Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cannot Remove Win32/heur Virus [Closed] [Solved]


  • This topic is locked This topic is locked

#1
BirdDuck

BirdDuck

    New Member

  • Member
  • Pip
  • 8 posts
I use AVG Anti-Virus 2012 (just recently upgraded). The Version of the software is 2012.0.1913. According to AVG's "Resident Shield" history, the virus Win32/heur presented itself on my computer March 08, 2011. The most recent appearance of the virus happened on January 30, 2012. When AVG's "Resident Shield" alert displayed on my screen, it gave me a few options as to how to manage the 'infection': Ignore, Move to Vault and one other -- it might have been 'quarantine.' The bottome line was that no other option was effective except: "Ignore." So, every time the virus alert came up I would click "ignore" due to an ongoing result that my history reports as: "Object is unacessible." When I explored AVG's history data, I learned that the process associated with Win 32/heur is usually connected to my other anti-virus/security software, Norton 360: c:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe or when using an older version of Norton, the process included c:\Program Files...\Norton...\Engine\4.3.0.5.exe. Bottom line, is, I cannot remove this virus. I cannot isolate computer symptoms associated ONLY with this virus; however, I can inform you of overall symptoms of poor computer performance: slow internet, programs "not responding," some pop-ups and strange advertisement "junk mail" showing up in my Microsoft Outlook 2007 Email Program. I would say overall slowness is the main problem, but I wasn't sure if that has to do with memory, start-up issues or other. Finally, when I open and use AVG's History Interface (Instead of the "Resident Shield" Pop-up Alert), I am offered the following options: "Remove Threat" or "Remove all Threats." I've tried both and neither one removes the virus. I hope this is enough information. Are you able to provide a resolution that will terminate this virus once and for all? Thanks for all of your help and your individual gifts. I sent you a small donation via Pay Pal for your efforts. I would send more but I am chronically ill and on disability right now. Thanks in advance for all of your help! Here is the OTL data:

1. OTL Text:
OTL logfile created on: 2/11/2012 8:34:39 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 46.77% Memory free
5.94 Gb Paging File | 2.12 Gb Available in Paging File | 35.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 126.91 Gb Free Space | 54.84% Space Free | Partition Type: NTFS
Drive E: | 1.92 Gb Total Space | 0.07 Gb Free Space | 3.62% Space Free | Partition Type: FAT

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/11 20:29:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
PRC - [2012/02/01 02:58:25 | 000,909,152 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
PRC - [2012/02/01 02:58:22 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/12 04:53:37 | 000,307,312 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/12/12 14:07:00 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2011/12/12 14:06:58 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/23 00:00:55 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/03 12:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/21 04:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/19 04:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/27 06:06:44 | 000,267,488 | ---- | M] () -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\5.2.0.13\ccsvchst.exe
PRC - [2010/10/29 15:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/06/08 09:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/06/08 09:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/10 22:32:18 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/02/10 22:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2009/09/03 11:41:06 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2009/05/05 15:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009/05/05 15:06:02 | 001,152,288 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\agent.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/04 16:46:38 | 001,242,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
PRC - [2008/08/04 16:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2008/07/18 22:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/02 15:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/05/09 13:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/24 20:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/17 02:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 02:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/02/06 15:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/02/06 15:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008/01/31 17:27:04 | 000,118,784 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/10/30 15:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/09/20 07:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/01 02:58:22 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/01/31 03:04:50 | 001,574,240 | ---- | M] () -- C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
MOD - [2012/01/12 03:33:08 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
MOD - [2012/01/12 03:32:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
MOD - [2011/10/21 04:10:08 | 000,087,440 | ---- | M] () -- C:\Program Files\adawaretb\adawareDx.dll
MOD - [2011/10/13 16:35:34 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3079c5adccd527a2c990008abf5454ec\IAStorUtil.ni.dll
MOD - [2011/10/13 16:35:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/13 14:36:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/13 14:35:45 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/13 14:35:26 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/13 14:32:15 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
MOD - [2011/10/13 14:32:09 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 14:31:11 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/08/19 04:26:16 | 000,183,320 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\SharedBin\LvApi11.dll
MOD - [2011/08/12 12:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 12:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 12:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 12:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 12:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/10/29 15:02:38 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll
MOD - [2010/10/29 15:01:30 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
MOD - [2009/04/22 16:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 18:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 17:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 17:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 17:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 17:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 17:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 17:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 17:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 17:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 17:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll
MOD - [2008/09/20 01:12:29 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2008/03/06 12:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2007/12/25 14:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007/12/14 23:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/12/01 19:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\Toshiba\TBS\NotifyTBS.dll
MOD - [2006/10/30 15:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
MOD - [2006/10/10 13:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 13:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2006/09/20 07:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (lmab_device)
SRV - File not found [Auto | Stopped] -- -- (IAANTMON) Intel®
SRV - [2012/02/01 02:58:25 | 000,909,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/12/12 14:07:00 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011/11/30 16:12:40 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/19 04:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/27 06:06:44 | 000,267,488 | ---- | M] () [Auto | Running] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360 Premier Edition\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/08 09:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/02/10 22:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2009/09/03 11:41:06 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/04/18 22:57:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/12 19:28:40 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/08/04 16:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2008/07/18 22:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 20:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 17:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/02/06 15:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/02/01 17:08:50 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004/03/25 10:35:26 | 000,061,440 | ---- | M] (Adobe Sytems) [On_Demand | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue)


========== Driver Services (SafeList) ==========

DRV - [2012/02/09 23:22:59 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/09 23:22:59 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/01/31 03:03:30 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120210.035\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/01/31 03:03:29 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120210.035\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/15 18:33:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120210.002\IDSvix86.sys -- (IDSVix86)
DRV - [2011/11/30 21:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120207.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/03 12:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/11/03 12:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/19 09:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/08/19 04:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/06/01 19:08:37 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 20:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/30 22:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 21:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 00:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS -- (SymIRON)
DRV - [2010/06/23 08:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/11/11 12:59:26 | 000,002,560 | ---- | M] (SupportSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssrangdr.sys -- (ssrangdr)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/28 17:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/18 20:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 18:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/01/18 11:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/17 13:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/14 13:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\..\URLSearchHook: {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - C:\Program Files\Productivity_3\prxtbProd.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.toshibadirect.com/dpdstart
IE - HKCU\..\URLSearchHook: {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - C:\Program Files\Productivity_3\prxtbProd.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e7472076-ff9d-4325-8eaf-613572008758} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@DictionaryBoss.com/Plugin: C:\Program Files\DictionaryBoss\bar\1.bin\NPv4Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/02/01 03:55:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_5_2 [2012/02/11 15:27:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DictionaryBoss\bar\1.bin [2012/02/01 16:01:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/01/31 17:17:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\9.0.0.23\ [2012/01/31 03:05:19 | 000,000,000 | ---D | M]


