I've been infected with Black Hole Exploit Kit, which was detected by AVG and blocked. It has since come up numerous times, often when starting Firefox, but has come up at other times too I think. At one point a Trojan was detected and quarantined by AVG, but like an idiot I didn't write down the name. I thought it would be in the virus log, but it's not. I have run Spybot S&D, which removed several things. Also ran Malwarebytes' Malware Removal Tool, which removed some registry entries and temp files. Following that, many program shortcuts were removed from the Programs menu, and all Administrative Tools seem to be gone from the menu and directory. I deleted all Java and deleted Firefox. Since then, I have kept the laptop powered down, a little afraid to use it. The virus seems to be lurking somewhere and relaunches itself periodically. Any help is greatly appreciated.
Blackhole Exploit Kit infection
Started by
jeffroZ
, Nov 01 2011 04:52 PM
-
This topic is locked
#1
Posted 01 November 2011 - 04:52 PM
jeffroZ
-
- Member
-
- 19 posts
Member
I've been infected with Black Hole Exploit Kit, which was detected by AVG and blocked. It has since come up numerous times, often when starting Firefox, but has come up at other times too I think. At one point a Trojan was detected and quarantined by AVG, but like an idiot I didn't write down the name. I thought it would be in the virus log, but it's not. I have run Spybot S&D, which removed several things. Also ran Malwarebytes' Malware Removal Tool, which removed some registry entries and temp files. Following that, many program shortcuts were removed from the Programs menu, and all Administrative Tools seem to be gone from the menu and directory. I deleted all Java and deleted Firefox. Since then, I have kept the laptop powered down, a little afraid to use it. The virus seems to be lurking somewhere and relaunches itself periodically. Any help is greatly appreciated.
#2
Posted 02 November 2011 - 02:52 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Hi there - please do not run any temporary file cleaners until we have restored your icons etc..
Download RogueKiller to your desktop
THEN
Download OTL to your Desktop
Download RogueKiller to your desktop
- Quit all running programs
- For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
- When prompted, type 6 and validate
- The RKreport.txt shall be generated next to the executable.
- If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
THEN
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
CREATERESTOREPOINT - Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs
#3
Posted 03 November 2011 - 02:08 PM
jeffroZ
- Topic Starter
-
- Member
-
- 19 posts
Member
Thanks for the response. I will take those steps when I get back to my PC tonight and will post the logs.
#4
Posted 03 November 2011 - 09:47 PM
jeffroZ
- Topic Starter
-
- Member
-
- 19 posts
Member
Here is the Rogue Killer report:
RogueKiller V6.1.6 [11/01/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: JeffE [Admin rights]
Mode: Shortcuts HJfix -- Date : 11/03/2011 20:32:34
Bad processes: 0
Driver: [LOADED]
File attributes restored:
Desktop: Success 77 / Fail 0
Quick launch: Success 34 / Fail 0
Programs: Success 97 / Fail 0
Start menu: Success 111 / Fail 0
User folder: Success 55321 / Fail 0
My documents: Success 113 / Fail 0
My favorites: Success 1522 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 31536 / Fail 0
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
Finished : << RKreport[1].txt >>
RKreport[1].txt
RogueKiller V6.1.6 [11/01/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: JeffE [Admin rights]
Mode: Shortcuts HJfix -- Date : 11/03/2011 20:32:34
Bad processes: 0
Driver: [LOADED]
File attributes restored:
Desktop: Success 77 / Fail 0
Quick launch: Success 34 / Fail 0
Programs: Success 97 / Fail 0
Start menu: Success 111 / Fail 0
User folder: Success 55321 / Fail 0
My documents: Success 113 / Fail 0
My favorites: Success 1522 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 31536 / Fail 0
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
Finished : << RKreport[1].txt >>
RKreport[1].txt
#5
Posted 03 November 2011 - 09:50 PM
jeffroZ
- Topic Starter
-
- Member
-
- 19 posts
Member
While I was downloading OTL, another threat was detected and blocked:
Exploit Phoenix Kit (type 1477). 2 instances.
Exploit Phoenix Kit (type 1477). 2 instances.
#6
Posted 04 November 2011 - 01:06 AM
jeffroZ
- Topic Starter
-
- Member
-
- 19 posts
Member
And here are the OTL files:
OTL.txt
OTL logfile created on: 11/3/2011 8:53:02 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\JeffE\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.41 Mb Total Physical Memory | 211.34 Mb Available Physical Memory | 20.83% Memory free
2.38 Gb Paging File | 1.05 Gb Available in Paging File | 43.98% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 14.02 Gb Free Space | 4.70% Space Free | Partition Type: NTFS
Computer Name: COMPAQLAPTOP | User Name: JeffE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/10/16 06:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JeffE\My Documents\OTL.exe
PRC - [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/09/21 19:53:12 | 000,973,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/13 06:32:40 | 001,227,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/20 15:07:38 | 005,382,072 | ---- | M] () -- C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
PRC - [2011/07/20 15:00:34 | 002,674,688 | ---- | M] () -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | R-S- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/31 13:17:50 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold 3\scsiaccess.exe
PRC - [2006/05/18 11:12:54 | 000,902,656 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopService.exe
PRC - [2006/04/21 12:14:00 | 000,450,560 | ---- | M] (Oracle) -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopQOS.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
========== Modules (No Company Name) ==========
MOD - [2011/07/20 15:07:38 | 005,382,072 | ---- | M] () -- C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
MOD - [2011/07/20 15:00:34 | 002,674,688 | ---- | M] () -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/25 09:49:42 | 002,463,048 | ---- | M] () -- C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/09/22 21:12:20 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
MOD - [2010/05/14 12:49:36 | 002,519,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll
MOD - [2010/05/14 12:41:42 | 000,708,608 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll
MOD - [2010/05/14 12:38:30 | 006,443,008 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll
MOD - [2010/05/14 12:38:30 | 001,581,056 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll
MOD - [2010/05/14 12:38:30 | 000,356,352 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll
MOD - [2010/05/14 12:38:30 | 000,188,416 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll
MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2009/07/30 18:44:14 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2007/10/31 13:17:50 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold 3\scsiaccess.exe
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (Dhcense)
SRV - [2011/10/01 12:08:47 | 000,246,600 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/20 15:00:34 | 002,674,688 | ---- | M] () [Auto | Running] -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe -- (GsServer)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/07/18 12:56:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2007/10/31 13:17:50 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold 3\scsiaccess.exe -- (ScsiAccess)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/23 10:47:23 | 000,069,632 | ---- | M] (Macromedia) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2006/12/22 08:31:50 | 000,108,712 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/10/01 05:37:42 | 000,016,384 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2006/05/18 11:12:54 | 000,902,656 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopService.exe -- (MyDesktopWindows)
SRV - [2006/04/21 12:14:00 | 000,450,560 | ---- | M] (Oracle) [Auto | Running] -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopQOS.exe -- (QOSMyDesktop)
SRV - [2006/02/15 11:56:40 | 000,184,320 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe -- (MaxBackServiceInt)
SRV - [2006/02/07 16:10:14 | 000,106,496 | ---- | M] ( ) [Disabled | Stopped] -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe -- (NTService1)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
========== Driver Services (SafeList) ==========
DRV - [2011/11/03 20:33:26 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:30 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/04/29 13:40:52 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2008/04/13 11:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/12/04 17:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/06/27 14:05:52 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007/06/27 14:04:14 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/11/20 16:19:48 | 000,034,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SRS_SSCFilter.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV - [2006/11/01 17:14:41 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/10/01 05:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
DRV - [2006/08/01 02:58:42 | 000,009,600 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2006/04/21 17:06:26 | 002,208,512 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/06/23 09:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/06/10 10:39:20 | 001,694,592 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbusb.sys -- (sbusb)
DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/04/20 10:44:08 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/04/20 10:44:06 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/04/13 09:12:38 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/04/06 16:05:24 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2005/03/04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/01/31 17:23:08 | 000,109,319 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/03 22:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/26 07:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/07/16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/04/04 12:48:06 | 000,013,952 | ---- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic)
DRV - [2003/03/05 13:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2002/09/20 09:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {efcbec50-6821-11db-bd13-0800200c9a66}:0.6.3.1
FF - prefs.js..extensions.enabledItems: {b243fe83-b8a7-47de-855d-21d865243d5d}:0.6
FF - prefs.js..extensions.enabledItems: {e2fda1a4-762b-4020-b5ad-a41df1933103}:1.0b2
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:12.0.0.1806
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2010/10/22 09:39:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/10/05 08:08:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/13 11:51:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\AVG\AVG2012\Thunderbird\ [2011/10/01 12:07:13 | 000,000,000 | ---D | M]
[2011/10/30 11:33:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JeffE\Application Data\Mozilla\Extensions
[2010/02/23 07:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JeffE\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/30 11:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/12 17:54:01 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/08/14 15:52:13 | 000,000,000 | ---D | M] (Folderpane Tools) -- C:\DOCUMENTS AND SETTINGS\JEFFE\APPLICATION DATA\THUNDERBIRD\PROFILES\ZLUTQFZL.DEFAULT\EXTENSIONS\{B243FE83-B8A7-47DE-855D-21D865243D5D}
[2010/08/12 14:59:32 | 000,000,000 | ---D | M] (Lightning) -- C:\DOCUMENTS AND SETTINGS\JEFFE\APPLICATION DATA\THUNDERBIRD\PROFILES\ZLUTQFZL.DEFAULT\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103}
[2010/02/23 16:29:53 | 000,000,000 | ---D | M] (.vcs Support) -- C:\DOCUMENTS AND SETTINGS\JEFFE\APPLICATION DATA\THUNDERBIRD\PROFILES\ZLUTQFZL.DEFAULT\EXTENSIONS\{EFCBEC50-6821-11DB-BD13-0800200C9A66}
[2010/08/14 15:52:20 | 000,000,000 | ---D | M] (ThunderBrowse) -- C:\DOCUMENTS AND SETTINGS\JEFFE\APPLICATION DATA\THUNDERBIRD\PROFILES\ZLUTQFZL.DEFAULT\EXTENSIONS\[email protected]
[2011/10/01 12:07:13 | 000,000,000 | ---D | M] (AVG E-mail Scanner) -- C:\PROGRAM FILES\AVG\AVG2012\THUNDERBIRD
[2006/09/21 13:25:40 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/09/22 11:15:24 | 000,404,992 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/04/14 00:01:38 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\gears.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1320_0\plugins/avgnpss.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Documents and Settings\JeffE\Application Data\Mozilla\plugins\npPxPlay.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: PalmSource Package Installer (Enabled) = C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: AT_ChuckAnderson = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_0\
CHR - Extension: Select To Get Maps = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hinehgnhgiohbfpbpgkjnelkcgdkcgha\1.1.1\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1320_0\
CHR - Extension: Poppit = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
O1 HOSTS File: ([2010/06/17 11:02:25 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SbUsb AudCtrl] C:\WINDOWS\System32\sbusbdll.dll (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1454471165-1801674531-725345543-1007..\Run: [GoodSync] C:\Program Files\Siber Systems\GoodSync\GoodSync.exe ()
O4 - HKU\S-1-5-21-1454471165-1801674531-725345543-1007..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.h...staller_gmn.cab (VerifyGMN Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} https://meeting.juni...oterisSetup.cab (NeoterisSetup Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1154490032718 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.6.0_07)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.mac...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C89C9775-6CB3-4311-9446-ED2004E21E28}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\JeffE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JeffE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/01 17:13:58 | 000,000,000 | R--- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/11/03 20:48:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JeffE\My Documents\OTL.exe
[2011/11/03 19:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeffE\Desktop\RK_Quarantine
[2011/10/29 10:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/10/25 20:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/10/19 07:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/10/15 11:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/10/15 11:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/10/15 11:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/10/08 11:13:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JeffE\Start Menu\Programs\Administrative Tools
[2009/12/04 11:53:39 | 000,059,392 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2008/03/20 16:57:30 | 000,263,680 | ---- | C] (Anonymous) -- C:\Program Files\fu4wm13fixworking.exe
[2007/05/10 09:53:36 | 000,263,680 | ---- | C] (Anonymous) -- C:\Program Files\fu4wm13fix.exe
[2004/07/26 04:16:40 | 001,117,491 | ---- | C] (DVD Shrink ) -- C:\Program Files\dvdshrink32setup.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/11/03 21:11:16 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/03 20:33:26 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/11/03 19:31:36 | 000,065,896 | ---- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/11/03 19:29:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/03 19:26:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/03 19:12:55 | 108,640,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/11/01 04:36:53 | 000,730,112 | ---- | M] () -- C:\Documents and Settings\JeffE\My Documents\RogueKiller.exe
[2011/11/01 04:36:53 | 000,730,112 | ---- | M] () -- C:\Documents and Settings\JeffE\Desktop\RogueKiller.exe
[2011/10/30 11:41:53 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Safari.exe.lnk
[2011/10/30 11:34:37 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to iexplore.exe.lnk
[2011/10/30 11:09:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to wmplayer.exe.lnk
[2011/10/30 11:07:56 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to lightroom.exe.lnk
[2011/10/30 11:07:44 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Photoshop.exe.lnk
[2011/10/30 11:07:23 | 000,000,858 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WINWORD.EXE.lnk
[2011/10/29 15:38:41 | 000,315,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/29 15:32:29 | 000,000,211 | ---- | M] () -- C:\boot.ini
[2011/10/29 15:22:11 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2011/10/29 14:49:11 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/10/29 14:49:11 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/10/29 11:00:20 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/28 06:48:59 | 000,207,140 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/10/26 17:44:01 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2011/10/19 07:21:24 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/10/18 17:25:09 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc8df58f446a52.job
[2011/10/16 06:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JeffE\My Documents\OTL.exe
[2011/10/14 07:39:10 | 000,437,618 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/14 07:39:10 | 000,069,678 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/14 07:21:02 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/11/03 19:36:33 | 000,730,112 | ---- | C] () -- C:\Documents and Settings\JeffE\Desktop\RogueKiller.exe
[2011/11/03 19:32:15 | 000,730,112 | ---- | C] () -- C:\Documents and Settings\JeffE\My Documents\RogueKiller.exe
[2011/11/03 19:22:01 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/10/30 11:41:53 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Safari.exe.lnk
[2011/10/30 11:34:37 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to iexplore.exe.lnk
[2011/10/30 11:09:02 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to wmplayer.exe.lnk
[2011/10/30 11:07:56 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to lightroom.exe.lnk
[2011/10/30 11:07:44 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Photoshop.exe.lnk
[2011/10/30 11:07:23 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WINWORD.EXE.lnk
[2011/10/18 17:25:09 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc8df58f446a52.job
[2011/10/14 07:18:14 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/09/22 22:26:20 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2011/09/22 22:26:08 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2011/08/29 22:26:42 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/08/29 22:26:41 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2010/12/02 19:16:56 | 000,011,363 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Comma Separated Values (Windows).CAL
