-45AC-9484-01E88423AA41}" -> launches: "C:\Program Files (x86)\Hewlett-Packard\hp deskjet assistant\bin\browser.exe" [file not found]
"{B206823F-AD22-43A4-8DF6-C8952B0125AC}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Users\The Reeve Family\Downloads\AnimalPlanet.exe" -d C:\Windows" [MS]
"{C67B0951-2469-438F-A6EF-8B9A19656D71}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Users\The Reeve Family\Downloads\ScriptsPluginInstaller(2).exe" -d "C:\Users\The Reeve Family\Downloads"" [MS]
"{CB5F33D0-DB18-4D74-8173-26D1B0E5CEA8}" -> launches: "C:\Program Files (x86)\Hewlett-Packard\hp deskjet assistant\bin\browser.exe" [file not found]
"{CEB39072-49F1-4C83-8614-9E7FA7ADF5BA}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Users\The Reeve Family\Desktop\InstallSeagateManager.exe" -d "C:\Users\The Reeve Family\Desktop"" [MS]
"{D511B436-6244-4A7F-B4DA-4D17BCD0E74B}" -> launches: "C:\Program Files (x86)\Cybershaman VIII - Free\Cybershaman VIII - Free.exe" [file not found]
"{D6B115A7-D66C-40F4-B6D2-2C6BF7E97CD5}" -> launches: "C:\Windows\system32\pcalua.exe -a E:\Setup\Setup.exe -d E:\Setup" [MS]
"{D99CCD59-A79F-4831-B15D-DB3F3F2A061C}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Users\The Reeve Family\Downloads\OpenfilmPluginInstaller.exe" -d "C:\Users\The Reeve Family\Downloads"" [MS]
"{D9C7E55A-C1F3-4457-AB01-96C7A9D72762}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Users\The Reeve Family\Desktop\WindowsMediaCenter(4.0.0.098)\Windows Media Center\PCTV Package - Windows Media Center (64 bit).exe" -d "C:\Users\The Reeve Family\Desktop\WindowsMediaCenter(4.0.0.098)\Windows Media Center"" [MS]
"{E33399A0-FD03-406C-9BDD-F792C62BFCC8}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Users\The Reeve Family\Downloads\TEDPluginInstaller(2).exe" -d "C:\Users\The Reeve Family\Downloads"" [MS]
"{F04C1701-1121-424C-A610-E353807B4F59}" -> launches: "C:\Program Files (x86)\Cybershaman VIII - Free\Cybershaman VIII - Free.exe" [file not found]
"{FC515443-91F8-4968-B8D0-996945422AD8}" -> launches: "C:\Windows\system32\pcalua.exe -a E:\install.exe -d E:\" [MS]

C:\Windows\System32\Tasks\Apple
"AppleSoftwareUpdate" -> launches: "C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]