========== Chrome ==========


O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Productivity 3 Toolbar) - {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - C:\Program Files\Productivity_3\prxtbProd.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDFViewerPlus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Toolbar BHO) - {6eb534fb-2001-45c4-b860-bc904865a379} - C:\Program Files\DictionaryBoss\bar\1.bin\v4bar.dll (MindSpark)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Productivity 3 Toolbar) - {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - C:\Program Files\Productivity_3\prxtbProd.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DictionaryBoss) - {3042df7a-e900-4389-9b94-923df0daa57e} - C:\Program Files\DictionaryBoss\bar\1.bin\v4bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1C9B96A0-CBA2-482E-9C40-9200B547123A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Productivity 3 Toolbar) - {1FCA4DF8-9ACD-4DFB-89CC-DDD0082FC588} - C:\Program Files\Productivity_3\prxtbProd.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [DictionaryBoss Search Scope Monitor] C:\Program Files\DictionaryBoss\bar\1.bin\v4SrchMn.exe (MindSpark)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" File not found
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKCU..\Run: [DW6] File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A2E6BA9-3B42-4B4C-BBFB-E7D86FD7E9DB}: DhcpNameServer = 192.168.1.1 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CA3FD0B-64C1-4157-B57C-436A955455EE}: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Toolbars\Shared\Skype4ComAPI.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-1.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{45c0abee-3dc1-11e0-96bc-001e3376db89}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\e-MedTAG.exe
O33 - MountPoints2\{be6b2fc9-b757-11dd-8ceb-001e3376db89}\Shell - "" = AutoRun
O33 - MountPoints2\{ccb9c09e-b9c5-11dd-b031-001e3376db89}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/11 20:29:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2012/02/02 02:59:59 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\adaware
[2012/02/02 02:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012/02/02 02:59:24 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2012/02/02 02:59:08 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2012/02/02 02:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012/01/31 03:32:45 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\AVG
[2012/01/31 03:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/01/31 03:07:12 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\AVG2012
[2012/01/31 03:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/01/31 03:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/01/31 03:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/01/30 23:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/01/30 23:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/01/22 15:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\DictionaryBoss
[2012/01/22 15:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\DictionaryBossEI
[2012/01/14 21:45:21 | 000,000,000 | ---D | C] -- C:\_AcroTemp
[2008/11/22 22:25:16 | 000,380,928 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/11 20:40:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{15904E67-03F6-420A-92AB-5F7080D2B6F7}.job
[2012/02/11 20:29:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2012/02/11 20:15:10 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/11 20:13:11 | 088,735,362 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/02/11 20:08:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/11 20:08:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/11 19:29:35 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012/02/11 19:21:18 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2330059218-1807642101-4011755052-1000UA.job
[2012/02/11 19:02:43 | 000,680,062 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/11 19:02:43 | 000,133,662 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/11 18:00:03 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2012/02/11 18:00:02 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2012/02/11 16:51:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/11 16:12:31 | 000,084,190 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/02/11 15:33:16 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/11 15:33:12 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/02/11 15:33:12 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/02/11 15:29:27 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2012/02/03 07:21:02 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2330059218-1807642101-4011755052-1000Core.job
[2012/02/02 02:59:26 | 000,000,908 | ---- | M] () -- C:\Users\owner\Desktop\Ad-Aware.lnk
[2012/02/02 02:59:25 | 002,402,930 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502000.00D\Cat.DB
[2012/02/01 16:01:03 | 000,000,638 | -H-- | M] () -- C:\aaw7boot.cmd
[2012/02/01 03:54:19 | 000,002,287 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/02/01 02:53:08 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2012/01/31 18:00:00 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\Pareto UNS.job
[2012/01/31 17:18:01 | 000,000,813 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/01/31 03:20:40 | 000,000,977 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/01/31 03:20:40 | 000,000,953 | ---- | M] () -- C:\Users\owner\Desktop\AVG PC Tuneup 2011.lnk
[2012/01/30 19:43:39 | 000,001,674 | ---- | M] () -- C:\Users\owner\Desktop\dfrgui.lnk
[2012/01/30 06:54:56 | 000,001,942 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/28 00:44:26 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502000.00D\isolate.ini
[2012/01/25 01:23:33 | 000,001,635 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/17 18:39:24 | 406,255,525 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/02 02:59:26 | 000,000,908 | ---- | C] () -- C:\Users\owner\Desktop\Ad-Aware.lnk
[2012/02/01 16:00:49 | 000,000,638 | -H-- | C] () -- C:\aaw7boot.cmd
[2012/01/31 03:20:40 | 000,000,977 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/01/31 03:20:40 | 000,000,953 | ---- | C] () -- C:\Users\owner\Desktop\AVG PC Tuneup 2011.lnk
[2012/01/31 03:05:24 | 000,000,813 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/01/30 19:43:39 | 000,001,674 | ---- | C] () -- C:\Users\owner\Desktop\dfrgui.lnk
[2012/01/19 20:30:46 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/17 18:39:24 | 406,255,525 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/28 21:36:23 | 000,038,447 | ---- | C] () -- C:\Users\owner\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/10/28 21:15:59 | 000,038,474 | ---- | C] () -- C:\Users\owner\AppData\Roaming\Comma Separated Values (DOS).ADR
[2011/08/19 04:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/08/19 04:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/08/19 04:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/07/26 06:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/05/05 09:34:34 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/05 09:34:34 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/01/17 17:30:02 | 000,000,680 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2010/10/04 06:27:56 | 000,023,627 | ---- | C] () -- C:\Users\owner\AppData\Roaming\UserTile.png
[2010/09/01 17:04:53 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2010/02/16 14:42:32 | 000,033,036 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/12/03 08:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/10/29 21:59:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/29 21:59:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/12 15:14:25 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2009/04/10 17:01:56 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL
[2009/04/10 17:01:48 | 000,000,153 | ---- | C] () -- C:\Windows\System32\PMDrvStr.ini
[2009/04/10 17:01:47 | 000,110,592 | ---- | C] () -- C:\Windows\System32\NSPdf32.dll
[2009/04/10 17:01:47 | 000,001,024 | ---- | C] () -- C:\Windows\System32\NSPDF16.DLL
[2009/04/10 17:01:42 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2009/03/08 22:43:36 | 000,004,170 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat
[2009/02/09 19:13:13 | 000,007,680 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/07 17:16:01 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009/02/07 17:16:00 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2009/01/10 16:37:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/12/04 17:37:28 | 000,000,243 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2008/12/04 17:37:28 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2008/12/04 17:37:02 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/12/04 17:37:02 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/12/04 17:35:48 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2008/12/04 17:35:43 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008/11/23 20:36:31 | 000,000,165 | ---- | C] () -- C:\Windows\Quicken.ini
[2008/11/22 22:02:55 | 000,008,521 | ---- | C] () -- C:\Windows\lmpcl2a.ini
[2008/11/19 20:14:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/19 19:54:28 | 000,000,014 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2008/11/19 19:54:26 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/09/20 01:24:19 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/09/20 01:24:19 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/09/20 01:24:19 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/09/20 01:24:19 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/08/18 13:36:20 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/18 13:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/18 13:07:48 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/18 13:07:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/18 13:07:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/18 13:07:48 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/18 13:07:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/08/18 12:51:31 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.exe
[2008/06/12 20:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/12 20:41:20 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/06/12 20:41:18 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/06/12 20:41:18 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/04/24 20:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 20:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 20:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 20:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 20:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 20:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 002,364,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,680,062 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,133,662 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2011/10/04 03:01:07 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\.oit
[2012/01/31 03:55:26 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\AVG
[2012/01/31 03:07:12 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\AVG2012
[2011/02/03 20:19:48 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\AVG9
[2009/04/10 17:20:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Canon
[2009/04/12 17:16:48 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/03/28 23:49:41 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\DriverCure
[2008/11/20 20:20:38 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\EasySuite
[2008/11/22 00:43:03 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GetRightToGo
[2012/01/06 20:28:44 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Leadertech
[2009/04/10 17:19:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\NewSoft
[2011/11/06 00:04:24 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Nokia
[2011/07/08 16:26:58 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Nuance
[2010/10/04 21:28:37 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ParetoLogic
[2011/11/06 00:03:12 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PC Suite
[2010/10/04 06:27:47 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PeerNetworking
[2011/12/05 03:08:37 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Product_RM
[2012/01/14 21:09:02 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Registry Mechanic
[2011/07/08 16:02:21 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ScanSoft
[2011/11/23 05:30:21 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Shutterfly
[2008/11/19 19:58:05 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SupportSoft
[2010/07/13 22:51:05 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\System Tweaker
[2009/03/08 22:43:37 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Template
[2011/01/14 19:23:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Tific
[2010/10/04 23:59:19 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Uniblue
[2009/09/15 18:58:03 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WinBatch
[2011/07/08 16:27:05 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Zeon
[2012/02/03 07:21:02 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2330059218-1807642101-4011755052-1000Core.job
[2012/02/11 19:21:18 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2330059218-1807642101-4011755052-1000UA.job
[2012/01/31 18:00:00 | 000,000,406 | ---- | M] () -- C:\Windows\Tasks\Pareto UNS.job
[2012/02/11 18:00:02 | 000,000,442 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2012/02/11 18:00:03 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2012/02/01 02:53:08 | 000,000,418 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2012/02/11 15:29:27 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2012/02/11 19:29:35 | 000,000,254 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2012/02/09 23:58:12 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/11 20:40:00 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{15904E67-03F6-420A-92AB-5F7080D2B6F7}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 241 bytes -> C:\ProgramData\TEMP:01C66DD9
@Alternate Data Stream - 238 bytes -> C:\ProgramData\TEMP:0B9FB94D
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