[2010/11/30 22:06:27 | 000,030,334 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Comma Separated Values (Windows).ADR
[2010/10/14 12:00:17 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2010/10/14 11:57:48 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2010/10/14 11:57:47 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe
[2010/07/03 13:30:16 | 000,239,392 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/30 01:19:23 | 000,001,188 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/05/14 11:46:25 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/05/14 11:31:01 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/03/23 21:36:52 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/19 16:17:54 | 000,015,178 | --S- | C] () -- C:\Documents and Settings\JeffE\Local Settings\Application Data\H5obFSC7MF62.bak
[2010/03/19 16:17:54 | 000,015,178 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\H5obFSC7MF62
[2010/03/05 17:38:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\JeffE\Local Settings\Application Data\prvlcl.dat
[2009/12/04 11:53:38 | 000,012,043 | ---- | C] () -- C:\WINDOWS\System32\SBUSB.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/30 18:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/04/11 11:16:57 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/11/24 23:36:29 | 000,000,235 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008/05/12 17:30:03 | 000,065,896 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/03/20 16:56:26 | 000,090,112 | ---- | C] () -- C:\Program Files\FairUseCommander.exe
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/11/19 20:44:23 | 000,038,868 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2007/11/19 20:44:23 | 000,029,665 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2007/11/19 20:37:49 | 000,038,868 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2007/11/19 20:37:49 | 000,029,665 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2007/10/14 16:37:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/10/08 18:06:26 | 000,000,077 | ---- | C] () -- C:\WINDOWS\WBLOCKSP.INI
[2007/10/08 11:18:02 | 000,000,220 | --S- | C] () -- C:\WINDOWS\System32\ss.drv
[2007/10/08 11:17:34 | 000,000,083 | ---- | C] () -- C:\WINDOWS\WB3USER.INI
[2007/06/27 22:32:30 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/06/19 14:51:00 | 000,003,365 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2007/06/09 11:37:30 | 000,002,951 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2007/04/12 12:02:13 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2007/03/29 11:54:43 | 000,002,002 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/19 16:03:58 | 000,004,511 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2007/03/09 11:52:25 | 010,884,472 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2006/12/27 12:18:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MyDesktopServiceLocal.ini
[2006/12/07 12:35:24 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\$_hpcst$.hpc
[2006/11/24 20:03:24 | 000,090,624 | ---- | C] () -- C:\Documents and Settings\JeffE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/20 16:19:48 | 000,034,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter.sys
[2006/11/20 16:19:44 | 000,044,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys
[2006/11/20 16:19:44 | 000,037,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys
[2006/11/20 16:19:42 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2006/11/03 10:39:20 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/09/21 20:53:41 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/18 10:47:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/11 12:21:43 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\w32mkde.exe
[2006/09/11 12:21:43 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\w32mkrc.dll
[2006/09/07 21:39:22 | 000,000,215 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/02 16:05:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/02 14:05:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/02 14:05:07 | 000,006,461 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/08/02 00:04:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/08/02 00:02:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\wisemsg.dll
[2006/08/01 23:38:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/08/01 23:38:54 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/08/01 23:38:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/08/01 23:38:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/08/01 23:38:54 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/08/01 23:38:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/08/01 21:35:45 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/08/01 17:16:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/01 17:10:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/01 10:05:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/01 10:04:12 | 000,315,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/11/04 10:21:24 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2004/02/25 23:18:04 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004/01/13 19:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/03/31 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 12:00:00 | 000,437,618 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 12:00:00 | 000,069,678 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 11:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 11:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
========== LOP Check ==========
[2011/10/16 11:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/10/01 12:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/10/14 09:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/11 10:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2010/10/14 09:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/08/11 09:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
[2010/10/14 12:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eLicenser
[2006/12/07 17:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/05/17 20:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010/05/30 01:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2011/07/27 18:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoodSync
[2009/08/11 00:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2011/08/29 22:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2006/11/27 17:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2011/05/22 10:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2011/11/03 19:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/12/02 10:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/02/09 12:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2011/09/22 22:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2011/07/18 23:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
[2010/07/23 15:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2011/09/20 23:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/05/10 22:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2007/02/05 12:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRS Labs
[2010/10/14 12:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steinberg
[2010/10/14 12:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2011/04/14 00:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/04/17 13:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/05/26 11:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/09/21 20:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/25 07:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2010/01/07 15:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/10/11 10:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{902029B2-957E-4066-85FA-30DA31731718}
[2010/10/11 10:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}
[2007/01/31 22:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\allTunes
[2011/04/10 11:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Amazon
[2011/10/01 12:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\AVG2012
[2010/03/02 15:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\AVG9
[2011/09/20 23:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Blackberry Desktop
[2010/10/11 10:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Cakewalk
[2010/06/04 22:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Canon
[2010/06/25 16:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/16 21:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\com.amazon.music.uploader
[2010/06/25 16:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2007/04/03 21:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\dBpoweramp
[2009/12/04 22:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Desktopicon
[2011/08/29 19:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Dropbox
[2010/10/24 17:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\foobar2000
[2011/11/03 18:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\GoodSync
[2007/11/20 11:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\gtk-2.0
[2009/08/11 00:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\HotSync
[2006/12/08 14:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\InterVideo
[2011/08/29 22:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\IObit
[2011/07/22 21:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Jumping Bytes
[2010/03/02 09:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Launchy
[2010/04/22 22:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Mobipocket
[2006/11/26 18:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Netscape
[2010/02/10 12:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\NVD
[2006/12/16 11:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\OfficeUpdate12
[2009/10/12 11:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\OpenOffice.org
[2006/12/18 16:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Opera
[2007/10/31 13:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Photodex
[2011/10/11 21:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\PrimoPDF
[2008/04/27 08:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\REAPER
[2011/09/20 23:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Research In Motion
[2006/11/24 20:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Snapfish
[2010/03/01 12:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\SoftGrid Client
[2011/02/06 12:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Spacejock Software
[2010/10/14 12:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Steinberg
[2011/09/22 22:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\TaxCut
[2010/02/23 07:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Thunderbird
[2010/01/18 17:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\TP
[2011/10/02 12:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\uTorrent
[2010/10/16 18:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\VST3 Presets
[2010/05/27 10:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\W Photo Studio Viewer
[2011/04/14 00:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\WINPUMP
[2011/10/01 12:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romy\Application Data\AVG2012
[2011/06/28 16:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romy\Application Data\HotSync
[2011/07/24 18:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romy\Application Data\Jumping Bytes
[2011/09/26 19:23:59 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\GoodSync - Writing.job
[2011/08/21 22:00:01 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2011/09/01 18:22:10 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2010/06/04 12:23:14 | 000,000,286 | ---- | M] () -- C:\FLVDirect.exe
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2009/10/07 11:40:17 | 000,053,248 | R--- | M] (Stephan Schreiber) -- C:\mountdiag.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 00:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
< MD5 for: SVCHOST.EXE >
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 00:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004/08/04 00:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< C:\Windows\assembly\tmp\U\*.* /s >
========== Alternate Data Streams ==========
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
Extras.txt
OTL Extras logfile created on: 11/3/2011 8:53:02 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\JeffE\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.41 Mb Total Physical Memory | 211.34 Mb Available Physical Memory | 20.83% Memory free
2.38 Gb Paging File | 1.05 Gb Available in Paging File | 43.98% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 14.02 Gb Free Space | 4.70% Space Free | Partition Type: NTFS
Computer Name: COMPAQLAPTOP | User Name: JeffE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-1454471165-1801674531-725345543-1007\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Renamer] -- C:\Program Files\Renamer\Renamer.exe %0 (Frilans)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"33333:TCP" = 33333:TCP:*:Enabled:GoodSync Server incoming connections
"33338:UDP" = 33338:UDP:*:Enabled:GoodSync Server LAN discovery
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\sboffice\sbclient\sbopen\BIN\sbclient.exe" = C:\sboffice\sbclient\sbopen\BIN\sbclient.exe:*:Enabled:SBDESK
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\sboffice\sbclient\sbopen\BIN\sbclient.exe" = C:\sboffice\sbclient\sbopen\BIN\sbclient.exe:*:Enabled:SBDESK
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004 -- (Macromedia, Inc.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\Documents and Settings\JeffE\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\JeffE\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\Siber Systems\GoodSync\GoodSync.exe" = C:\Program Files\Siber Systems\GoodSync\GoodSync.exe:*:Enabled:GoodSync -- ()
"C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe" = C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe:*:Enabled:GoodSync Explorer -- ()
"C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe" = C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe:*:Enabled:GoodSync Server -- ()
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\MusicRoom Server\MusicRoomServer.exe" = C:\Program Files\MusicRoom Server\MusicRoomServer.exe:*:Enabled:MusicRoom Server -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D3BDAF-C064-4821-89C5-89105F6C738E}" = Portfolio Browser
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0DC00F90-E7E7-4B19-959A-0A53032DA52C}" = Documents To Go
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18E0918E-1060-48f3-925C-56C82E88551B}" = HP PSC & OfficeJet 3.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{33691AFF-9ABF-4278-BDB6-902EE07D9237}" = Native Instruments Guitar Rig 3
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 C1
"{47C25360-AEBC-4B21-B233-87CE653B3369}" = AIOMinimal
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4AC3BEAD-0906-4676-BF85-12306330A66C}" = StickyPad
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.40
"{50C78780-1A54-4A5C-B3A7-FF828C62C5C2}" = Steinberg Cubase LE 5
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}" = Maxtor OneTouch III
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 1.00 A7
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6DA0B8BE-3735-4287-AF4D-B8DE088D0AA7}" = AVG 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7AEBFFF0-15A1-48A9-88F3-06604486C7C9}" = WMPTagSupportExtender
"{819BD55B-732F-45C0-A34A-9EC8B6DE83DF}" = PureSync
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84F1DAC1-E1BF-4A21-9D2B-DD3E12686A2C}" = Read in Microsoft Reader Add-in for Microsoft Word
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{939740B5-0064-4779-854A-8C1086181C05}" = Macromedia FreeHand MXa
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95C42225-F0E2-4480-AD65-560D854F252E}" = Palm Desktop by ACCESS
"{98BD9EA5-2DF2-445C-8C8D-057F55B3C633}" = AVG 2012
"{9A0F591C-6ACB-225D-7CEE-4C5F9BEFEB7D}" = Amazon MP3 Uploader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}" = Maxtor Backup
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FBDF580-E37F-4DEE-8F2E-75A8E8716AAD}" = H&R Block California 2010
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4DB0F6C-851E-44E3-82EF-40D1C215A5FD}" = Maxtor Encryption
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA9D879B-0F98-4059-85A5-D05718A1D6F7}" = Creative ZEN V Series
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AC76D478-1033-0000-3478-000000000003}" = Adobe® PDF Creation Add-On
"{AEC20FEC-47D8-4DEA-85D7-0B7E5D905D11}" = AiO_Scan
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0513493-04B9-4F21-B4AB-83E750D54256}" = Adobe Photoshop Lightroom 2.7
"{B1C0D829-FE30-059E-E93F-CDC7A48235C0}" = FlipShare
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync-Beta
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C04D5974-F528-4347-A494-EAF56124CC1A}" = Steinberg HALionOne Essential Set
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C93369CB-B4E9-E095-9289-E6B5AE941033}" = Nero 7 Demo
"{CBD55377-3FEA-4A93-A877-DB87B6C6C990}" = Logitech Harmony Remote Software 7
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{DF15059E-A356-47B2-B14B-6380ED32AB68}" = Microsoft Baseline Security Analyzer 1.2.1
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EF901A4B-A25A-4962-83C6-C6691D062ED9}" = Nero Mega Plugin Pack
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F3666943-0411-41D1-8015-8B572B6E91A7}" = SyncToy 2.0 Beta
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = TIxx21
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe® PDF Creation Add-On" = Adobe® PDF Creation Add-On
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"AVG" = AVG 2012
"Birthdays" = Birthdays
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon Digital Camera USB WIA Driver" = Canon Digital Camera USB WIA Driver
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"CD-DA X-Tractor_is1" = CD-DA X-Tractor v0.24
"Cisco VPN Client 4.8" = Cisco VPN Client 4.8
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.amazon.music.uploader" = Amazon MP3 Uploader
"Creative Audio Pack" = Creative Audio Pack
"CutePDF Writer Installation" = CutePDF Writer 2.8
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"DPP" = Canon Utilities Digital Photo Professional 3.7
"DVD Decrypter" = DVD Decrypter (Remove Only)
"eBay Icon" = eBay Icon
"eLicenser Control" = eLicenser Control
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"ffdshow_is1" = ffdshow [rev 1288] [2007-06-15]
"FLAC" = FLAC 1.2.1b (remove only)
"foobar2000" = foobar2000 v1.0
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}" = Maxtor OneTouch III
"InstallShield_{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}" = Maxtor Backup
"InstallShield_{A4DB0F6C-851E-44E3-82EF-40D1C215A5FD}" = Maxtor Encryption
"InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = Texas Instruments PCIxx21/x515 drivers.