C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant
"GetAssistance Maintenance Events" -> launches: ""%programfiles(x86)%\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\HPSAObjUtil.exe" /NOCONSOLE getassistfix" [null data]
"PC Health Analysis" -> launches: "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis" [null data]
"PC Tuneup" -> launches: "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L TuneupTimer" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
"AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}"
-> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
"AitAgent" -> launches: "aitagent" [MS]
"ProgramDataUpdater" -> launches: "%windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
"Proxy" -> launches: "%windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
"UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
"SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
"UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
"Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]
"KernelCeipTask" -> (HIDDEN!) launches: "{e7ed314f-2816-4c26-aeb5-54a34d02404c}"
-> {HKLM...CLSID} = "KernelCeipCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\kernelceip.dll" [MS]
"UsbCeip" -> (HIDDEN!) launches: "{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}"
-> {HKLM...CLSID} = "UsbCeip"
\InProcServer32\(Default) = "C:\Windows\System32\usbceip.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
"ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
"Scheduled" -> (HIDDEN!) launches: "{c1f85ef8-bcc2-4606-bb39-70c523715eb3}"
-> {HKLM...CLSID} = "ScheduledDiagnosticCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\sdiagschd.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location
"Notifications" -> launches: "%windir%\System32\LocationNotifications.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
"WinSAT" -> launches: "{A9A33436-678B-4C9C-A211-7CC38785E79D}"
-> {HKLM...CLSID} = "WinSAT Task Manger Task"
\InProcServer32\(Default) = "C:\Windows\system32\WinSATAPI.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
"ActivateWindowsSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch" [MS]
"ConfigureInternetTimeService" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService" [MS]
"DispatchRecoveryTasks" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)" [MS]
"ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS]
"InstallPlayReady" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)" [MS]
"mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0)" [MS]
"mcupdate_scheduled" -> launches: "%SystemRoot%\ehome\mcupdate -crl -hms -pscn 15" [MS]
"MediaCenterRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask" [MS]
"ObjectStoreRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask" [MS]
"OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS]
"OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)" [MS]
"PBDADiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery" [MS]
"PBDADiscoveryW1" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery" [MS]
"PBDADiscoveryW2" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery" [MS]
"PvrRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask" [MS]
"PvrScheduleTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrSchedule" [MS]
"RegisterSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)" [MS]
"ReindexSearchRoot" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot" [MS]
"SqlLiteRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask" [MS]
"StartRecording" -> launches: "%SystemRoot%\ehome\ehrec /StartRecording" [MS]
"UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
"CorruptionDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"
-> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]
"DecompressionFailureDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"
-> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
"HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"
-> {HKLM...CLSID} = "HotStart User Agent"
\InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
"LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
"SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"
-> {HKLM...CLSID} = "Microsoft PlaySoundService Class"
\InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
"GatherNetworkInfo" -> launches: "%windir%\system32\gatherNetworkInfo.vbs" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
"AnalyzeSystem" -> launches: "%SystemRoot%\System32\powercfg.exe -energy -auto" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
"RacTask" -> (HIDDEN!) launches: "{42060D27-CA53-41f5-96E4-B1E8169308A6}"
-> {HKLM...CLSID} = "ReliabilityAnalysisCustomHandler"
\InProcServer32\(Default) = "C:\Windows\system32\RacEngn.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras
"MobilityManager" -> launches: "{c463a0fc-794f-4fdf-9201-01938ceacafa}"
-> {HKLM...CLSID} = "RasMobilityManager"
\InProcServer32\(Default) = "C:\Windows\system32\rasmbmgr.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry
"RegIdleBackup" -> (HIDDEN!) launches: "{ca767aa8-9157-4604-b64b-40747123d5f2}"
-> {HKLM...CLSID} = "RegistryIdleBackupHandler"
\InProcServer32\(Default) = "C:\Windows\System32\regidle.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
"RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
"GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}"
-> {HKLM...CLSID} = "GadgetsManager Class"
\InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
"SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TabletPC
"InputPersonalization" -> launches: "%CommonProgramFiles%\Microsoft Shared\Ink\InputPersonalization.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
"Interactive" -> (HIDDEN!) launches: "{855fec53-d2e4-4999-9e87-3414e9cf0ff4}"
-> {HKLM...CLSID} = "RunTask"
\InProcServer32\(Default) = "C:\Windows\system32\wdc.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
"IpAddressConflict1" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]
"IpAddressConflict2" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
"MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"
-> {HKLM...CLSID} = "MsCtfMonitor task handler"
\InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
"SynchronizeTime" -> launches: "%windir%\system32\sc.exe start w32time task_started" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
"UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
"ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"
-> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
"ValidationTask" -> (HIDDEN!) launches: "%SystemRoot%\system32\Wat\WatAdminSvc.exe /run" [MS]
"ValidationTaskDeadline" -> (HIDDEN!) launches: "%SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
"QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
"BfeOnServiceStartTypeChange" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
"UpdateLibrary" -> launches: ""%ProgramFiles%\Windows Media Player\wmpnscfg.exe"" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
"AutomaticBackup" -> launches: "%systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup" [MS]
"Windows Backup Monitor" -> launches: "%systemroot%\system32\sdclt.exe /CHECKSKIPPED" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem
"Calibration Loader" -> launches: "{B210D694-C8DF-490d-9576-9E20CDBC20BD}"
-> {HKLM...CLSID} = "Color Calibration Loader"
\InProcServer32\(Default) = "C:\Windows\System32\mscms.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
"Extractor Definitions Update Task" -> launches: "{3519154C-227E-47F3-9CC9-12C3F05817F1}"" [InProcServer32 entry not found]

C:\Windows\System32\Tasks\WPD
"SqmUpload_S-1-5-21-1088720637-78751619-3950019920-1000" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe portabledeviceapi.dll,#1" [MS]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000007\LibraryPath = "C:\Program Files (x86)\Bonjour\mdnsNSP.dll" ["Apple Inc."]
000000000008\LibraryPath = "C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" [MS]
000000000009\LibraryPath = "C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}" = (no title provided)
-> {HKLM...CLSID} = "avast! WebRep"
\InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll" ["AVAST Software"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{B205A35E-1FC4-4CE3-818B-899DBBB3388C}\
"ButtonText" = "Encarta Search"