2.) Extras.Txt:
OTL Extras logfile created on: 2/11/2012 8:34:39 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 46.77% Memory free
5.94 Gb Paging File | 2.12 Gb Available in Paging File | 35.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 126.91 Gb Free Space | 54.84% Space Free | Partition Type: NTFS
Drive E: | 1.92 Gb Total Space | 0.07 Gb Free Space | 3.62% Space Free | Partition Type: FAT

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BAA88E9-3C5C-41B3-ADF9-4DACD90F9F7F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0E6D05AC-0CAB-44AE-8C74-6CE0D9D03863}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{1E0947A0-65E4-45F2-AB30-976B1904DDAD}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{2210FBE8-651D-454B-BE82-E04F679EC43D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{23A5EA74-FFE0-4BF3-A296-23E55C1108EE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2C530783-F86B-480F-96C9-0B6096D035D7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{311EA7D2-EB28-4053-878A-C043434ABF76}" = lport=137 | protocol=17 | dir=in | app=system |
"{39B6E72C-E7DE-4523-BA2E-2DB61A8E102F}" = lport=445 | protocol=6 | dir=in | app=system |
"{3CA0A785-F552-4714-BDF4-8E545CFEC067}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{3EECB6A0-82B1-4349-8F77-9EF8B7FD2657}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{43C7AB2E-E70A-44BB-93A1-C9CD7D445C19}" = rport=139 | protocol=6 | dir=out | app=system |
"{467911F0-654B-4D2B-9883-8AB823B419D3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4789C28F-AA49-4296-9162-A5303CA2638D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{6E3BA5F6-3F22-4B98-BBD5-C1592976AE21}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{7C11AB0E-2E75-489C-889F-992D19FD64D7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9045E176-5DAB-4B52-AB04-06313ED7172F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{92687A94-C3FA-40B1-A898-E84AD7AED2F1}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{B0245510-2504-472B-90A6-3CB1614D7B3D}" = rport=445 | protocol=6 | dir=out | app=system |
"{C0D6E7DC-3634-4E8F-8956-C6163DE0A8FD}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{C7911969-52D6-43C2-AEA2-0EC9A5F358CD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D490EA05-C19D-4815-9348-2941F3C2D89E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DC8F47F6-EE8E-423A-A892-BD4EE8D505A9}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{DD927DCD-5474-4514-965E-ACFB6F50BBDC}" = lport=139 | protocol=6 | dir=in | app=system |
"{E799987B-51BD-4E52-BA2D-EB454A5013F2}" = rport=137 | protocol=17 | dir=out | app=system |
"{EF053D7B-DCD8-415A-A0AF-FD9273888217}" = rport=138 | protocol=17 | dir=out | app=system |
"{F1438A18-AE52-417D-845E-4073EE459322}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{F475903A-40EA-4A3B-AAE4-C22CE85B971C}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0626BDC1-3BD3-48C7-8F0D-B5E3E722BB90}" = protocol=58 | dir=in | [email protected],-28545 |
"{0BC8DC3E-B9F8-4B5B-9D9A-39309AAA1D74}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{14F9C360-372E-442C-AB55-F67511CCA8E4}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{14FF23D8-84E7-4121-AF0F-C0801076B707}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{1931E60A-8CA0-4C79-886E-D3B86BAA5A50}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{19327D76-FD43-48C3-9922-B0165E8A4AA7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{1A706EB5-DAC4-49B4-8CF4-891DFD27FB83}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{22A6D3E6-41FA-49ED-9096-1B4CC8519BB2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{27B6B8DB-4282-4A0A-9868-A27DB91C5D00}" = dir=in | app=c:\users\owner\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{3175710D-BB03-41BA-99BF-6083BC4E5B78}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{3D10EA6B-07E9-4B82-A0F9-5A2FB27300DC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{46F7E1C2-C8E6-4599-BEED-1C5452DC8573}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4BFC90D6-B459-48D4-9019-1DCD398A2C45}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{4E40009B-623D-4F02-AB6B-B993F29CE509}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4EC6A771-13EC-4A5C-A1A7-CB8882A93F66}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{59723913-5467-491E-A663-CE20A760A6C5}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl08b\faxrx.exe |
"{6846F5DD-2C6A-4E67-A670-0941A6196B9A}" = protocol=1 | dir=out | [email protected],-28544 |
"{68D10884-7F34-44E1-906C-C37070A45BBD}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{6EAC903B-3909-4E62-B57F-856CB9CDA6D4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8605D633-6D60-4ABC-9EB0-A8ABEB79BAA3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{89F31CF2-01FD-4EBE-9DDE-BC2DB5AA0B2D}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{9394EE0F-3931-40CB-A385-1E8198D93E68}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{950D9C85-0201-4E82-B650-C18EBB628F2B}" = protocol=1 | dir=in | [email protected],-28543 |
"{9954CE82-B382-4F7A-B793-99E2D82983E1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{A486D4A7-9103-46C6-9C39-C71885CC0A69}" = protocol=6 | dir=in | app=c:\program files\adawaretb\dtuser.exe |
"{AF363E07-0AD6-4329-8ED6-D7C5B4B7B410}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B5F6A0B7-D59F-41BA-9880-9F65D42761A4}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{B8F2D266-84A8-4066-B416-BE2A7E81C979}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BBC6229A-7518-483F-BF30-9F14B25CCCC7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{C15E4050-D13A-403B-8C65-977D9FB0B9FF}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C56B2082-874C-4091-8A80-F37ABE771B64}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{C8032539-76C5-40F8-8B6F-D5CF04D26609}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{CBB35629-FD49-4986-8071-4C0D52297003}" = protocol=17 | dir=in | app=c:\program files\adawaretb\dtuser.exe |
"{EC66927C-EEEC-41C2-AD92-15B033D991F2}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl08b\faxrx.exe |
"{EEE87E60-EBAA-4402-BBFE-26F51369F6B2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{EF06480D-4FD5-4391-B2CB-896999D962F4}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{F1323F77-CFF6-42B9-B670-03B0783D1491}" = protocol=58 | dir=out | [email protected],-28546 |
"TCP Query User{751D12DC-DFB6-4B8A-8810-AB8C4EDD32DE}C:\program files\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"TCP Query User{A5C02060-D207-4869-B3D1-7EF151359709}C:\program files\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"UDP Query User{2F75C124-75CF-44C0-AF19-DD9D95F0CFBA}C:\program files\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"UDP Query User{7C1ED0C8-6537-4528-8004-460701500841}C:\program files\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01958032-9877-4118-B87F-9EFA74B3F15F}" = Adobe Version Cue
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}" = Vz In Home Agent
"{083E0D59-B6B4-4570-AA0A-37F5B4526CF5}" = AVG 2012
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{113AC946-0CEB-49C7-828A-230FF9EB1DBB}" = TurboTax 2010 wmdiper
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26D3E377-1DCA-4043-9410-B4A9BACF1033}" = Nero 7 Ultra Edition
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{307B9D04-A1F4-48EA-809C-DF7FA9C4BB6D}" = Presto! PageManager 7.15.17
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{41313863-5170-4D7E-AD60-3CDF4DEBA81F}" = Nokia PC Suite
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{459E0590-ECD4-490E-9E52-3EF1F1782225}" = Dawn
"{48FF6DE6-0619-4562-B4B1-21F161FE0DE0}" = Symantec Technical Support Advanced Chat Controls
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69192731-44E6-4C08-B0A3-66174478B9E3}" = Nuance PaperPort 12
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{73B52EA8-8A5C-4FF5-A9F2-1A0F3259C3D2}" = TOSHIBA Application Disc Creator
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_950" = Adobe Acrobat 9.5.0 - CPSID_83708
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3E4251D-8364-4698-B0E0-A7C799384403}" = Adobe GoLive CS (ENG)
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-490CW
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF95F1EE-9ECA-45C1-B02B-F56DDB8A3E83}" = PC Connectivity Solution
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EC00862A-C16F-4ED0-BC06-34538512E730}" = Nuance PDF Viewer Plus
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD710DA0-B768-48CD-B45F-BA175B6869DA}" = Skype Toolbar for Outlook
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
"adawaretb" = Ad-Aware Security Toolbar
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"AVG" = AVG 2012
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DictionaryBossbar Uninstall" = DictionaryBoss
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"Lexmark_HostCD" = Lexmark Software Uninstall
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Logitech Vid" = Logitech Vid HD
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"N360" = Norton 360 Premier Edition
"Nokia PC Suite" = Nokia PC Suite
"Productivity_3 Toolbar" = Productivity 3 Toolbar
"PROR" = Microsoft Office Professional 2007
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"SFlyStudio" = Shutterfly Studio
"StartNow Toolbar" = StartNow Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"System Tweaker_is1" = Uniblue System Tweaker
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TurboTax 2008" = TurboTax 2008
"TurboTax 2010" = TurboTax 2010
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there the first priority will be to totally uninstall Norton