"M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player_is1" = M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"MP3 Player Recovery Tool_is1" = MP3 Player Recovery Tool
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MusicRoom Server" = MusicRoom Server
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"Native Instruments Service Center" = Native Instruments Service Center
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Ogg Codecs" = Ogg Codecs 0.81.15562
"OpenVPN" = OpenVPN 2.0.9
"Orb" = Winamp Remote
"Personal Printing Guide" = Canon Personal Printing Guide
"Photodex Presenter" = Photodex Presenter
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"ProShow Gold" = ProShow Gold
"PureSync" = PureSync 3.1.2
"QuickTime32" = QuickTime for Windows (32-bit)
"RealVNC_is1" = VNC Free Edition 4.1.2
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Renamer" = Renamer (remove only)
"Scrivener 024" = Scrivener
"Smart Defrag 2_is1" = Smart Defrag 2
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"SONAR85Producer_is1" = SONAR 8.5 Producer
"SONAR8Producer_is1" = SONAR 8.0 Producer Edition
"SysInfo" = Creative System Information
"Tweak UI 2.10" = Tweak UI
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGTK-2_is1" = GTK+ 2.10.6-1 runtime environment
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Write Again! Professional" = Write Again! Professional
"Writer's Blocks" = Writer's Blocks
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
"ZENcast Organizer" = ZENcast Organizer
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1454471165-1801674531-725345543-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Detector Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/23/2011 11:23:39 AM | Computer Name = COMPAQLAPTOP | Source = Microsoft Fax | ID = 32012
Description = The attempt to send the fax failed. There was no answer. This fax
will not be sent, because the maximum number of retries has been exhausted. Sender:
Jeff. Billing code: . Sender company: . Sender dept: . Recipient name: Tina Stybr,
Wells Fargo. Recipient number: 1 877 3976498. Device name: Agere Systems AC'97
Modem.
Error - 9/24/2011 5:00:11 PM | Computer Name = COMPAQLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application foobar2000_uninstall.exe, version 1.0.0.0, faulting
module system.dll, version 0.0.0.0, fault address 0x000018ed.
Error - 9/24/2011 5:00:23 PM | Computer Name = COMPAQLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application foobar2000_uninstall.exe, version 1.0.0.0, faulting
module system.dll, version 0.0.0.0, fault address 0x000018ed.
Error - 10/14/2011 10:41:58 AM | Computer Name = COMPAQLAPTOP | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
. Error code = 0x80070020
Error - 10/22/2011 3:29:58 PM | Computer Name = COMPAQLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3909, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.
Error - 10/24/2011 8:33:06 PM | Computer Name = COMPAQLAPTOP | Source = ESENT | ID = 490
Description = wuauclt (5972) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).
Error - 10/24/2011 11:48:02 PM | Computer Name = COMPAQLAPTOP | Source = ESENT | ID = 490
Description = wuauclt (4668) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).
Error - 10/25/2011 8:43:17 PM | Computer Name = COMPAQLAPTOP | Source = ESENT | ID = 490
Description = wuauclt (2116) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).
Error - 10/25/2011 8:43:31 PM | Computer Name = COMPAQLAPTOP | Source = ESENT | ID = 490
Description = wuauclt (372) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).
Error - 10/29/2011 5:01:27 AM | Computer Name = COMPAQLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module comctl32.dll, version 6.0.2900.6028, fault address 0x00046f4e.
[ System Events ]
Error - 10/29/2011 6:42:16 PM | Computer Name = COMPAQLAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde
Error - 10/29/2011 6:42:46 PM | Computer Name = COMPAQLAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.
Error - 10/29/2011 6:42:46 PM | Computer Name = COMPAQLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053
Error - 10/29/2011 6:42:50 PM | Computer Name = COMPAQLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
Error - 10/29/2011 7:47:47 PM | Computer Name = COMPAQLAPTOP | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.
Error - 10/29/2011 7:47:47 PM | Computer Name = COMPAQLAPTOP | Source = Service Control Manager | ID = 7001
Description = The Canon Camera Access Library 8 service depends on the Windows Image
Acquisition (WIA) service which failed to start because of the following error:
%%1070
Error - 11/3/2011 9:53:21 PM | Computer Name = COMPAQLAPTOP | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.
Error - 11/3/2011 9:53:21 PM | Computer Name = COMPAQLAPTOP | Source = Service Control Manager | ID = 7001
Description = The Canon Camera Access Library 8 service depends on the Windows Image
Acquisition (WIA) service which failed to start because of the following error:
%%1070
Error - 11/3/2011 10:29:44 PM | Computer Name = COMPAQLAPTOP | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.
Error - 11/3/2011 10:29:44 PM | Computer Name = COMPAQLAPTOP | Source = Service Control Manager | ID = 7001
Description = The Canon Camera Access Library 8 service depends on the Windows Image
Acquisition (WIA) service which failed to start because of the following error:
%%1070
< End of report >
OTL.txt
OTL logfile created on: 11/3/2011 8:53:02 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\JeffE\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.41 Mb Total Physical Memory | 211.34 Mb Available Physical Memory | 20.83% Memory free
2.38 Gb Paging File | 1.05 Gb Available in Paging File | 43.98% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 14.02 Gb Free Space | 4.70% Space Free | Partition Type: NTFS
Computer Name: COMPAQLAPTOP | User Name: JeffE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/10/16 06:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JeffE\My Documents\OTL.exe
PRC - [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/09/21 19:53:12 | 000,973,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/13 06:32:40 | 001,227,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/20 15:07:38 | 005,382,072 | ---- | M] () -- C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
PRC - [2011/07/20 15:00:34 | 002,674,688 | ---- | M] () -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | R-S- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/31 13:17:50 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold 3\scsiaccess.exe
PRC - [2006/05/18 11:12:54 | 000,902,656 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopService.exe
PRC - [2006/04/21 12:14:00 | 000,450,560 | ---- | M] (Oracle) -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopQOS.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
========== Modules (No Company Name) ==========
MOD - [2011/07/20 15:07:38 | 005,382,072 | ---- | M] () -- C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
MOD - [2011/07/20 15:00:34 | 002,674,688 | ---- | M] () -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/25 09:49:42 | 002,463,048 | ---- | M] () -- C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/09/22 21:12:20 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
MOD - [2010/05/14 12:49:36 | 002,519,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll
MOD - [2010/05/14 12:41:42 | 000,708,608 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll
MOD - [2010/05/14 12:38:30 | 006,443,008 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll
MOD - [2010/05/14 12:38:30 | 001,581,056 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll
MOD - [2010/05/14 12:38:30 | 000,356,352 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll
MOD - [2010/05/14 12:38:30 | 000,188,416 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll
MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2009/07/30 18:44:14 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2007/10/31 13:17:50 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold 3\scsiaccess.exe
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (Dhcense)
SRV - [2011/10/01 12:08:47 | 000,246,600 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/20 15:00:34 | 002,674,688 | ---- | M] () [Auto | Running] -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe -- (GsServer)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/07/18 12:56:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2007/10/31 13:17:50 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold 3\scsiaccess.exe -- (ScsiAccess)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/23 10:47:23 | 000,069,632 | ---- | M] (Macromedia) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2006/12/22 08:31:50 | 000,108,712 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/10/01 05:37:42 | 000,016,384 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2006/05/18 11:12:54 | 000,902,656 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopService.exe -- (MyDesktopWindows)
SRV - [2006/04/21 12:14:00 | 000,450,560 | ---- | M] (Oracle) [Auto | Running] -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopQOS.exe -- (QOSMyDesktop)
SRV - [2006/02/15 11:56:40 | 000,184,320 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe -- (MaxBackServiceInt)
SRV - [2006/02/07 16:10:14 | 000,106,496 | ---- | M] ( ) [Disabled | Stopped] -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe -- (NTService1)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
========== Driver Services (SafeList) ==========
DRV - [2011/11/03 20:33:26 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:30 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/04/29 13:40:52 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2008/04/13 11:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/12/04 17:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/06/27 14:05:52 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007/06/27 14:04:14 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/11/20 16:19:48 | 000,034,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SRS_SSCFilter.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV - [2006/11/01 17:14:41 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/10/01 05:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
DRV - [2006/08/01 02:58:42 | 000,009,600 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2006/04/21 17:06:26 | 002,208,512 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/06/23 09:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/06/10 10:39:20 | 001,694,592 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbusb.sys -- (sbusb)
DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/04/20 10:44:08 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/04/20 10:44:06 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/04/13 09:12:38 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/04/06 16:05:24 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2005/03/04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/01/31 17:23:08 | 000,109,319 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/03 22:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/26 07:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/07/16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/04/04 12:48:06 | 000,013,952 | ---- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic)
DRV - [2003/03/05 13:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2002/09/20 09:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {efcbec50-6821-11db-bd13-0800200c9a66}:0.6.3.1
FF - prefs.js..extensions.enabledItems: {b243fe83-b8a7-47de-855d-21d865243d5d}:0.6
FF - prefs.js..extensions.enabledItems: {e2fda1a4-762b-4020-b5ad-a41df1933103}:1.0b2
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:12.0.0.1806
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2010/10/22 09:39:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/10/05 08:08:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/13 11:51:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\AVG\AVG2012\Thunderbird\ [2011/10/01 12:07:13 | 000,000,000 | ---D | M]
[2011/10/30 11:33:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JeffE\Application Data\Mozilla\Extensions
[2010/02/23 07:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JeffE\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/30 11:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/12 17:54:01 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/08/14 15:52:13 | 000,000,000 | ---D | M] (Folderpane Tools) -- C:\DOCUMENTS AND SETTINGS\JEFFE\APPLICATION DATA\THUNDERBIRD\PROFILES\ZLUTQFZL.DEFAULT\EXTENSIONS\{B243FE83-B8A7-47DE-855D-21D865243D5D}
[2010/08/12 14:59:32 | 000,000,000 | ---D | M] (Lightning) -- C:\DOCUMENTS AND SETTINGS\JEFFE\APPLICATION DATA\THUNDERBIRD\PROFILES\ZLUTQFZL.DEFAULT\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103}
[2010/02/23 16:29:53 | 000,000,000 | ---D | M] (.vcs Support) -- C:\DOCUMENTS AND SETTINGS\JEFFE\APPLICATION DATA\THUNDERBIRD\PROFILES\ZLUTQFZL.DEFAULT\EXTENSIONS\{EFCBEC50-6821-11DB-BD13-0800200C9A66}
[2010/08/14 15:52:20 | 000,000,000 | ---D | M] (ThunderBrowse) -- C:\DOCUMENTS AND SETTINGS\JEFFE\APPLICATION DATA\THUNDERBIRD\PROFILES\ZLUTQFZL.DEFAULT\EXTENSIONS\[email protected]
[2011/10/01 12:07:13 | 000,000,000 | ---D | M] (AVG E-mail Scanner) -- C:\PROGRAM FILES\AVG\AVG2012\THUNDERBIRD
[2006/09/21 13:25:40 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/09/22 11:15:24 | 000,404,992 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/04/14 00:01:38 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\gears.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1320_0\plugins/avgnpss.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Documents and Settings\JeffE\Application Data\Mozilla\plugins\npPxPlay.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: PalmSource Package Installer (Enabled) = C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: AT_ChuckAnderson = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_0\
CHR - Extension: Select To Get Maps = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hinehgnhgiohbfpbpgkjnelkcgdkcgha\1.1.1\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1320_0\
CHR - Extension: Poppit = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
O1 HOSTS File: ([2010/06/17 11:02:25 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SbUsb AudCtrl] C:\WINDOWS\System32\sbusbdll.dll (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1454471165-1801674531-725345543-1007..\Run: [GoodSync] C:\Program Files\Siber Systems\GoodSync\GoodSync.exe ()