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Adobe Active File Monitor V8, AdobeActiveFileMonitor8.0, "C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe" ["Adobe Systems Incorporated"]
avast! Antivirus, avast! Antivirus, ""C:\Program Files\AVAST Software\Avast\AvastSvc.exe"" ["AVAST Software"]
Bonjour Service, Bonjour Service, ""C:\Program Files (x86)\Bonjour\mDNSResponder.exe"" ["Apple Inc."]
HP CUE DeviceDiscovery Service, hpqddsvc, "C:\Windows\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll" ["Hewlett-Packard Co."]}
hpqcxs08, hpqcxs08, "C:\Windows\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll" ["Hewlett-Packard Co."]}
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]
Machine Debug Manager, MDM, ""C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
Media Center Extender Service, Mcx2Svc, "C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation" {"C:\Windows\system32\Mcx2Svc.dll" [MS]}
Net Driver HPZ12, Net Driver HPZ12, "C:\Windows\System32\svchost.exe -k HPZ12" {"C:\Windows\system32\HPZinw12.dll" ["Hewlett-Packard"]}
Pml Driver HPZ12, Pml Driver HPZ12, "C:\Windows\System32\svchost.exe -k HPZ12" {"C:\Windows\system32\HPZipm12.dll" ["Hewlett-Packard"]}
Seagate Service, FreeAgentGoNext Service, ""C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe"" ["Seagate Technology LLC"]
TabletServicePen, TabletServicePen, "C:\Windows\system32\Pen_Tablet.exe" ["Wacom Technology, Corp."]
Windows Live ID Sign-in Assistant, wlidsvc, ""C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"" [MS]
Windows Mobile-2003-based device connectivity, WcesComm, "C:\Windows\system32\svchost.exe -k WindowsMobile" {"C:\Windows\WindowsMobile\wcescomm.dll" [MS]}
Windows Mobile-based device connectivity, RapiMgr, "C:\Windows\system32\svchost.exe -k WindowsMobile" {"C:\Windows\WindowsMobile\rapimgr.dll" [MS]}

Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> MCODS, (null value)
<<!>> MSIServer, "Service"

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> MCODS, (null value)

Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
hpf3l083.dll\Driver = "hpf3l083.dll" ["Hewlett-Packard Company"]
Journal Note Port\Driver = "jnwmon.dll" [MS]
LIDIL hpzllw71\Driver = "hpzllw71.dll" ["Hewlett-Packard Corporation"]
PCL hpz3llhn\Driver = "hpz3llhn.dll" ["Hewlett-Packard Company"]
PCL hpz3lwn7\Driver = "hpz3lwn7.dll" ["Hewlett-Packard Company"]

---------- (launch time: 2011-08-11 05:48:45)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 165 seconds.
---------- (total run time: 242 seconds)

Attached Files

avptool_sysinfo.zip 11.61KB 146 downloads

#75
Cold Titanium

Posted 11 August 2011 - 10:34 PM

Trusted Helper

Malware Removal
1,735 posts

Step #1

Re-run AVPTool
Select the Manual Disinfection tab and press Script execution

Where it states Insert text script in the following box copy the below script and press Run script
Copy from Begin until End
Posted Image

begin 
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 BC_CopyFile('Users\The Reeve Family\AppData\Local\Temp\_uninst_76996756.bat','C:\_uninst_76996756.bat.bak');
 BC_CopyFile('Users\The Reeve Family\AppData\Local\Temp\_uninst_76996756.bat','C:\_uninst_55723948.bat.bak');
 BC_CopyFile('Users\The Reeve Family\AppData\Local\Temp\_uninst_76996756.bat','C:\_uninst_41489800.bat.bak');
 StopService('Netlogon32');
 BC_DeleteSvc('Netlogon32');
 StopService('AppIDSvc32');
 BC_DeleteSvc('AppIDSvc32');
 BC_DeleteFile('c:\windows\system32\mmcico32.exe');
 BC_DeleteFile('C:\Windows\system32\NlsLexicons001332.exe');
BC_Activate;
RebootWindows(true);
end.

Your system will reboot on completion, if it does not please do so yourself
On completion please Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information
On completion click the link to locate the zip file to upload and attach to your next post

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step #2

I copied 3 suspicious script files to the c:\ drive. Please zip up the following and send them to me in a PM, I want to see if they're malicious.

C:\_uninst_76996756.bat.bak
C:\_uninst_55723948.bat.bak
C:\_uninst_41489800.bat.bak

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please attach the AVZ zip and PM me those files.