Download the following programme to your desktop and run

Norton removal tool

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\..\URLSearchHook: {e7472076-ff9d-4325-8eaf-613572008758} - No CLSID value found
    O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1C9B96A0-CBA2-482E-9C40-9200B547123A} - No CLSID value found.

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

THEN

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

FINALLY

  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window.

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0

#5
BirdDuck

BirdDuck

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
BirdDuck is back. I am picking up from where I downloaded aswMBR.exe; ran scan; and saved log. In response to your request: "On completion of the scan click save log, save it to your desktop and post in your next reply," here is a cut and paste of the "aswMBR.txt" log (from Notepad):

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-24 05:40:33
-----------------------------
05:40:33.555 OS Version: Windows 6.0.6002 Service Pack 2
05:40:33.556 Number of processors: 2 586 0xF0D
05:40:33.557 ComputerName: OWNER-PC UserName: owner
05:40:44.761 Initialize success
05:42:11.293 AVAST engine defs: 12022301
05:42:25.346 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
05:42:25.350 Disk 0 Vendor: TOSHIBA_ LV01 Size: 238475MB BusType: 3
05:42:25.374 Disk 0 MBR read successfully
05:42:25.377 Disk 0 MBR scan
05:42:25.383 Disk 0 Windows VISTA default MBR code
05:42:25.413 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
05:42:25.433 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 236974 MB offset 3074048
05:42:25.441 Disk 0 scanning sectors +488396800
05:42:25.518 Disk 0 scanning C:\Windows\system32\drivers
05:42:59.305 Service scanning
05:43:51.977 Modules scanning
05:44:10.669 Disk 0 trace - called modules:
05:44:10.708 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
05:44:11.057 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x875f7a10]
05:44:11.063 3 CLASSPNP.SYS[8ab168b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85a55028]
05:44:12.192 AVAST engine scan C:\Windows
05:44:23.115 AVAST engine scan C:\Windows\system32
05:51:22.461 AVAST engine scan C:\Windows\system32\drivers
05:51:46.851 AVAST engine scan C:\Users\owner
06:13:53.440 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
06:13:53.455 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that is a nice and clean report

Could you now run the OTL scan please and let me know if AVG is still detecting ?
  • 0

#7
BirdDuck

BirdDuck

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is the OTL Quick Scan I ran on 2/24 for "All Users" per your last instructions. The is the place where I left off before we re-opened topic. I am cut and pasting here. If you want me to run another Quick Scan, what kind do you want me to run and what parameters do you want me to use?

Here is the 2/24/12 Quick Scan - Parameters: "All Users".
OTL logfile created on: 2/24/2012 6:17:51 AM - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\owner\Desktop\GeekstoGo.com
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 33.44% Memory free
5.95 Gb Paging File | 4.05 Gb Available in Paging File | 68.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 160.52 Gb Free Space | 69.36% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/24 05:40:01 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\owner\Desktop\GeekstoGo.com\aswMBR.exe
PRC - [2012/02/24 05:11:09 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\GeekstoGo.com\OTL.exe
PRC - [2012/02/19 23:26:01 | 000,103,904 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2012/02/19 22:33:43 | 000,250,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe
PRC - [2012/02/01 02:58:25 | 000,909,152 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
PRC - [2012/02/01 02:58:22 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/12 04:53:37 | 000,307,312 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/12/12 12:16:40 | 000,793,056 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/03 12:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/21 04:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/19 04:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/27 06:06:44 | 000,267,488 | ---- | M] () -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/06/08 09:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/06/08 09:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/10 22:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2009/09/03 11:41:06 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2009/05/05 15:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/04 16:46:38 | 001,242,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
PRC - [2008/08/04 16:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2008/07/18 22:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/02 15:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/05/09 13:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/24 20:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/17 02:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 02:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/02/06 15:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/02/06 15:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008/01/31 17:27:04 | 000,118,784 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/10/30 15:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/09/20 07:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/15 22:48:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 22:48:44 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\34bb6926e2172e86548ca7181ed07c27\IAStorUtil.ni.dll
MOD - [2012/02/15 22:48:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012/02/15 22:41:30 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012/02/15 22:41:09 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll
MOD - [2012/02/15 22:40:56 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
MOD - [2012/02/15 22:37:38 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll
MOD - [2012/02/15 22:36:52 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2012/02/01 02:58:22 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/01/31 03:04:50 | 001,574,240 | ---- | M] () -- C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
MOD - [2011/10/21 04:10:08 | 000,087,440 | ---- | M] () -- C:\Program Files\adawaretb\adawareDx.dll
MOD - [2011/10/13 14:31:11 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/08/12 12:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 12:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 12:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 12:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 12:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2008/09/20 01:12:29 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2008/03/06 12:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2007/12/25 14:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007/12/14 23:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/12/01 19:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\Toshiba\TBS\NotifyTBS.dll
MOD - [2006/10/30 15:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
MOD - [2006/10/10 13:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 13:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2006/09/20 07:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (lmab_device)
SRV - File not found [Auto | Stopped] -- -- (IAANTMON) Intel®
SRV - [2012/02/01 02:58:25 | 000,909,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/12/12 12:17:04 | 001,030,112 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe -- (DMRepairService)
SRV - [2011/12/12 12:16:54 | 001,038,304 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe -- (DMDefragService)
SRV - [2011/12/12 12:16:40 | 000,793,056 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011/11/30 16:12:40 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/19 04:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/27 06:06:44 | 000,267,488 | ---- | M] () [Auto | Running] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/08 09:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/02/10 22:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2009/09/03 11:41:06 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/04/18 22:57:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/12 19:28:40 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/08/04 16:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2008/07/18 22:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 20:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 17:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/02/06 15:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/02/01 17:08:50 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004/03/25 10:35:26 | 000,061,440 | ---- | M] (Adobe Sytems) [On_Demand | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue)