O4 - HKU\S-1-5-21-1454471165-1801674531-725345543-1007..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.h...staller_gmn.cab (VerifyGMN Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} https://meeting.juni...oterisSetup.cab (NeoterisSetup Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1154490032718 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.6.0_07)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.mac...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C89C9775-6CB3-4311-9446-ED2004E21E28}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\JeffE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JeffE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/01 17:13:58 | 000,000,000 | R--- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/11/03 20:48:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JeffE\My Documents\OTL.exe
[2011/11/03 19:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeffE\Desktop\RK_Quarantine
[2011/10/29 10:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/10/25 20:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/10/19 07:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/10/15 11:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/10/15 11:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/10/15 11:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/10/08 11:13:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JeffE\Start Menu\Programs\Administrative Tools
[2009/12/04 11:53:39 | 000,059,392 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2008/03/20 16:57:30 | 000,263,680 | ---- | C] (Anonymous) -- C:\Program Files\fu4wm13fixworking.exe
[2007/05/10 09:53:36 | 000,263,680 | ---- | C] (Anonymous) -- C:\Program Files\fu4wm13fix.exe
[2004/07/26 04:16:40 | 001,117,491 | ---- | C] (DVD Shrink ) -- C:\Program Files\dvdshrink32setup.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/11/03 21:11:16 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/03 20:33:26 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/11/03 19:31:36 | 000,065,896 | ---- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/11/03 19:29:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/03 19:26:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/03 19:12:55 | 108,640,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/11/01 04:36:53 | 000,730,112 | ---- | M] () -- C:\Documents and Settings\JeffE\My Documents\RogueKiller.exe
[2011/11/01 04:36:53 | 000,730,112 | ---- | M] () -- C:\Documents and Settings\JeffE\Desktop\RogueKiller.exe
[2011/10/30 11:41:53 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Safari.exe.lnk
[2011/10/30 11:34:37 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to iexplore.exe.lnk
[2011/10/30 11:09:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to wmplayer.exe.lnk
[2011/10/30 11:07:56 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to lightroom.exe.lnk
[2011/10/30 11:07:44 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Photoshop.exe.lnk
[2011/10/30 11:07:23 | 000,000,858 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WINWORD.EXE.lnk
[2011/10/29 15:38:41 | 000,315,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/29 15:32:29 | 000,000,211 | ---- | M] () -- C:\boot.ini
[2011/10/29 15:22:11 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2011/10/29 14:49:11 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/10/29 14:49:11 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/10/29 11:00:20 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/28 06:48:59 | 000,207,140 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/10/26 17:44:01 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2011/10/19 07:21:24 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/10/18 17:25:09 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc8df58f446a52.job
[2011/10/16 06:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JeffE\My Documents\OTL.exe
[2011/10/14 07:39:10 | 000,437,618 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/14 07:39:10 | 000,069,678 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/14 07:21:02 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/11/03 19:36:33 | 000,730,112 | ---- | C] () -- C:\Documents and Settings\JeffE\Desktop\RogueKiller.exe
[2011/11/03 19:32:15 | 000,730,112 | ---- | C] () -- C:\Documents and Settings\JeffE\My Documents\RogueKiller.exe
[2011/11/03 19:22:01 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/10/30 11:41:53 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Safari.exe.lnk
[2011/10/30 11:34:37 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to iexplore.exe.lnk
[2011/10/30 11:09:02 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to wmplayer.exe.lnk
[2011/10/30 11:07:56 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to lightroom.exe.lnk
[2011/10/30 11:07:44 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Photoshop.exe.lnk
[2011/10/30 11:07:23 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WINWORD.EXE.lnk
[2011/10/18 17:25:09 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc8df58f446a52.job
[2011/10/14 07:18:14 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/09/22 22:26:20 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2011/09/22 22:26:08 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2011/08/29 22:26:42 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/08/29 22:26:41 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2010/12/02 19:16:56 | 000,011,363 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Comma Separated Values (Windows).CAL
[2010/11/30 22:06:27 | 000,030,334 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Comma Separated Values (Windows).ADR
[2010/10/14 12:00:17 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2010/10/14 11:57:48 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2010/10/14 11:57:47 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe
[2010/07/03 13:30:16 | 000,239,392 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/30 01:19:23 | 000,001,188 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/05/14 11:46:25 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/05/14 11:31:01 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/03/23 21:36:52 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/19 16:17:54 | 000,015,178 | --S- | C] () -- C:\Documents and Settings\JeffE\Local Settings\Application Data\H5obFSC7MF62.bak
[2010/03/19 16:17:54 | 000,015,178 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\H5obFSC7MF62
[2010/03/05 17:38:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\JeffE\Local Settings\Application Data\prvlcl.dat
[2009/12/04 11:53:38 | 000,012,043 | ---- | C] () -- C:\WINDOWS\System32\SBUSB.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/30 18:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/04/11 11:16:57 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/11/24 23:36:29 | 000,000,235 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008/05/12 17:30:03 | 000,065,896 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/03/20 16:56:26 | 000,090,112 | ---- | C] () -- C:\Program Files\FairUseCommander.exe
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/11/19 20:44:23 | 000,038,868 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2007/11/19 20:44:23 | 000,029,665 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2007/11/19 20:37:49 | 000,038,868 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2007/11/19 20:37:49 | 000,029,665 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2007/10/14 16:37:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/10/08 18:06:26 | 000,000,077 | ---- | C] () -- C:\WINDOWS\WBLOCKSP.INI
[2007/10/08 11:18:02 | 000,000,220 | --S- | C] () -- C:\WINDOWS\System32\ss.drv
[2007/10/08 11:17:34 | 000,000,083 | ---- | C] () -- C:\WINDOWS\WB3USER.INI
[2007/06/27 22:32:30 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/06/19 14:51:00 | 000,003,365 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2007/06/09 11:37:30 | 000,002,951 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2007/04/12 12:02:13 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2007/03/29 11:54:43 | 000,002,002 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/19 16:03:58 | 000,004,511 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2007/03/09 11:52:25 | 010,884,472 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2006/12/27 12:18:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MyDesktopServiceLocal.ini
[2006/12/07 12:35:24 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\$_hpcst$.hpc
[2006/11/24 20:03:24 | 000,090,624 | ---- | C] () -- C:\Documents and Settings\JeffE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/20 16:19:48 | 000,034,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter.sys
[2006/11/20 16:19:44 | 000,044,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys
[2006/11/20 16:19:44 | 000,037,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys
[2006/11/20 16:19:42 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2006/11/03 10:39:20 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/09/21 20:53:41 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/18 10:47:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/11 12:21:43 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\w32mkde.exe
[2006/09/11 12:21:43 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\w32mkrc.dll
[2006/09/07 21:39:22 | 000,000,215 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/02 16:05:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/02 14:05:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/02 14:05:07 | 000,006,461 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/08/02 00:04:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/08/02 00:02:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\wisemsg.dll
[2006/08/01 23:38:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/08/01 23:38:54 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/08/01 23:38:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/08/01 23:38:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/08/01 23:38:54 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/08/01 23:38:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/08/01 21:35:45 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/08/01 17:16:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/01 17:10:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/01 10:05:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/01 10:04:12 | 000,315,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/11/04 10:21:24 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2004/02/25 23:18:04 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004/01/13 19:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/03/31 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 12:00:00 | 000,437,618 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 12:00:00 | 000,069,678 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 11:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 11:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
========== LOP Check ==========
[2011/10/16 11:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/10/01 12:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/10/14 09:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/11 10:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2010/10/14 09:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/08/11 09:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
[2010/10/14 12:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eLicenser
[2006/12/07 17:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/05/17 20:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010/05/30 01:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2011/07/27 18:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoodSync
[2009/08/11 00:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2011/08/29 22:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2006/11/27 17:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2011/05/22 10:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2011/11/03 19:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/12/02 10:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/02/09 12:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2011/09/22 22:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2011/07/18 23:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
[2010/07/23 15:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2011/09/20 23:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/05/10 22:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2007/02/05 12:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRS Labs
[2010/10/14 12:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steinberg
[2010/10/14 12:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2011/04/14 00:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/04/17 13:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/05/26 11:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/09/21 20:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/25 07:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2010/01/07 15:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/10/11 10:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{902029B2-957E-4066-85FA-30DA31731718}
[2010/10/11 10:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}
[2007/01/31 22:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\allTunes
[2011/04/10 11:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Amazon
[2011/10/01 12:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\AVG2012
[2010/03/02 15:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\AVG9
[2011/09/20 23:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Blackberry Desktop
[2010/10/11 10:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Cakewalk
[2010/06/04 22:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Canon
[2010/06/25 16:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/16 21:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\com.amazon.music.uploader
[2010/06/25 16:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2007/04/03 21:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\dBpoweramp
[2009/12/04 22:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Desktopicon
[2011/08/29 19:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Dropbox
[2010/10/24 17:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\foobar2000
[2011/11/03 18:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\GoodSync
[2007/11/20 11:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\gtk-2.0
[2009/08/11 00:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\HotSync
[2006/12/08 14:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\InterVideo
[2011/08/29 22:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\IObit