========== Driver Services (SafeList) ==========

DRV - [2012/02/16 07:12:31 | 000,074,968 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/12/12 12:17:34 | 000,128,120 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCTDSMon.sys -- (PCTDSMon)
DRV - [2011/12/12 12:17:28 | 000,108,864 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCTDMDefrag.sys -- (PCTDMDefrag)
DRV - [2011/11/03 12:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/19 09:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/08/19 04:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/06/23 08:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/11/11 12:59:26 | 000,002,560 | ---- | M] (SupportSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssrangdr.sys -- (ssrangdr)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/28 17:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/18 20:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 18:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/01/18 11:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/17 13:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/14 13:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\..\URLSearchHook: {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - C:\Program Files\Productivity_3\prxtbProd.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2330059218-1807642101-4011755052-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2330059218-1807642101-4011755052-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-2330059218-1807642101-4011755052-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-2330059218-1807642101-4011755052-1000\..\URLSearchHook: {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - C:\Program Files\Productivity_3\prxtbProd.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2330059218-1807642101-4011755052-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2330059218-1807642101-4011755052-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@DictionaryBoss.com/Plugin: C:\Program Files\DictionaryBoss\bar\1.bin\NPv4Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DictionaryBoss\bar\1.bin [2012/02/01 16:01:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/01/31 17:17:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\9.0.0.23\ [2012/01/31 03:05:19 | 000,000,000 | ---D | M]


========== Chrome ==========


O1 HOSTS File: ([2012/02/24 05:12:42 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Productivity 3 Toolbar) - {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - C:\Program Files\Productivity_3\prxtbProd.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDFViewerPlus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Toolbar BHO) - {6eb534fb-2001-45c4-b860-bc904865a379} - C:\Program Files\DictionaryBoss\bar\1.bin\v4bar.dll (MindSpark)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Productivity 3 Toolbar) - {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - C:\Program Files\Productivity_3\prxtbProd.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DictionaryBoss) - {3042df7a-e900-4389-9b94-923df0daa57e} - C:\Program Files\DictionaryBoss\bar\1.bin\v4bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-2330059218-1807642101-4011755052-1000\..\Toolbar\WebBrowser: (Productivity 3 Toolbar) - {1FCA4DF8-9ACD-4DFB-89CC-DDD0082FC588} - C:\Program Files\Productivity_3\prxtbProd.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2330059218-1807642101-4011755052-1000\..\Toolbar\WebBrowser: (DictionaryBoss) - {3042DF7A-E900-4389-9B94-923DF0DAA57E} - C:\Program Files\DictionaryBoss\bar\1.bin\v4bar.dll (MindSpark)
O3 - HKU\S-1-5-21-2330059218-1807642101-4011755052-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [DictionaryBoss Search Scope Monitor] C:\Program Files\DictionaryBoss\bar\1.bin\v4SrchMn.exe (MindSpark)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2330059218-1807642101-4011755052-1000..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-21-2330059218-1807642101-4011755052-1000..\Run: [DW6] File not found
O4 - HKU\S-1-5-21-2330059218-1807642101-4011755052-1000..\Run: [Facebook Update] C:\Users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2330059218-1807642101-4011755052-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - Startup: C:\Users\All Users\Ad-Aware Browsing Protection [2012/02/24 05:26:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Adobe [2012/01/19 20:25:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ahead [2009/05/27 20:10:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ALM [2009/04/18 23:27:17 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Amazon [2010/01/04 23:54:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple [2011/10/12 12:26:33 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple Computer [2011/03/15 15:05:07 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2006/11/02 08:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Atheros [2009/04/12 01:33:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\AVG Secure Search [2012/02/01 02:58:34 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\AVG2012 [2012/01/31 03:17:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\avg9 [2011/03/07 22:03:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Brother [2008/12/04 17:30:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Cached Installations [2009/04/12 00:53:01 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Common Files [2011/03/07 22:21:10 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\All Users\Desktop [2006/11/02 08:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2006/11/02 08:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Downloaded Installations [2009/04/12 00:55:15 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Driver Boost [2010/10/04 23:34:24 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\DriverCure [2011/08/11 16:28:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ezsidmv.dat ()
O4 - Startup: C:\Users\All Users\Favorites [2006/11/02 08:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\FLEXnet [2011/07/08 16:13:04 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Google [2009/01/25 20:20:52 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Installations [2012/01/07 15:40:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\InstallShield [2008/12/04 17:32:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Intuit [2009/04/11 18:42:56 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Lavasoft [2012/02/02 02:59:07 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\LogiShrd [2011/01/15 22:29:39 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Logitech [2012/01/06 20:24:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Macrovision [2009/04/18 23:53:53 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\MFAData [2012/02/24 04:12:44 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2011/09/27 04:33:06 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2012/02/14 22:02:31 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Motive [2011/01/27 01:43:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Nero [2009/05/27 20:06:50 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Norton [2012/02/24 04:46:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NortonInstaller [2011/06/01 18:06:00 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Nuance [2011/07/08 16:27:17 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Office Genuine Advantage [2010/05/31 00:34:45 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ParetoLogic [2010/10/04 21:28:19 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ParetoLogic Anti-Spyware [2009/04/12 00:48:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PC Suite [2011/11/06 00:03:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PC Tools [2012/02/18 03:12:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PCSettings [2009/05/06 14:26:41 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\RegCure [2011/08/14 18:37:27 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ScanSoft [2011/07/08 16:15:00 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Skype [2011/11/02 16:55:41 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2006/11/02 08:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Symantec [2012/02/24 04:37:29 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Symantec Temporary Files [2009/05/06 14:23:53 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\TEMP [2012/02/20 03:45:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2006/11/02 08:02:04 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Toshiba [2008/09/20 01:39:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ulead Systems [2008/08/18 13:06:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Uniblue [2010/10/04 23:59:58 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WildTangent [2008/11/19 20:24:56 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WindowsSearch [2009/09/04 18:04:41 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\XoftSpySE [2010/05/31 00:40:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\zeon [2011/07/08 16:17:01 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/04/04 05:12:04 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/09/15 18:20:47 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{7B6BA59A-FB0E-4499-8536-A7420338BF3B} [2009/09/08 19:40:44 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009/05/03 16:45:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A} [2011/06/23 04:03:38 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\AppData [2006/11/02 06:18:34 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2006/11/02 08:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2006/11/02 08:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2006/11/02 05:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2006/11/02 08:02:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2006/11/02 05:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2008/08/18 13:18:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2006/11/02 05:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2006/11/02 08:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2006/11/02 05:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2006/11/02 08:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2006/11/02 08:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2006/11/02 05:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2006/11/02 08:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2006/11/02 08:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2006/11/02 05:23:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2006/11/02 08:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2006/11/02 08:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2006/11/02 08:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2006/11/02 05:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\AppData [2011/05/11 09:03:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Guest\Application Data [2011/05/11 09:02:07 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Contacts [2011/05/11 09:02:39 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Cookies [2011/05/11 09:02:07 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Desktop [2011/11/23 05:30:19 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Documents [2011/05/11 09:03:43 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Downloads [2011/05/11 09:03:42 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Favorites [2011/05/11 09:03:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Links [2011/05/16 21:57:10 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Local Settings [2011/05/11 09:02:07 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Music [2011/05/11 09:03:42 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\My Documents [2011/05/11 09:02:07 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\NetHood [2011/05/11 09:02:07 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\NTUSER.DAT ()
O4 - Startup: C:\Users\Guest\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Guest\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{2292cb2e-4bdb-11e1-8679-001e3376db89}.TM.blf ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{2292cb2e-4bdb-11e1-8679-001e3376db89}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{2292cb2e-4bdb-11e1-8679-001e3376db89}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{9455b1a3-c8e6-11e0-afba-001e3376db89}.TM.blf ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{9455b1a3-c8e6-11e0-afba-001e3376db89}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{9455b1a3-c8e6-11e0-afba-001e3376db89}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{d7567a5b-1e32-11e1-bbc7-001e3376db89}.TM.blf ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{d7567a5b-1e32-11e1-bbc7-001e3376db89}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{d7567a5b-1e32-11e1-bbc7-001e3376db89}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Guest\ntuser.ini ()
O4 - Startup: C:\Users\Guest\Pictures [2011/05/11 09:03:42 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\PrintHood [2011/05/11 09:02:07 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Recent [2011/05/11 09:02:07 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\s-1-5-21-2330059218-1807642101-4011755052-501.rrr ()
O4 - Startup: C:\Users\Guest\S-1-5-21-2330059218-1807642101-4011755052-501.rrr.LOG1 ()
O4 - Startup: C:\Users\Guest\S-1-5-21-2330059218-1807642101-4011755052-501.rrr.LOG2 ()
O4 - Startup: C:\Users\Guest\Saved Games [2011/05/11 09:03:43 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Searches [2011/05/11 09:03:44 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\SendTo [2011/05/11 09:02:07 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Start Menu [2011/05/11 09:02:07 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Templates [2011/05/11 09:02:07 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Videos [2011/05/11 09:03:41 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\owner\120608 Diagnostic Results.cab ()
O4 - Startup: C:\Users\owner\AppData [2010/07/22 19:44:14 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\owner\Application Data [2008/11/19 19:54:06 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\owner\Contacts [2010/07/22 19:22:48 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\owner\Cookies [2008/11/19 19:54:06 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\owner\Desktop [2012/02/24 06:21:48 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\owner\Documents [2012/02/19 23:14:27 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\owner\Downloads [2012/02/24 04:15:48 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\owner\Favorites [2012/02/18 20:45:43 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\owner\g2mdlhlpx.exe ()
O4 - Startup: C:\Users\owner\Internet - Shortcut.lnk = File not found
O4 - Startup: C:\Users\owner\Links [2010/10/04 22:01:39 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\owner\Local Settings [2008/11/19 19:54:06 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\owner\Mary Byrd Brown - Shortcut.lnk = C:\Users\owner [2012/02/20 00:42:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\owner\Music [2009/08/08 01:24:28 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\owner\My Albums [2011/11/23 05:34:16 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\owner\My Documents [2008/11/19 19:54:06 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\owner\NetHood [2008/11/19 19:54:06 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\owner\NTUSER.DAT ()
O4 - Startup: C:\Users\owner\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\owner\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\owner\ntuser.dat.rmbak ()
O4 - Startup: C:\Users\owner\NTUSER.DAT{093e2033-3cf7-11e1-a4f1-001e3376db89}.TM.blf ()
O4 - Startup: C:\Users\owner\NTUSER.DAT{093e2033-3cf7-11e1-a4f1-001e3376db89}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\owner\NTUSER.DAT{093e2033-3cf7-11e1-a4f1-001e3376db89}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\owner\NTUSER.DAT{48c27dce-5b7b-11e1-bef0-001e3376db89}.TM.blf ()
O4 - Startup: C:\Users\owner\NTUSER.DAT{48c27dce-5b7b-11e1-bef0-001e3376db89}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\owner\NTUSER.DAT{48c27dce-5b7b-11e1-bef0-001e3376db89}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\owner\NTUSER.DAT{683e4863-4c56-11e1-a1c3-001e3376db89}.TM.blf ()
O4 - Startup: C:\Users\owner\NTUSER.DAT{683e4863-4c56-11e1-a1c3-001e3376db89}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\owner\NTUSER.DAT{683e4863-4c56-11e1-a1c3-001e3376db89}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\owner\NTUSER.DAT{9455b19f-c8e6-11e0-afba-001e3376db89}.TM.blf ()
O4 - Startup: C:\Users\owner\NTUSER.DAT{9455b19f-c8e6-11e0-afba-001e3376db89}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\owner\NTUSER.DAT{9455b19f-c8e6-11e0-afba-001e3376db89}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\owner\NTUSER.DAT{c26f97b2-07fb-11e1-8ab9-001e3376db89}.TM.blf ()
O4 - Startup: C:\Users\owner\NTUSER.DAT{c26f97b2-07fb-11e1-8ab9-001e3376db89}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\owner\NTUSER.DAT{c26f97b2-07fb-11e1-8ab9-001e3376db89}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\owner\NTUSER.DAT{d7567a57-1e32-11e1-bbc7-001e3376db89}.TM.blf ()
O4 - Startup: C:\Users\owner\NTUSER.DAT{d7567a57-1e32-11e1-bbc7-001e3376db89}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\owner\NTUSER.DAT{d7567a57-1e32-11e1-bbc7-001e3376db89}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\owner\ntuser.ini ()
O4 - Startup: C:\Users\owner\Office Genuine Advantage [2010/05/31 00:34:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\owner\Pictures [2012/01/06 20:39:15 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\owner\PrintHood [2008/11/19 19:54:06 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\owner\Recent [2008/11/19 19:54:06 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\owner\S-1-5-21-2330059218-1807642101-4011755052-1000.rrr.LOG1 ()
O4 - Startup: C:\Users\owner\S-1-5-21-2330059218-1807642101-4011755052-1000.rrr.LOG2 ()
O4 - Startup: C:\Users\owner\Saved Games [2011/11/10 06:40:39 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\owner\Searches [2011/05/17 21:10:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\owner\SendTo [2008/11/19 19:54:06 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\owner\Start Menu [2008/11/19 19:54:06 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\owner\Templates [2008/11/19 19:54:06 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\owner\Videos [2012/01/06 20:39:15 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\owner\{13935f0e-1ed0-46a0-a02c-57757f0f33d4} [2012/01/07 15:48:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\owner\{3b868fc4-81fe-458a-a9bd-ab9ffa4a797a} [2008/11/22 22:55:53 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Public\Computer - Shortcut.lnk = File not found
O4 - Startup: C:\Users\Public\Desktop [2012/02/24 04:38:05 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2009/04/18 23:34:05 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2011/01/14 17:51:58 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2006/11/02 05:23:35 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2006/11/02 07:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Pictures [2006/11/02 07:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2009/12/23 18:29:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2010/01/04 23:54:40 | 000,000,000 | R--D | M]
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2330059218-1807642101-4011755052-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A2E6BA9-3B42-4B4C-BBFB-E7D86FD7E9DB}: DhcpNameServer = 192.168.1.1 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CA3FD0B-64C1-4157-B57C-436A955455EE}: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Toolbars\Shared\Skype4ComAPI.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-1.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{45c0abee-3dc1-11e0-96bc-001e3376db89}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\e-MedTAG.exe
O33 - MountPoints2\{be6b2fc9-b757-11dd-8ceb-001e3376db89}\Shell - "" = AutoRun
O33 - MountPoints2\{ccb9c09e-b9c5-11dd-b031-001e3376db89}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/24 05:12:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/24 05:11:38 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\GeekstoGo.com
[2012/02/19 23:19:12 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\PC Tools Performance Toolkit
[2012/02/18 03:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Utilities
[2012/02/18 03:12:09 | 000,128,120 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTDSMon.sys
[2012/02/18 03:12:09 | 000,108,864 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTDMDefrag.sys
[2012/02/18 03:12:05 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/02/18 02:50:52 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Product_PT
[2012/02/16 07:12:48 | 000,074,968 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\sbapifs.sys
[2012/02/02 02:59:59 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\adaware
[2012/02/02 02:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012/02/02 02:59:24 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2012/02/02 02:59:08 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2012/02/02 02:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012/01/31 03:32:45 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\AVG
[2012/01/31 03:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/01/31 03:07:12 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\AVG2012
[2012/01/31 03:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/01/31 03:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/01/31 03:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/01/30 23:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/01/30 23:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012