[2011/07/22 21:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Jumping Bytes
[2010/03/02 09:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Launchy
[2010/04/22 22:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Mobipocket
[2006/11/26 18:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Netscape
[2010/02/10 12:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\NVD
[2006/12/16 11:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\OfficeUpdate12
[2009/10/12 11:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\OpenOffice.org
[2006/12/18 16:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Opera
[2007/10/31 13:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Photodex
[2011/10/11 21:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\PrimoPDF
[2008/04/27 08:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\REAPER
[2011/09/20 23:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Research In Motion
[2006/11/24 20:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Snapfish
[2010/03/01 12:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\SoftGrid Client
[2011/02/06 12:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Spacejock Software
[2010/10/14 12:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Steinberg
[2011/09/22 22:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\TaxCut
[2010/02/23 07:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Thunderbird
[2010/01/18 17:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\TP
[2011/10/02 12:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\uTorrent
[2010/10/16 18:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\VST3 Presets
[2010/05/27 10:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\W Photo Studio Viewer
[2011/04/14 00:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\WINPUMP
[2011/10/01 12:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romy\Application Data\AVG2012
[2011/06/28 16:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romy\Application Data\HotSync
[2011/07/24 18:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romy\Application Data\Jumping Bytes
[2011/09/26 19:23:59 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\GoodSync - Writing.job
[2011/08/21 22:00:01 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2011/09/01 18:22:10 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2010/06/04 12:23:14 | 000,000,286 | ---- | M] () -- C:\FLVDirect.exe
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2009/10/07 11:40:17 | 000,053,248 | R--- | M] (Stephan Schreiber) -- C:\mountdiag.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 00:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
< MD5 for: SVCHOST.EXE >
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 00:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004/08/04 00:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< C:\Windows\assembly\tmp\U\*.* /s >
========== Alternate Data Streams ==========
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
Extras.txt
OTL Extras logfile created on: 11/3/2011 8:53:02 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\JeffE\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.41 Mb Total Physical Memory | 211.34 Mb Available Physical Memory | 20.83% Memory free
2.38 Gb Paging File | 1.05 Gb Available in Paging File | 43.98% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 14.02 Gb Free Space | 4.70% Space Free | Partition Type: NTFS
Computer Name: COMPAQLAPTOP | User Name: JeffE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-1454471165-1801674531-725345543-1007\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Renamer] -- C:\Program Files\Renamer\Renamer.exe %0 (Frilans)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"33333:TCP" = 33333:TCP:*:Enabled:GoodSync Server incoming connections
"33338:UDP" = 33338:UDP:*:Enabled:GoodSync Server LAN discovery
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\sboffice\sbclient\sbopen\BIN\sbclient.exe" = C:\sboffice\sbclient\sbopen\BIN\sbclient.exe:*:Enabled:SBDESK
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\sboffice\sbclient\sbopen\BIN\sbclient.exe" = C:\sboffice\sbclient\sbopen\BIN\sbclient.exe:*:Enabled:SBDESK
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004 -- (Macromedia, Inc.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\Documents and Settings\JeffE\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\JeffE\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\Siber Systems\GoodSync\GoodSync.exe" = C:\Program Files\Siber Systems\GoodSync\GoodSync.exe:*:Enabled:GoodSync -- ()
"C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe" = C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe:*:Enabled:GoodSync Explorer -- ()
"C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe" = C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe:*:Enabled:GoodSync Server -- ()
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\MusicRoom Server\MusicRoomServer.exe" = C:\Program Files\MusicRoom Server\MusicRoomServer.exe:*:Enabled:MusicRoom Server -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D3BDAF-C064-4821-89C5-89105F6C738E}" = Portfolio Browser
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0DC00F90-E7E7-4B19-959A-0A53032DA52C}" = Documents To Go
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18E0918E-1060-48f3-925C-56C82E88551B}" = HP PSC & OfficeJet 3.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{33691AFF-9ABF-4278-BDB6-902EE07D9237}" = Native Instruments Guitar Rig 3
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 C1
"{47C25360-AEBC-4B21-B233-87CE653B3369}" = AIOMinimal
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4AC3BEAD-0906-4676-BF85-12306330A66C}" = StickyPad
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.40
"{50C78780-1A54-4A5C-B3A7-FF828C62C5C2}" = Steinberg Cubase LE 5
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}" = Maxtor OneTouch III
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 1.00 A7
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6DA0B8BE-3735-4287-AF4D-B8DE088D0AA7}" = AVG 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7AEBFFF0-15A1-48A9-88F3-06604486C7C9}" = WMPTagSupportExtender
"{819BD55B-732F-45C0-A34A-9EC8B6DE83DF}" = PureSync
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84F1DAC1-E1BF-4A21-9D2B-DD3E12686A2C}" = Read in Microsoft Reader Add-in for Microsoft Word
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{939740B5-0064-4779-854A-8C1086181C05}" = Macromedia FreeHand MXa
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95C42225-F0E2-4480-AD65-560D854F252E}" = Palm Desktop by ACCESS
"{98BD9EA5-2DF2-445C-8C8D-057F55B3C633}" = AVG 2012
"{9A0F591C-6ACB-225D-7CEE-4C5F9BEFEB7D}" = Amazon MP3 Uploader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}" = Maxtor Backup
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FBDF580-E37F-4DEE-8F2E-75A8E8716AAD}" = H&R Block California 2010
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4DB0F6C-851E-44E3-82EF-40D1C215A5FD}" = Maxtor Encryption
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA9D879B-0F98-4059-85A5-D05718A1D6F7}" = Creative ZEN V Series
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AC76D478-1033-0000-3478-000000000003}" = Adobe® PDF Creation Add-On
"{AEC20FEC-47D8-4DEA-85D7-0B7E5D905D11}" = AiO_Scan
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0513493-04B9-4F21-B4AB-83E750D54256}" = Adobe Photoshop Lightroom 2.7
"{B1C0D829-FE30-059E-E93F-CDC7A48235C0}" = FlipShare
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync-Beta
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C04D5974-F528-4347-A494-EAF56124CC1A}" = Steinberg HALionOne Essential Set
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C93369CB-B4E9-E095-9289-E6B5AE941033}" = Nero 7 Demo
"{CBD55377-3FEA-4A93-A877-DB87B6C6C990}" = Logitech Harmony Remote Software 7
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{DF15059E-A356-47B2-B14B-6380ED32AB68}" = Microsoft Baseline Security Analyzer 1.2.1
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EF901A4B-A25A-4962-83C6-C6691D062ED9}" = Nero Mega Plugin Pack
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F3666943-0411-41D1-8015-8B572B6E91A7}" = SyncToy 2.0 Beta
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = TIxx21
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe® PDF Creation Add-On" = Adobe® PDF Creation Add-On
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"AVG" = AVG 2012
"Birthdays" = Birthdays
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon Digital Camera USB WIA Driver" = Canon Digital Camera USB WIA Driver
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"CD-DA X-Tractor_is1" = CD-DA X-Tractor v0.24
"Cisco VPN Client 4.8" = Cisco VPN Client 4.8
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.amazon.music.uploader" = Amazon MP3 Uploader
"Creative Audio Pack" = Creative Audio Pack
"CutePDF Writer Installation" = CutePDF Writer 2.8
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"DPP" = Canon Utilities Digital Photo Professional 3.7
"DVD Decrypter" = DVD Decrypter (Remove Only)
"eBay Icon" = eBay Icon
"eLicenser Control" = eLicenser Control
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"ffdshow_is1" = ffdshow [rev 1288] [2007-06-15]
"FLAC" = FLAC 1.2.1b (remove only)
"foobar2000" = foobar2000 v1.0
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}" = Maxtor OneTouch III
"InstallShield_{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}" = Maxtor Backup
"InstallShield_{A4DB0F6C-851E-44E3-82EF-40D1C215A5FD}" = Maxtor Encryption
"InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = Texas Instruments PCIxx21/x515 drivers.
"M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player_is1" = M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"MP3 Player Recovery Tool_is1" = MP3 Player Recovery Tool
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MusicRoom Server" = MusicRoom Server
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"Native Instruments Service Center" = Native Instruments Service Center
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Ogg Codecs" = Ogg Codecs 0.81.15562
"OpenVPN" = OpenVPN 2.0.9
"Orb" = Winamp Remote
"Personal Printing Guide" = Canon Personal Printing Guide
"Photodex Presenter" = Photodex Presenter
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"ProShow Gold" = ProShow Gold
"PureSync" = PureSync 3.1.2
"QuickTime32" = QuickTime for Windows (32-bit)
"RealVNC_is1" = VNC Free Edition 4.1.2
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Renamer" = Renamer (remove only)
"Scrivener 024" = Scrivener
"Smart Defrag 2_is1" = Smart Defrag 2
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"SONAR85Producer_is1" = SONAR 8.5 Producer
"SONAR8Producer_is1" = SONAR 8.0 Producer Edition
"SysInfo" = Creative System Information
"Tweak UI 2.10" = Tweak UI
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGTK-2_is1" = GTK+ 2.10.6-1 runtime environment
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Write Again! Professional" = Write Again! Professional
"Writer's Blocks" = Writer's Blocks
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
"ZENcast Organizer" = ZENcast Organizer
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1454471165-1801674531-725345543-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Detector Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/23/2011 11:23:39 AM | Computer Name = COMPAQLAPTOP | Source = Microsoft Fax | ID = 32012
Description = The attempt to send the fax failed. There was no answer. This fax
will not be sent, because the maximum number of retries has been exhausted. Sender:
Jeff. Billing code: . Sender company: . Sender dept: . Recipient name: Tina Stybr,
Wells Fargo. Recipient number: 1 877 3976498. Device name: Agere Systems AC'97
Modem.
Error - 9/24/2011 5:00:11 PM | Computer Name = COMPAQLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application foobar2000_uninstall.exe, version 1.0.0.0, faulting
module system.dll, version 0.0.0.0, fault address 0x000018ed.
Error - 9/24/2011 5:00:23 PM | Computer Name = COMPAQLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application foobar2000_uninstall.exe, version 1.0.0.0, faulting
module system.dll, version 0.0.0.0, fault address 0x000018ed.
Error - 10/14/2011 10:41:58 AM | Computer Name = COMPAQLAPTOP | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
. Error code = 0x80070020
Error - 10/22/2011 3:29:58 PM | Computer Name = COMPAQLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3909, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.
Error - 10/24/2011 8:33:06 PM | Computer Name = COMPAQLAPTOP | Source = ESENT | ID = 490
Description = wuauclt (5972) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).
Error - 10/24/2011 11:48:02 PM | Computer Name = COMPAQLAPTOP | Source = ESENT | ID = 490
Description = wuauclt (4668) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).
Error - 10/25/2011 8:43:17 PM | Computer Name = COMPAQLAPTOP | Source = ESENT | ID = 490
Description = wuauclt (2116) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).
Error - 10/25/2011 8:43:31 PM | Computer Name = COMPAQLAPTOP | Source = ESENT | ID = 490
Description = wuauclt (372) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).
Error - 10/29/2011 5:01:27 AM | Computer Name = COMPAQLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module comctl32.dll, version 6.0.2900.6028, fault address 0x00046f4e.
[ System Events ]
Error - 10/29/2011 6:42:16 PM | Computer Name = COMPAQLAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde
Error - 10/29/2011 6:42:46 PM | Computer Name = COMPAQLAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.
Error - 10/29/2011 6:42:46 PM | Computer Name = COMPAQLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053
Error - 10/29/2011 6:42:50 PM | Computer Name = COMPAQLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
Error - 10/29/2011 7:47:47 PM | Computer Name = COMPAQLAPTOP | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.
Error - 10/29/2011 7:47:47 PM | Computer Name = COMPAQLAPTOP | Source = Service Control Manager | ID = 7001
Description = The Canon Camera Access Library 8 service depends on the Windows Image
Acquisition (WIA) service which failed to start because of the following error:
%%1070
Error - 11/3/2011 9:53:21 PM | Computer Name = COMPAQLAPTOP | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.
Error - 11/3/2011 9:53:21 PM | Computer Name = COMPAQLAPTOP | Source = Service Control Manager | ID = 7001
Description = The Canon Camera Access Library 8 service depends on the Windows Image
Acquisition (WIA) service which failed to start because of the following error:
%%1070
Error - 11/3/2011 10:29:44 PM | Computer Name = COMPAQLAPTOP | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.