========== Files - Modified Within 30 Days ==========

[2012/02/24 06:30:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{15904E67-03F6-420A-92AB-5F7080D2B6F7}.job
[2012/02/24 06:13:53 | 000,000,512 | ---- | M] () -- C:\Users\owner\Desktop\MBR.dat
[2012/02/24 05:58:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/24 05:25:21 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/24 05:25:19 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2012/02/24 05:23:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/24 05:23:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/24 05:22:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/24 05:12:42 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/02/24 04:21:07 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2330059218-1807642101-4011755052-1000UA.job
[2012/02/24 03:02:36 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/02/24 03:02:36 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/02/24 00:15:57 | 089,921,030 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/02/24 00:12:24 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2330059218-1807642101-4011755052-1000Core.job
[2012/02/20 18:00:01 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2012/02/20 18:00:01 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2012/02/20 04:12:36 | 000,164,575 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/02/18 03:12:12 | 000,001,004 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Performance Toolkit.lnk
[2012/02/16 23:59:49 | 000,001,942 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/02/16 07:12:31 | 000,074,968 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\sbapifs.sys
[2012/02/16 01:29:41 | 002,415,930 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502000.00D\Cat.DB
[2012/02/16 01:28:13 | 000,001,452 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2012/02/15 22:55:51 | 000,031,696 | ---- | M] () -- C:\{4FB3CEDA-7B87-41E9-8B45-8801C336A536}
[2012/02/15 22:35:31 | 002,364,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/14 22:04:02 | 000,680,062 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/14 22:04:02 | 000,133,662 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/02 03:02:51 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2012/02/02 02:59:26 | 000,000,908 | ---- | M] () -- C:\Users\owner\Desktop\Ad-Aware.lnk
[2012/02/01 02:53:08 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2012/01/31 18:00:00 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\Pareto UNS.job
[2012/01/31 17:18:01 | 000,000,813 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/01/31 03:20:40 | 000,000,977 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/01/31 03:20:40 | 000,000,953 | ---- | M] () -- C:\Users\owner\Desktop\AVG PC Tuneup 2011.lnk
[2012/01/30 19:43:39 | 000,001,674 | ---- | M] () -- C:\Users\owner\Desktop\dfrgui.lnk

========== Files Created - No Company Name ==========

[2012/02/24 06:13:53 | 000,000,512 | ---- | C] () -- C:\Users\owner\Desktop\MBR.dat
[2012/02/18 03:12:12 | 000,001,004 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Performance Toolkit.lnk
[2012/02/16 14:59:46 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2012/02/15 22:55:51 | 000,031,696 | ---- | C] () -- C:\{4FB3CEDA-7B87-41E9-8B45-8801C336A536}
[2012/02/02 02:59:26 | 000,000,908 | ---- | C] () -- C:\Users\owner\Desktop\Ad-Aware.lnk
[2012/01/31 03:20:40 | 000,000,977 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/01/31 03:20:40 | 000,000,953 | ---- | C] () -- C:\Users\owner\Desktop\AVG PC Tuneup 2011.lnk
[2012/01/31 03:05:24 | 000,000,813 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/01/30 19:43:39 | 000,001,674 | ---- | C] () -- C:\Users\owner\Desktop\dfrgui.lnk
[2011/10/28 21:36:23 | 000,038,447 | ---- | C] () -- C:\Users\owner\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/10/28 21:15:59 | 000,038,474 | ---- | C] () -- C:\Users\owner\AppData\Roaming\Comma Separated Values (DOS).ADR
[2011/08/19 04:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/08/19 04:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/08/19 04:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/07/26 06:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/05/05 09:34:34 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/05 09:34:34 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/01/17 17:30:02 | 000,000,680 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2010/10/04 06:27:56 | 000,023,627 | ---- | C] () -- C:\Users\owner\AppData\Roaming\UserTile.png
[2010/09/01 17:04:53 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe

========== LOP Check ==========

[2011/10/04 03:01:07 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\.oit
[2012/01/31 03:55:26 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\AVG
[2012/01/31 03:07:12 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\AVG2012
[2011/02/03 20:19:48 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\AVG9
[2009/04/10 17:20:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Canon
[2009/04/12 17:16:48 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/03/28 23:49:41 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\DriverCure
[2008/11/20 20:20:38 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\EasySuite
[2008/11/22 00:43:03 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GetRightToGo
[2012/01/06 20:28:44 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Leadertech
[2009/04/10 17:19:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\NewSoft
[2011/11/06 00:04:24 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Nokia
[2011/07/08 16:26:58 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Nuance
[2010/10/04 21:28:37 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ParetoLogic
[2011/11/06 00:03:12 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PC Suite
[2010/10/04 06:27:47 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PeerNetworking
[2012/02/18 02:50:52 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Product_PT
[2011/12/05 03:08:37 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Product_RM
[2012/01/14 21:09:02 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Registry Mechanic
[2011/07/08 16:02:21 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ScanSoft
[2011/11/23 05:30:21 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Shutterfly
[2008/11/19 19:58:05 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SupportSoft
[2010/07/13 22:51:05 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\System Tweaker
[2009/03/08 22:43:37 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Template
[2011/01/14 19:23:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Tific
[2010/10/04 23:59:19 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Uniblue
[2009/09/15 18:58:03 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WinBatch
[2011/07/08 16:27:05 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Zeon
[2012/02/24 00:12:24 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2330059218-1807642101-4011755052-1000Core.job
[2012/02/24 04:21:07 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2330059218-1807642101-4011755052-1000UA.job
[2012/01/31 18:00:00 | 000,000,406 | ---- | M] () -- C:\Windows\Tasks\Pareto UNS.job
[2012/02/20 18:00:01 | 000,000,442 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2012/02/20 18:00:01 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2012/02/01 02:53:08 | 000,000,418 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2012/02/24 05:25:19 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2012/02/24 05:20:30 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/24 06:30:00 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{15904E67-03F6-420A-92AB-5F7080D2B6F7}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2009/04/10 23:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation)
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 87
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
"DhcpNodeType" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{0A2E6BA9-3B42-4B4C-BBFB-E7D86FD7E9DB}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{5CA3FD0B-64C1-4157-B57C-436A955455EE}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/01/20 21:24:20 | 000,035,840 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 01 01 06 01 03 01 00 01 04 01 02 01 07 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2006/11/02 04:46:14 | 000,011,264 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/12/14 23:45:00 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/12/14 23:45:00 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/12/14 23:45:00 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/12/15 01:22:33 | 000,638,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/12/15 01:22:33 | 000,638,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/12/14 23:45:00 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/12/14 23:45:00 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/12/14 23:45:00 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/12/15 01:22:33 | 000,638,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/12/15 01:22:33 | 000,638,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 241 bytes -> C:\ProgramData\TEMP:01C66DD9
@Alternate Data Stream - 238 bytes -> C:\ProgramData\TEMP:0B9FB94D
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0D786AE3
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

#8
BirdDuck

BirdDuck

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Martin. Again, I appreciate your help very much. Thank you.

I reviewed AVG's "Resident Shield" history log. The last time that Win32/Heur was detected was February 15, 2012. I highlighted this most recent detection in purple. Please note that the Luhe.Cryptic.D infection was healed when I clicked "Remove All Threats; there are four occurrences of this infection. There have been no occurrences of the Win32/Heur infections since February 15 2012. :thumbsup: Good work, professor.

Here is a copy of the 02/25/2012 Report. I double-spaced so it is easier to read. A little hard on the eyes.
-------------------------------------------------------------------------------------------------------------
Resident Shield detection
Infection;"Object";"Result";"Detection time";"Object Type";"Process"

Virus found Win32/Heur;"c:\Windows\temp\0000019C";"Infected";"2/15/2012, 11:59:26 PM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.2.0.13\ccsvchst.exe"

Found Luhe.Cryptic.D;"c:\Users\owner\Downloads\490-INST-B1.EXE";"Healed";"2/11/2012, 7:13:30 PM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.2.0.13\ccsvchst.exe"

Found Luhe.Cryptic.D;"c:\Users\owner\Downloads\delinf_1044.EXE";"Healed";"2/11/2012, 7:11:02 PM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.2.0.13\ccsvchst.exe"

Found Luhe.Cryptic.D;"c:\Users\owner\Downloads\490-INST-B.EXE";"Healed";"2/11/2012, 7:10:34 PM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.2.0.13\ccsvchst.exe"

Found Luhe.Cryptic.D;"c:\Users\owner\Downloads\DELINF.EXE";"Healed";"2/11/2012, 7:10:33 PM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.2.0.13\ccsvchst.exe"

Virus found Win32/Heur;"c:\Windows\temp\000000AE";"Object is inaccessible.";"1/30/2012, 8:19:18 PM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe"

Virus found Win32/Heur;"c:\Windows\temp\0000019D";"Object is inaccessible.";"1/17/2012, 7:20:29 PM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe"