Error - 11/3/2011 10:29:44 PM | Computer Name = COMPAQLAPTOP | Source = Service Control Manager | ID = 7001
Description = The Canon Camera Access Library 8 service depends on the Windows Image
Acquisition (WIA) service which failed to start because of the following error:
%%1070
< End of report >
#7
Posted 04 November 2011 - 12:20 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Could you confirm that you have your icons/folders and start menu back please
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
THEN
Please download Malwarebytes' Anti-Malware
Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O3 - HKU\S-1-5-21-1454471165-1801674531-725345543-1007\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
[2008/03/20 16:57:30 | 000,263,680 | ---- | C] (Anonymous) -- C:\Program Files\fu4wm13fixworking.exe
[2007/05/10 09:53:36 | 000,263,680 | ---- | C] (Anonymous) -- C:\Program Files\fu4wm13fix.exe
[2011/10/18 17:25:09 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc8df58f446a52.job
[2010/03/19 16:17:54 | 000,015,178 | --S- | C] () -- C:\Documents and Settings\JeffE\Local Settings\Application Data\H5obFSC7MF62.bak
[2010/03/19 16:17:54 | 000,015,178 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\H5obFSC7MF62
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptyjava]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Please download Malwarebytes' Anti-Malware
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish, so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
#8
Posted 04 November 2011 - 02:55 PM
jeffroZ
- Topic Starter
-
- Member
-
- 19 posts
Member
The menus, shortcuts and icons are mostly back, though teh Administrative Tools menu and folder are still empty.
#9
Posted 04 November 2011 - 02:57 PM
jeffroZ
- Topic Starter
-
- Member
-
- 19 posts
Member
I will continue the disinfection tonight and post the results. Thanks again for the help.
#10
Posted 04 November 2011 - 03:00 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
We have the technology 
Just use the relevant parts on this fix
Restore Accessories Program Files Menu
Please download this tool here.
You will need to unzip the tool first.
Once you've unzipped the tool, please double-click on it to run it.
Ensure that the following check boxes are checked (as seen in this image below):
Once they are, click on the Restore button.
Restore Admin Tools Program Files Menu
Please download this tool here.
You will need to unzip the tool first.
Once you've unzipped the tool, please double-click on it to run it.
Click on the Restore Administrative Tools Items button.
As seen in this image below:
This next one will produce the necessary shortcut links which you can cut and paste into the start menu folder
Download the repair.vbs file to your destop
Run the repair.vbs
It will ask for a folder name call it recovery
The tool will let you know when it is finished
On the desktop will be a recovery folder
Open the folder
Cut and Paste the links that you want to C:\documents and settings\your name\start menu
Just use the relevant parts on this fix Restore Accessories Program Files Menu
Please download this tool here.
You will need to unzip the tool first.
Once you've unzipped the tool, please double-click on it to run it.
Ensure that the following check boxes are checked (as seen in this image below):
Once they are, click on the Restore button.
Restore Admin Tools Program Files Menu
Please download this tool here.
You will need to unzip the tool first.
Once you've unzipped the tool, please double-click on it to run it.
Click on the Restore Administrative Tools Items button.
As seen in this image below:
This next one will produce the necessary shortcut links which you can cut and paste into the start menu folder
Download the repair.vbs file to your destop
Run the repair.vbs
It will ask for a folder name call it recovery
The tool will let you know when it is finished
On the desktop will be a recovery folder
Open the folder
Cut and Paste the links that you want to C:\documents and settings\your name\start menu
#11
Posted 04 November 2011 - 03:04 PM
jeffroZ
- Topic Starter
-
- Member
-
- 19 posts
Member
I don't see the images, may be my browser. Should I run this fix before the OTL and MBAM steps?
#12
Posted 04 November 2011 - 03:06 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Run OTL and MBAM and the images may then be visible to you, although the first two programmes are fairly self explanatory
#13
Posted 04 November 2011 - 07:39 PM
jeffroZ
- Topic Starter
-
- Member
-
- 19 posts
Member
Here is the OTL results after the fix and scan:
OTL logfile created on: 11/4/2011 6:18:41 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\JeffE\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.41 Mb Total Physical Memory | 396.06 Mb Available Physical Memory | 39.04% Memory free
2.38 Gb Paging File | 1.87 Gb Available in Paging File | 78.44% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 14.11 Gb Free Space | 4.73% Space Free | Partition Type: NTFS
Computer Name: COMPAQLAPTOP | User Name: JeffE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/10/16 06:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JeffE\My Documents\OTL.exe
PRC - [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/09/21 19:53:12 | 000,973,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/13 06:32:40 | 001,227,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/20 15:07:38 | 005,382,072 | ---- | M] () -- C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
PRC - [2011/07/20 15:00:34 | 002,674,688 | ---- | M] () -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | R-S- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/31 13:17:50 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold 3\scsiaccess.exe
PRC - [2006/05/18 11:12:54 | 000,902,656 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopService.exe
PRC - [2006/04/21 12:14:00 | 000,450,560 | ---- | M] (Oracle) -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopQOS.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
========== Modules (No Company Name) ==========
MOD - [2011/07/20 15:07:38 | 005,382,072 | ---- | M] () -- C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
MOD - [2011/07/20 15:00:34 | 002,674,688 | ---- | M] () -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
MOD - [2010/05/14 12:49:36 | 002,519,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll
MOD - [2010/05/14 12:41:42 | 000,708,608 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll
MOD - [2010/05/14 12:38:30 | 006,443,008 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll
MOD - [2010/05/14 12:38:30 | 001,581,056 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll
MOD - [2010/05/14 12:38:30 | 000,356,352 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll
MOD - [2010/05/14 12:38:30 | 000,188,416 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll
MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2009/07/30 18:44:14 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2007/10/31 13:17:50 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold 3\scsiaccess.exe
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (Dhcense)
SRV - [2011/10/01 12:08:47 | 000,246,600 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/20 15:00:34 | 002,674,688 | ---- | M] () [Auto | Running] -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe -- (GsServer)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/07/18 12:56:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2007/10/31 13:17:50 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold 3\scsiaccess.exe -- (ScsiAccess)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/23 10:47:23 | 000,069,632 | ---- | M] (Macromedia) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2006/12/22 08:31:50 | 000,108,712 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/10/01 05:37:42 | 000,016,384 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2006/05/18 11:12:54 | 000,902,656 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopService.exe -- (MyDesktopWindows)
SRV - [2006/04/21 12:14:00 | 000,450,560 | ---- | M] (Oracle) [Auto | Running] -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopQOS.exe -- (QOSMyDesktop)
SRV - [2006/02/15 11:56:40 | 000,184,320 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe -- (MaxBackServiceInt)
SRV - [2006/02/07 16:10:14 | 000,106,496 | ---- | M] ( ) [Disabled | Stopped] -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe -- (NTService1)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
========== Driver Services (SafeList) ==========
DRV - [2011/11/03 20:33:26 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:30 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/04/29 13:40:52 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2008/04/13 11:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/12/04 17:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/06/27 14:05:52 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007/06/27 14:04:14 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/11/20 16:19:48 | 000,034,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SRS_SSCFilter.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV - [2006/11/01 17:14:41 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/10/01 05:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
DRV - [2006/08/01 02:58:42 | 000,009,600 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2006/04/21 17:06:26 | 002,208,512 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/06/23 09:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/06/10 10:39:20 | 001,694,592 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbusb.sys -- (sbusb)
DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/04/20 10:44:08 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/04/20 10:44:06 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/04/13 09:12:38 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/04/06 16:05:24 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2005/03/04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/01/31 17:23:08 | 000,109,319 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/03 22:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/26 07:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/07/16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/04/04 12:48:06 | 000,013,952 | ---- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic)
DRV - [2003/03/05 13:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2002/09/20 09:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {efcbec50-6821-11db-bd13-0800200c9a66}:0.6.3.1
FF - prefs.js..extensions.enabledItems: {b243fe83-b8a7-47de-855d-21d865243d5d}:0.6
FF - prefs.js..extensions.enabledItems: {e2fda1a4-762b-4020-b5ad-a41df1933103}:1.0b2
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:12.0.0.1806
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2010/10/22 09:39:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/10/05 08:08:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/13 11:51:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\AVG\AVG2012\Thunderbird\ [2011/10/01 12:07:13 | 000,000,000 | ---D | M]
[2011/10/30 11:33:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JeffE\Application Data\Mozilla\Extensions
[2010/02/23 07:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JeffE\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/30 11:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/12 17:54:01 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/08/14 15:52:13 | 000,000,000 | ---D | M] (Folderpane Tools) -- C:\DOCUMENTS AND SETTINGS\JEFFE\APPLICATION DATA\THUNDERBIRD\PROFILES\ZLUTQFZL.DEFAULT\EXTENSIONS\{B243FE83-B8A7-47DE-855D-21D865243D5D}
[2010/08/12 14:59:32 | 000,000,000 | ---D | M] (Lightning) -- C:\DOCUMENTS AND SETTINGS\JEFFE\APPLICATION DATA\THUNDERBIRD\PROFILES\ZLUTQFZL.DEFAULT\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103}
[2010/02/23 16:29:53 | 000,000,000 | ---D | M] (.vcs Support) -- C:\DOCUMENTS AND SETTINGS\JEFFE\APPLICATION DATA\THUNDERBIRD\PROFILES\ZLUTQFZL.DEFAULT\EXTENSIONS\{EFCBEC50-6821-11DB-BD13-0800200C9A66}
[2010/08/14 15:52:20 | 000,000,000 | ---D | M] (ThunderBrowse) -- C:\DOCUMENTS AND SETTINGS\JEFFE\APPLICATION DATA\THUNDERBIRD\PROFILES\ZLUTQFZL.DEFAULT\EXTENSIONS\[email protected]
[2011/10/01 12:07:13 | 000,000,000 | ---D | M] (AVG E-mail Scanner) -- C:\PROGRAM FILES\AVG\AVG2012\THUNDERBIRD
[2006/09/21 13:25:40 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/09/22 11:15:24 | 000,404,992 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/04/14 00:01:38 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\gears.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1320_0\plugins/avgnpss.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Documents and Settings\JeffE\Application Data\Mozilla\plugins\npPxPlay.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: PalmSource Package Installer (Enabled) = C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: AT_ChuckAnderson = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_0\
CHR - Extension: Select To Get Maps = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hinehgnhgiohbfpbpgkjnelkcgdkcgha\1.1.1\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1320_0\
CHR - Extension: Poppit = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
O1 HOSTS File: ([2011/11/04 18:08:38 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SbUsb AudCtrl] C:\WINDOWS\System32\sbusbdll.dll (Creative Technology Ltd)
O4 - HKCU..\Run: [GoodSync] C:\Program Files\Siber Systems\GoodSync\GoodSync.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.h...staller_gmn.cab (VerifyGMN Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} https://meeting.juni...oterisSetup.cab (NeoterisSetup Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1154490032718 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.6.0_07)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.mac...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C89C9775-6CB3-4311-9446-ED2004E21E28}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\JeffE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JeffE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/01 17:13:58 | 000,000,000 | R--- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/11/04 18:07:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/03 20:48:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JeffE\My Documents\OTL.exe
[2011/11/03 19:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeffE\Desktop\RK_Quarantine
[2011/10/29 10:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/10/25 20:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/10/19 07:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/10/15 11:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/10/15 11:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/10/15 11:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/10/08 11:13:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JeffE\Start Menu\Programs\Administrative Tools
[2009/12/04 11:53:39 | 000,059,392 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004/07/26 04:16:40 | 001,117,491 | ---- | C] (DVD Shrink ) -- C:\Program Files\dvdshrink32setup.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/11/04 18:32:50 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/04 18:17:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/04 18:15:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/04 18:13:18 | 108,764,981 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.prepare
[2011/11/04 18:08:38 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/11/03 20:33:26 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/11/03 19:31:36 | 000,065,896 | ---- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/11/03 19:12:55 | 108,640,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/11/01 04:36:53 | 000,730,112 | ---- | M] () -- C:\Documents and Settings\JeffE\My Documents\RogueKiller.exe
[2011/11/01 04:36:53 | 000,730,112 | ---- | M] () -- C:\Documents and Settings\JeffE\Desktop\RogueKiller.exe
[2011/10/30 11:41:53 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Safari.exe.lnk
[2011/10/30 11:34:37 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to iexplore.exe.lnk
[2011/10/30 11:09:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to wmplayer.exe.lnk
[2011/10/30 11:07:56 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to lightroom.exe.lnk
[2011/10/30 11:07:44 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Photoshop.exe.lnk
[2011/10/30 11:07:23 | 000,000,858 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WINWORD.EXE.lnk
[2011/10/29 15:38:41 | 000,315,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/29 15:32:29 | 000,000,211 | ---- | M] () -- C:\boot.ini
[2011/10/29 15:22:11 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2011/10/29 14:49:11 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/10/29 14:49:11 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/10/29 11:00:20 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/28 06:48:59 | 000,207,140 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/10/26 17:44:01 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2011/10/19 07:21:24 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/10/16 06:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JeffE\My Documents\OTL.exe
[2011/10/14 07:39:10 | 000,437,618 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/14 07:39:10 | 000,069,678 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/14 07:21:02 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/11/03 19:36:33 | 000,730,112 | ---- | C] () -- C:\Documents and Settings\JeffE\Desktop\RogueKiller.exe
[2011/11/03 19:32:15 | 000,730,112 | ---- | C] () -- C:\Documents and Settings\JeffE\My Documents\RogueKiller.exe
[2011/11/03 19:22:01 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/10/30 11:41:53 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Safari.exe.lnk
[2011/10/30 11:34:37 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to iexplore.exe.lnk
[2011/10/30 11:09:02 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to wmplayer.exe.lnk
[2011/10/30 11:07:56 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to lightroom.exe.lnk
[2011/10/30 11:07:44 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Photoshop.exe.lnk
[2011/10/30 11:07:23 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WINWORD.EXE.lnk
[2011/10/14 07:18:14 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/09/22 22:26:20 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2011/09/22 22:26:08 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2011/08/29 22:26:42 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/08/29 22:26:41 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2010/12/02 19:16:56 | 000,011,363 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Comma Separated Values (Windows).CAL
[2010/11/30 22:06:27 | 000,030,334 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Comma Separated Values (Windows).ADR
[2010/10/14 12:00:17 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2010/10/14 11:57:48 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2010/10/14 11:57:47 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe
[2010/07/03 13:30:16 | 000,239,392 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/30 01:19:23 | 000,001,188 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/05/14 11:46:25 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/05/14 11:31:01 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/03/23 21:36:52 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/05 17:38:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\JeffE\Local Settings\Application Data\prvlcl.dat
[2009/12/04 11:53:38 | 000,012,043 | ---- | C] () -- C:\WINDOWS\System32\SBUSB.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/30 18:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/04/11 11:16:57 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/11/24 23:36:29 | 000,000,235 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008/05/12 17:30:03 | 000,065,896 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/03/20 16:56:26 | 000,090,112 | ---- | C] () -- C:\Program Files\FairUseCommander.exe
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/11/19 20:44:23 | 000,038,868 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2007/11/19 20:44:23 | 000,029,665 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2007/11/19 20:37:49 | 000,038,868 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2007/11/19 20:37:49 | 000,029,665 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2007/10/14 16:37:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/10/08 18:06:26 | 000,000,077 | ---- | C] () -- C:\WINDOWS\WBLOCKSP.INI
[2007/10/08 11:18:02 | 000,000,220 | --S- | C] () -- C:\WINDOWS\System32\ss.drv
[2007/10/08 11:17:34 | 000,000,083 | ---- | C] () -- C:\WINDOWS\WB3USER.INI
[2007/06/27 22:32:30 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/06/19 14:51:00 | 000,003,365 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2007/06/09 11:37:30 | 000,002,951 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2007/04/12 12:02:13 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2007/03/29 11:54:43 | 000,002,002 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/19 16:03:58 | 000,004,511 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2007/03/09 11:52:25 | 010,884,472 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2006/12/27 12:18:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MyDesktopServiceLocal.ini
[2006/12/07 12:35:24 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\$_hpcst$.hpc
[2006/11/24 20:03:24 | 000,090,624 | ---- | C] () -- C:\Documents and Settings\JeffE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/20 16:19:48 | 000,034,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter.sys
[2006/11/20 16:19:44 | 000,044,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys
[2006/11/20 16:19:44 | 000,037,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys
[2006/11/20 16:19:42 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2006/11/03 10:39:20 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/09/21 20:53:41 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/18 10:47:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/11 12:21:43 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\w32mkde.exe
[2006/09/11 12:21:43 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\w32mkrc.dll
[2006/09/07 21:39:22 | 000,000,215 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/02 16:05:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/02 14:05:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/02 14:05:07 | 000,006,461 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/08/02 00:04:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/08/02 00:02:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\wisemsg.dll
[2006/08/01 23:38:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/08/01 23:38:54 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/08/01 23:38:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/08/01 23:38:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/08/01 23:38:54 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/08/01 23:38:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/08/01 21:35:45 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/08/01 17:16:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/01 17:10:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/01 10:05:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/01 10:04:12 | 000,315,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/11/04 10:21:24 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2004/02/25 23:18:04 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004/01/13 19:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/03/31 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 12:00:00 | 000,437,618 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 12:00:00 | 000,069,678 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 11:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 11:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
========== LOP Check ==========
[2011/10/16 11:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/10/01 12:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/10/14 09:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/11 10:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2010/10/14 09:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/08/11 09:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
[2010/10/14 12:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eLicenser
[2006/12/07 17:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/05/17 20:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010/05/30 01:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2011/07/27 18:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoodSync
[2009/08/11 00:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2011/08/29 22:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2006/11/27 17:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2011/05/22 10:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2011/11/03 19:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/12/02 10:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/02/09 12:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2011/09/22 22:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2011/07/18 23:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
[2010/07/23 15:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2011/09/20 23:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/05/10 22:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2007/02/05 12:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRS Labs
[2010/10/14 12:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steinberg
[2010/10/14 12:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2011/04/14 00:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/04/17 13:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/05/26 11:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/09/21 20:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/25 07:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2010/01/07 15:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/10/11 10:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{902029B2-957E-4066-85FA-30DA31731718}
[2010/10/11 10:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}
[2007/01/31 22:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\allTunes
[2011/04/10 11:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Amazon
[2011/10/01 12:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\AVG2012
[2010/03/02 15:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\AVG9
[2011/09/20 23:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Blackberry Desktop
[2010/10/11 10:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Cakewalk
[2010/06/04 22:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Canon
[2010/06/25 16:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/16 21:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\com.amazon.music.uploader
[2010/06/25 16:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2007/04/03 21:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\dBpoweramp
[2009/12/04 22:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Desktopicon
[2011/08/29 19:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Dropbox
[2010/10/24 17:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\foobar2000
[2011/11/03 18:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\GoodSync
[2007/11/20 11:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\gtk-2.0
[2009/08/11 00:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\HotSync
[2006/12/08 14:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\InterVideo
[2011/08/29 22:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\IObit
[2011/07/22 21:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Jumping Bytes
[2010/03/02 09:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Launchy
[2010/04/22 22:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Mobipocket
[2006/11/26 18:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Netscape
[2010/02/10 12:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\NVD
[2006/12/16 11:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\OfficeUpdate12
[2009/10/12 11:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\OpenOffice.org
[2006/12/18 16:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Opera
[2007/10/31 13:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Photodex
[2011/10/11 21:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\PrimoPDF
[2008/04/27 08:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\REAPER
[2011/09/20 23:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Research In Motion
[2006/11/24 20:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Snapfish
[2010/03/01 12:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\SoftGrid Client
[2011/02/06 12:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Spacejock Software
[2010/10/14 12:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Steinberg
[2011/09/22 22:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\TaxCut
[2010/02/23 07:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Thunderbird
[2010/01/18 17:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\TP
[2011/10/02 12:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\uTorrent
[2010/10/16 18:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\VST3 Presets
[2010/05/27 10:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\W Photo Studio Viewer
[2011/04/14 00:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\WINPUMP
[2011/09/26 19:23:59 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\GoodSync - Writing.job
[2011/08/21 22:00:01 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2011/09/01 18:22:10 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
OTL logfile created on: 11/4/2011 6:18:41 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\JeffE\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.41 Mb Total Physical Memory | 396.06 Mb Available Physical Memory | 39.04% Memory free
2.38 Gb Paging File | 1.87 Gb Available in Paging File | 78.44% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 14.11 Gb Free Space | 4.73% Space Free | Partition Type: NTFS
Computer Name: COMPAQLAPTOP | User Name: JeffE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/10/16 06:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JeffE\My Documents\OTL.exe
PRC - [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/09/21 19:53:12 | 000,973,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/13 06:32:40 | 001,227,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/20 15:07:38 | 005,382,072 | ---- | M] () -- C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
PRC - [2011/07/20 15:00:34 | 002,674,688 | ---- | M] () -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | R-S- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/31 13:17:50 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold 3\scsiaccess.exe
PRC - [2006/05/18 11:12:54 | 000,902,656 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopService.exe
PRC - [2006/04/21 12:14:00 | 000,450,560 | ---- | M] (Oracle) -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopQOS.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
========== Modules (No Company Name) ==========
MOD - [2011/07/20 15:07:38 | 005,382,072 | ---- | M] () -- C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
MOD - [2011/07/20 15:00:34 | 002,674,688 | ---- | M] () -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
MOD - [2010/05/14 12:49:36 | 002,519,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll
MOD - [2010/05/14 12:41:42 | 000,708,608 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll
MOD - [2010/05/14 12:38:30 | 006,443,008 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll
MOD - [2010/05/14 12:38:30 | 001,581,056 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll
MOD - [2010/05/14 12:38:30 | 000,356,352 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll
MOD - [2010/05/14 12:38:30 | 000,188,416 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll
MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2009/07/30 18:44:14 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2007/10/31 13:17:50 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold 3\scsiaccess.exe
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (Dhcense)
SRV - [2011/10/01 12:08:47 | 000,246,600 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/20 15:00:34 | 002,674,688 | ---- | M] () [Auto | Running] -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe -- (GsServer)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/07/18 12:56:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2007/10/31 13:17:50 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold 3\scsiaccess.exe -- (ScsiAccess)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/23 10:47:23 | 000,069,632 | ---- | M] (Macromedia) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2006/12/22 08:31:50 | 000,108,712 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/10/01 05:37:42 | 000,016,384 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2006/05/18 11:12:54 | 000,902,656 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopService.exe -- (MyDesktopWindows)
SRV - [2006/04/21 12:14:00 | 000,450,560 | ---- | M] (Oracle) [Auto | Running] -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopQOS.exe -- (QOSMyDesktop)
SRV - [2006/02/15 11:56:40 | 000,184,320 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe -- (MaxBackServiceInt)
SRV - [2006/02/07 16:10:14 | 000,106,496 | ---- | M] ( ) [Disabled | Stopped] -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe -- (NTService1)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
========== Driver Services (SafeList) ==========
DRV - [2011/11/03 20:33:26 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:30 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/04/29 13:40:52 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2008/04/13 11:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/12/04 17:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/06/27 14:05:52 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007/06/27 14:04:14 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/11/20 16:19:48 | 000,034,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SRS_SSCFilter.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV - [2006/11/01 17:14:41 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/10/01 05:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
DRV - [2006/08/01 02:58:42 | 000,009,600 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2006/04/21 17:06:26 | 002,208,512 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/06/23 09:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/06/10 10:39:20 | 001,694,592 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbusb.sys -- (sbusb)
DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/04/20 10:44:08 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/04/20 10:44:06 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/04/13 09:12:38 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/04/06 16:05:24 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2005/03/04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/01/31 17:23:08 | 000,109,319 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/03 22:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/26 07:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/07/16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/04/04 12:48:06 | 000,013,952 | ---- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic)
DRV - [2003/03/05 13:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2002/09/20 09:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {efcbec50-6821-11db-bd13-0800200c9a66}:0.6.3.1
FF - prefs.js..extensions.enabledItems: {b243fe83-b8a7-47de-855d-21d865243d5d}:0.6
FF - prefs.js..extensions.enabledItems: {e2fda1a4-762b-4020-b5ad-a41df1933103}:1.0b2
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:12.0.0.1806
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2010/10/22 09:39:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/10/05 08:08:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/13 11:51:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\AVG\AVG2012\Thunderbird\ [2011/10/01 12:07:13 | 000,000,000 | ---D | M]
[2011/10/30 11:33:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JeffE\Application Data\Mozilla\Extensions
[2010/02/23 07:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JeffE\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/30 11:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/12 17:54:01 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/08/14 15:52:13 | 000,000,000 | ---D | M] (Folderpane Tools) -- C:\DOCUMENTS AND SETTINGS\JEFFE\APPLICATION DATA\THUNDERBIRD\PROFILES\ZLUTQFZL.DEFAULT\EXTENSIONS\{B243FE83-B8A7-47DE-855D-21D865243D5D}
[2010/08/12 14:59:32 | 000,000,000 | ---D | M] (Lightning) -- C:\DOCUMENTS AND SETTINGS\JEFFE\APPLICATION DATA\THUNDERBIRD\PROFILES\ZLUTQFZL.DEFAULT\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103}
[2010/02/23 16:29:53 | 000,000,000 | ---D | M] (.vcs Support) -- C:\DOCUMENTS AND SETTINGS\JEFFE\APPLICATION DATA\THUNDERBIRD\PROFILES\ZLUTQFZL.DEFAULT\EXTENSIONS\{EFCBEC50-6821-11DB-BD13-0800200C9A66}
[2010/08/14 15:52:20 | 000,000,000 | ---D | M] (ThunderBrowse) -- C:\DOCUMENTS AND SETTINGS\JEFFE\APPLICATION DATA\THUNDERBIRD\PROFILES\ZLUTQFZL.DEFAULT\EXTENSIONS\[email protected]
[2011/10/01 12:07:13 | 000,000,000 | ---D | M] (AVG E-mail Scanner) -- C:\PROGRAM FILES\AVG\AVG2012\THUNDERBIRD
[2006/09/21 13:25:40 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/09/22 11:15:24 | 000,404,992 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/04/14 00:01:38 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\gears.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1320_0\plugins/avgnpss.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Documents and Settings\JeffE\Application Data\Mozilla\plugins\npPxPlay.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: PalmSource Package Installer (Enabled) = C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: AT_ChuckAnderson = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_0\
CHR - Extension: Select To Get Maps = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hinehgnhgiohbfpbpgkjnelkcgdkcgha\1.1.1\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1320_0\
CHR - Extension: Poppit = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
O1 HOSTS File: ([2011/11/04 18:08:38 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SbUsb AudCtrl] C:\WINDOWS\System32\sbusbdll.dll (Creative Technology Ltd)
O4 - HKCU..\Run: [GoodSync] C:\Program Files\Siber Systems\GoodSync\GoodSync.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.h...staller_gmn.cab (VerifyGMN Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} https://meeting.juni...oterisSetup.cab (NeoterisSetup Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1154490032718 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.6.0_07)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.mac...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C89C9775-6CB3-4311-9446-ED2004E21E28}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\JeffE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JeffE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/01 17:13:58 | 000,000,000 | R--- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/11/04 18:07:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/03 20:48:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JeffE\My Documents\OTL.exe
[2011/11/03 19:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeffE\Desktop\RK_Quarantine
[2011/10/29 10:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/10/25 20:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/10/19 07:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/10/15 11:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/10/15 11:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/10/15 11:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/10/08 11:13:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JeffE\Start Menu\Programs\Administrative Tools
[2009/12/04 11:53:39 | 000,059,392 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004/07/26 04:16:40 | 001,117,491 | ---- | C] (DVD Shrink ) -- C:\Program Files\dvdshrink32setup.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/11/04 18:32:50 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/04 18:17:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/04 18:15:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/04 18:13:18 | 108,764,981 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.prepare
[2011/11/04 18:08:38 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/11/03 20:33:26 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/11/03 19:31:36 | 000,065,896 | ---- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/11/03 19:12:55 | 108,640,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/11/01 04:36:53 | 000,730,112 | ---- | M] () -- C:\Documents and Settings\JeffE\My Documents\RogueKiller.exe
[2011/11/01 04:36:53 | 000,730,112 | ---- | M] () -- C:\Documents and Settings\JeffE\Desktop\RogueKiller.exe
[2011/10/30 11:41:53 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Safari.exe.lnk
[2011/10/30 11:34:37 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to iexplore.exe.lnk
[2011/10/30 11:09:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to wmplayer.exe.lnk
[2011/10/30 11:07:56 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to lightroom.exe.lnk
[2011/10/30 11:07:44 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Photoshop.exe.lnk
[2011/10/30 11:07:23 | 000,000,858 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WINWORD.EXE.lnk
[2011/10/29 15:38:41 | 000,315,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/29 15:32:29 | 000,000,211 | ---- | M] () -- C:\boot.ini
[2011/10/29 15:22:11 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2011/10/29 14:49:11 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/10/29 14:49:11 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/10/29 11:00:20 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/28 06:48:59 | 000,207,140 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/10/26 17:44:01 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2011/10/19 07:21:24 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/10/16 06:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JeffE\My Documents\OTL.exe
[2011/10/14 07:39:10 | 000,437,618 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/14 07:39:10 | 000,069,678 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/14 07:21:02 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/11/03 19:36:33 | 000,730,112 | ---- | C] () -- C:\Documents and Settings\JeffE\Desktop\RogueKiller.exe
[2011/11/03 19:32:15 | 000,730,112 | ---- | C] () -- C:\Documents and Settings\JeffE\My Documents\RogueKiller.exe
[2011/11/03 19:22:01 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/10/30 11:41:53 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Safari.exe.lnk
[2011/10/30 11:34:37 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to iexplore.exe.lnk
[2011/10/30 11:09:02 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to wmplayer.exe.lnk
[2011/10/30 11:07:56 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to lightroom.exe.lnk
[2011/10/30 11:07:44 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Photoshop.exe.lnk
[2011/10/30 11:07:23 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WINWORD.EXE.lnk
[2011/10/14 07:18:14 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/09/22 22:26:20 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2011/09/22 22:26:08 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2011/08/29 22:26:42 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/08/29 22:26:41 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2010/12/02 19:16:56 | 000,011,363 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Comma Separated Values (Windows).CAL
[2010/11/30 22:06:27 | 000,030,334 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Comma Separated Values (Windows).ADR
[2010/10/14 12:00:17 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2010/10/14 11:57:48 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2010/10/14 11:57:47 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe
[2010/07/03 13:30:16 | 000,239,392 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/30 01:19:23 | 000,001,188 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/05/14 11:46:25 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/05/14 11:31:01 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/03/23 21:36:52 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/05 17:38:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\JeffE\Local Settings\Application Data\prvlcl.dat
[2009/12/04 11:53:38 | 000,012,043 | ---- | C] () -- C:\WINDOWS\System32\SBUSB.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/30 18:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/04/11 11:16:57 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/11/24 23:36:29 | 000,000,235 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008/05/12 17:30:03 | 000,065,896 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/03/20 16:56:26 | 000,090,112 | ---- | C] () -- C:\Program Files\FairUseCommander.exe
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/11/19 20:44:23 | 000,038,868 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2007/11/19 20:44:23 | 000,029,665 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2007/11/19 20:37:49 | 000,038,868 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2007/11/19 20:37:49 | 000,029,665 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2007/10/14 16:37:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/10/08 18:06:26 | 000,000,077 | ---- | C] () -- C:\WINDOWS\WBLOCKSP.INI
[2007/10/08 11:18:02 | 000,000,220 | --S- | C] () -- C:\WINDOWS\System32\ss.drv
[2007/10/08 11:17:34 | 000,000,083 | ---- | C] () -- C:\WINDOWS\WB3USER.INI
[2007/06/27 22:32:30 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/06/19 14:51:00 | 000,003,365 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2007/06/09 11:37:30 | 000,002,951 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2007/04/12 12:02:13 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2007/03/29 11:54:43 | 000,002,002 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/19 16:03:58 | 000,004,511 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2007/03/09 11:52:25 | 010,884,472 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2006/12/27 12:18:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MyDesktopServiceLocal.ini
[2006/12/07 12:35:24 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\$_hpcst$.hpc
[2006/11/24 20:03:24 | 000,090,624 | ---- | C] () -- C:\Documents and Settings\JeffE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/20 16:19:48 | 000,034,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter.sys
[2006/11/20 16:19:44 | 000,044,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys
[2006/11/20 16:19:44 | 000,037,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys
[2006/11/20 16:19:42 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2006/11/03 10:39:20 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/09/21 20:53:41 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/18 10:47:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/11 12:21:43 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\w32mkde.exe
[2006/09/11 12:21:43 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\w32mkrc.dll
[2006/09/07 21:39:22 | 000,000,215 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/02 16:05:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/02 14:05:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/02 14:05:07 | 000,006,461 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/08/02 00:04:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/08/02 00:02:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\wisemsg.dll
[2006/08/01 23:38:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/08/01 23:38:54 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/08/01 23:38:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/08/01 23:38:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/08/01 23:38:54 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/08/01 23:38:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/08/01 21:35:45 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/08/01 17:16:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/01 17:10:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/01 10:05:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/01 10:04:12 | 000,315,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/11/04 10:21:24 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2004/02/25 23:18:04 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004/01/13 19:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/03/31 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 12:00:00 | 000,437,618 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 12:00:00 | 000,069,678 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 11:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 11:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
========== LOP Check ==========
[2011/10/16 11:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/10/01 12:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/10/14 09:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/11 10:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2010/10/14 09:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/08/11 09:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
[2010/10/14 12:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eLicenser
[2006/12/07 17:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/05/17 20:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010/05/30 01:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2011/07/27 18:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoodSync
[2009/08/11 00:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2011/08/29 22:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2006/11/27 17:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2011/05/22 10:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2011/11/03 19:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/12/02 10:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/02/09 12:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2011/09/22 22:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2011/07/18 23:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
[2010/07/23 15:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2011/09/20 23:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/05/10 22:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2007/02/05 12:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRS Labs
[2010/10/14 12:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steinberg
[2010/10/14 12:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2011/04/14 00:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/04/17 13:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/05/26 11:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/09/21 20:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/25 07:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2010/01/07 15:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/10/11 10:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{902029B2-957E-4066-85FA-30DA31731718}
[2010/10/11 10:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}
[2007/01/31 22:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\allTunes
[2011/04/10 11:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Amazon
[2011/10/01 12:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\AVG2012
[2010/03/02 15:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\AVG9
[2011/09/20 23:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Blackberry Desktop
[2010/10/11 10:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Cakewalk
[2010/06/04 22:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Canon
[2010/06/25 16:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/16 21:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\com.amazon.music.uploader
[2010/06/25 16:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2007/04/03 21:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\dBpoweramp
[2009/12/04 22:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Desktopicon
[2011/08/29 19:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Dropbox
[2010/10/24 17:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\foobar2000
[2011/11/03 18:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\GoodSync
[2007/11/20 11:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\gtk-2.0
[2009/08/11 00:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\HotSync
[2006/12/08 14:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\InterVideo
[2011/08/29 22:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\IObit
[2011/07/22 21:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Jumping Bytes
[2010/03/02 09:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Launchy
[2010/04/22 22:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Mobipocket
[2006/11/26 18:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Netscape
[2010/02/10 12:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\NVD
[2006/12/16 11:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\OfficeUpdate12
[2009/10/12 11:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\OpenOffice.org
[2006/12/18 16:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Opera
[2007/10/31 13:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Photodex
[2011/10/11 21:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\PrimoPDF
[2008/04/27 08:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\REAPER
[2011/09/20 23:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Research In Motion
[2006/11/24 20:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Snapfish
[2010/03/01 12:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\SoftGrid Client
[2011/02/06 12:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Spacejock Software
[2010/10/14 12:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Steinberg
[2011/09/22 22:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\TaxCut
[2010/02/23 07:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Thunderbird
[2010/01/18 17:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\TP
[2011/10/02 12:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\uTorrent
[2010/10/16 18:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\VST3 Presets
[2010/05/27 10:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\W Photo Studio Viewer
[2011/04/14 00:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\WINPUMP
[2011/09/26 19:23:59 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\GoodSync - Writing.job
[2011/08/21 22:00:01 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2011/09/01 18:22:10 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
#14
Posted 04 November 2011 - 10:53 PM
jeffroZ
- Topic Starter
-
- Member
-
- 19 posts
Member
The MBAM scan came up clean, here's the log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8088
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
11/4/2011 9:46:21 PM
mbam-log-2011-11-04 (21-46-21).txt
Scan type: Quick scan
Objects scanned: 254473
Time elapsed: 34 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Something is still hogging my resources, hard drive and CPU. svchost is using 70-90% cpu, which seemed to start when I first got infected. Also, the browser tends to lock up, and then I lose connectivity.
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8088
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
11/4/2011 9:46:21 PM
mbam-log-2011-11-04 (21-46-21).txt
Scan type: Quick scan
Objects scanned: 254473
Time elapsed: 34 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Something is still hogging my resources, hard drive and CPU. svchost is using 70-90% cpu, which seemed to start when I first got infected. Also, the browser tends to lock up, and then I lose connectivity.
#15
Posted 05 November 2011 - 06:14 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK time to look deeper
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
THEN
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
THEN
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
- Double click on ComboFix.exe & follow the prompts.Allow it to install the recovery console
- Accept the disclaimer and allow to update if it asks
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