Virus found Win32/Heur;"c:\Windows\temp\0000023D";"Object is inaccessible.";"1/6/2012, 11:21:54 PM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe"

Virus found Win32/Heur;"c:\Windows\temp\000002F1";"Object is inaccessible.";"12/27/2011, 5:25:52 PM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe"

Virus found Win32/Heur;"c:\Windows\temp\000002A2";"Object is inaccessible.";"12/19/2011, 3:19:54 PM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe"

Virus found Win32/Heur;"c:\Windows\temp\000002E1";"Object is inaccessible.";"12/5/2011, 6:08:53 AM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe"

Virus found Win32/Heur;"c:\Windows\temp\000002D8";"Object is inaccessible.";"12/4/2011, 9:16:14 AM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe"

Virus found Win32/Heur;"c:\Windows\temp\000002DA";"Object is inaccessible.";"11/27/2011, 7:11:59 AM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe"

Virus found Win32/Heur;"c:\Windows\temp\000001A0";"Object is inaccessible.";"11/16/2011, 10:30:45 PM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe"

Virus found Win32/Heur;"c:\Windows\temp\000002BC";"Object is inaccessible.";"11/6/2011, 10:44:32 PM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe"

Virus found Win32/Heur;"c:\Windows\temp\00000159";"Object is inaccessible.";"10/20/2011, 9:56:50 PM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe"

Virus found Win32/Heur;"c:\Windows\temp\000002D7";"Object is inaccessible.";"10/13/2011, 6:45:49 PM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe"

Virus found Win32/Heur;"c:\Windows\temp\00000293";"Object is inaccessible.";"10/2/2011, 12:56:34 PM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe"

Virus found Win32/Heur;"c:\Windows\temp\000002DD";"Object is inaccessible.";"9/25/2011, 2:19:05 AM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe"

Virus found Win32/Heur;"c:\Windows\temp\0000019F";"Object is inaccessible.";"9/18/2011, 12:10:52 AM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe"

Virus found Win32/Heur;"c:\Windows\temp\00000298";"Object is inaccessible.";"9/10/2011, 10:18:40 AM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe"

Virus found Win32/Heur;"c:\Windows\temp\00000238";"Object is inaccessible.";"8/31/2011, 3:06:30 PM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe"

Virus found Win32/Heur;"c:\Windows\temp\00000251";"Object is inaccessible.";"8/20/2011, 12:01:05 AM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe"

Virus found Win32/Heur;"c:\Windows\temp\000002DB";"Object is inaccessible.";"8/8/2011, 7:02:26 PM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe"

Virus found Win32/Heur;"c:\Windows\temp\0000004F";"Object is inaccessible.";"8/1/2011, 4:03:57 PM";"file";"C:\Program Files\Norton 360 Premier
Edition\Engine\5.1.0.29\ccSvcHst.exe"

Virus found Win32/Heur;"c:\Windows\temp\00000194";"Object is inaccessible.";"7/22/2011, 6:09:30 PM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe"

Virus found Win32/Heur;"c:\Windows\temp\000002E6";"Object is inaccessible.";"7/14/2011, 11:38:05 PM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe"

Virus found Win32/Heur;"c:\Windows\temp\00000227";"Object is inaccessible.";"7/8/2011, 2:16:11 PM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe"

Virus found Win32/Heur;"c:\Windows\temp\000002D6";"Object is inaccessible.";"6/15/2011, 8:34:16 PM";"file";"C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe"

Virus found Win32/Heur;"c:\Windows\temp\00000162";"Object is inaccessible.";"5/14/2011, 11:53:08 AM";"file";"C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe"

Virus found Win32/Heur;"c:\Windows\temp\00000160";"Object is inaccessible.";"5/5/2011, 8:37:25 AM";"file";"C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe"

Virus found Win32/Heur;"c:\Windows\temp\0000025D";"Object is inaccessible.";"4/22/2011, 9:20:57 AM";"file";"C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe"

Virus found Win32/Heur;"c:\Windows\temp\00000072";"Object is inaccessible.";"4/7/2011, 4:54:37 PM";"file";"C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe"

Virus found Win32/Heur;"c:\Windows\temp\00000282";"Object is inaccessible.";"3/26/2011, 9:14:43 PM";"file";"C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe"

Virus found Win32/Heur;"c:\Windows\temp\00000265";"Object is inaccessible.";"3/17/2011, 5:47:46 PM";"file";"C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe"

Virus found Win32/Heur;"c:\Windows\temp\00000258";"Object is inaccessible.";"3/9/2011, 1:44:19 AM";"file";"C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe"

Virus found Win32/Heur;"c:\Windows\temp\00000269";"Object is inaccessible.";"3/8/2011, 2:43:13 AM";"file";"C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe"
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Aye they were all related to Nortons definition files

I can see no further traces of norton

How is the computer behaving ?
  • 0

#10
BirdDuck

BirdDuck

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
My computer is behaving better. Just sent you a PM with regard to computer's behavior since removal of Norton. Bottom line, computer is running faster without big hold-ups when using Internet Explorer especially. Also, Skype's video quality is better -- less freezing. Is there anything else I need to do now? I sent you a PM about Norton. Since I have AVG, I really don't need Norton for Virus protection. I use Windows Firewall. I have PC Tools Performance Kit for other clean-up and optimization tasks. The most frequent Norton asset that I used was "back-up" of my data. (I just purchased an external hard drive to back up entire hard drive.) What would you suggest I use to simply back up data now that I'm not using Norton. I think I have an old version of Nero, but I vaguely recall not liking their backup.
  • 0

Advertisements


#11
BirdDuck

BirdDuck

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I just realize that since all of my old backups are Norton DVD's, would it not make sense to reinstall Norton so that I can restore them if I need them? I will have to reinstall Norton via My Account on their website; I do not have an installation CD. So, I hope I don't pick up a virus that way. If I reinstall Norton, and disable all active real-time scanning, will it not slow things up? Would it help to disable Norton in Startup? Any suggestions? Things are running so much better ... I feel hesitant to reinstall it on my computer.
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
One way around that would be to do a full backup using the inbuilt Vista function, unless there is something you need on the old backups

There are step by step instructions here

Or for a version with pictures see here

You should never have two active antivirus programmes as they will conflict, like two dogs fighting over a bone
  • 0

#13
BirdDuck

BirdDuck

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks so much. So, I should use my existing AVG and nothing else. Or, use Norton and not AVG. Not both together. Or something all together new. I get it. ;) Thanks! You are an incredible help. Thanks also for your backup suggestion. I figured VISTA had a built in backup somewhere -- I just never looked for it.

Oh. One more curious question. When I had AVG and Norton AV running at the same time, could that be, indeed, what was slowing up my computer so much?

Or do I need more memory. I recall that you indicated my memory was OK (in terms of running AVAST). Wondering if more memory is needed.


  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Antivirus programmes by their very nature run certain drivers at start that hook (check out ) all running programmes and processes. So if you have two antivirus programmes running they both want to do that at the same time.

Think of two young kids who both want the same toy at the same time... Chaos and confusion will reign :lol:

So only one antivirus installed please - but your choice as to which

3Gb of RAM is sufficient unless you are making rock videos or full length movies on your computer ;)

How is the computer behaving now - before I remove my tools and tidy you up ?
  • 0

#15
BirdDuck

BirdDuck

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
My 'pooter' is running better! (Oh boy...did not mean to imply... ) :lol:

My Outlook email is freezing once in a while and I have to end via Task Manager.

Skype is fickle; picture freezes on my end. Even though I have 5 bars of good internet signal, internet connection appears to be busy and/or slow. Is that a function of many users on the internet at the same time..or something else?

Computer boots up a lot faster and now I understand now because of your great analogy (I.e., two kids fighting over the same toy). When the computer boots up now, only AVG is hooking into the processes, etc. Right? Seems to me that would make start-up quicker. I also disabled several items in start-up.

You are great! Thanks so much!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP