Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

I believe my laptop was been infected [Solved]

Started by RxEnergy , Mar 17 2012 12:07 AM

This topic is locked

#16
blmadara

Posted 22 March 2012 - 02:10 PM

Trusted Helper

Malware Removal
767 posts

Hi RxEnergy,

Step One: Malewarebytes' Anti-Malware Scan

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy & Paste the entire report in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step Two: ESET Online Scanner

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Step Three: Security Check

Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

What I need in your next post:
1. The MBAM report.
2. The ESET report, C:\Program Files\EsetOnlineScanner\log.txt.
3. The Security Check report, checkup.txt.

#17
RxEnergy

Posted 22 March 2012 - 03:28 PM

Member

Topic Starter
Member
24 posts

Hi blmadara,

Here's MBAM report. Will post others as they will be ready.
____________________________________

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.22.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Steve :: HPNB [administrator]

Protection: Enabled

3/22/2012 4:22:19 PM
mbam-log-2012-03-22 (16-22-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208710
Time elapsed: 3 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#18
RxEnergy

Posted 22 March 2012 - 05:23 PM

Member

Topic Starter
Member
24 posts

ESET log:

----------------------

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

#19
RxEnergy

Posted 22 March 2012 - 05:28 PM

Member

Topic Starter
Member
24 posts

Security Check report:

---------------------------------------

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
Java™ 6 Update 31
Adobe Reader X (10.1.2)
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````

Hope you're having a great day!

#20
blmadara

Posted 23 March 2012 - 11:22 AM

Trusted Helper

Malware Removal
767 posts

Hi RxEnergy,

The ESET log is empty. Please check if it is indeed empty, it is located at C:\Program Files\EsetOnlineScanner\log.txt. If the complete log isn't there, please run the scanner again and post the results, if it is there please post it. Do you remember if ESET found anything?

blmadara

#21
RxEnergy

Posted 23 March 2012 - 11:57 AM

Member

Topic Starter
Member
24 posts

Hi blmadara,

no it did not find anything, and this log is the only one in the directory. the scan ran for about 2.5 hours.
Would you like for me to run it one more time?

#22
blmadara

Posted 23 March 2012 - 02:42 PM

Trusted Helper

Malware Removal
767 posts

Hi RxEnergy,

No need to run ESET again.

Congratulations, your logs appear clean again! Now we have some cleanup to do.

Clean up with ComboFix

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall

Clean up with OTL

Open OTL to run it. (Vista/Windows 7 users, right click on OTL and "Run as administrator").
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

Note: If any logs/tools remain on your desktop > right click and delete them.

Preventative Programs

Anti Spyware

I recommend updating and scanning with MalwareBytes Anti-Malware once a week to rid your system of spyware.

Personal Firewalls

It is very important that you use a firewall on your computer in addition to an anti-virus program. For a tutorial on using and understanding firewalls, please go here. Please download and install one of the following free firewalls if you do not already have one installed.

Anti Virus Programs

One antivirus is a must have! Never install more than one antivirus program because these programs will conflict with one another, slow your computer down and lower your overall protection. I recommend Microsoft Security Essentials.

Temp File Cleaner

Finally, it is a good idea to clear out all your temp files every now and then. This will help keep your computer from slowing down and it can also assist in getting rid of files that may contain malicious code that could re-infect your computer.

TFC is a great tool to clean temporary files.

Update Windows

It is important to keep your operating system updated. To enable Automatic Updates so that updates are downloaded and installed automatically, click on your version of Windows below:

Finally, to learn more about how to protect yourself while on the internet read How did I get infected in the first place?

Let me know if you want to work on your other computer and we can continue with this thread. If not, I will keep this thread open for a few days, so if you have any further problems post another reply here.

#23
RxEnergy

Posted 23 March 2012 - 07:45 PM

Member

Topic Starter
Member
24 posts

All is taken care of. As far as Anti-Virus, I tried Microsoft's package, but chose against it in favor of AVG, not heavy on system resources and many people seem to like it. Would've worked even better if i didn't turn off it's safe surfing component which blocks potentially harmful elements, but it was too annoying at the time...

Thank you very much for spending your time helping others, not something you see very often in today society.

Don't want to seem like a leech, but if your offer to take a look at my other PC problems is still good, I would very much like it if we could do that. It's also a Win 7 machine, desktop, quad processor, 5 gigs of ram. Takes a long time to boot up. It used to be much worse when I was running Vista on that machine, but I did a clean install and that seemed to take care of the problem. Only not for long. The longer that machine runs the longer it takes at reboots. One other thing, besides regular home office duties that PC serves as media hub for others, and has aboout 2.5TB of external storage, it's possible that the problem is hidden on one of those external drives or maybe even a partion of the C:.

What would be my next step here?

#24
blmadara

Posted 24 March 2012 - 01:14 PM

Trusted Helper

Malware Removal
767 posts

Hi RxEnergy,

Thank you very much for spending your time helping others, not something you see very often in today society.

Don't want to seem like a leech, but if your offer to take a look at my other PC problems is still good, I would very much like it if we could do that. It's also a Win 7 machine, desktop, quad processor, 5 gigs of ram. Takes a long time to boot up. It used to be much worse when I was running Vista on that machine, but I did a clean install and that seemed to take care of the problem. Only not for long. The longer that machine runs the longer it takes at reboots. One other thing, besides regular home office duties that PC serves as media hub for others, and has aboout 2.5TB of external storage, it's possible that the problem is hidden on one of those external drives or maybe even a partion of the C:.

What would be my next step here?

You're welcome. I enjoy helping people with their computers. Let's take a look at your other PC.

Step One: Run OTL Custom Scan

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scans/Fixes box at the bottom, paste in the following

netsvcs
%SYSTEMDRIVE%\*.exe
%USERPROFILE%\..|smtmp;true;true;true /FP
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
volsnap.sys
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Please select the Scan All Users checkbox.
Change the File Age dropdown list from 30 days to 60 days.
Under Extra Registry heading, select Use Safelist.
Select LOP Check and Purity Check.
Then click the Run Scan button at the top
Let the program run unhindered, until it is done
Post the log it produces in your next reply.

Step Two: Run aswMBR

Download aswMBR.exe to your desktop.

Double click aswMBR.exe to run it.
When asked if you want to download Avast's virus definitions please select, No.
Click Scan to start the scan.
When the scan ends click Save Log and save it to your desktop.
Post the log in your next reply.

What I need in your next post:
1. The reports from the OTL scan, OTL.txt and Extras.txt.
2. The log produced by aswMBR.exe.

#25
RxEnergy

Posted 25 March 2012 - 08:04 AM

Member

Topic Starter
Member
24 posts

Hello blmadara,

Thank you for agreeing to look at my other system.

Here's the OTL log

------------------------------------------------------

OTL logfile created on: 3/25/2012 8:53:33 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\RxEnergy\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.00 Gb Total Physical Memory | 2.73 Gb Available Physical Memory | 54.60% Memory free
10.00 Gb Paging File | 7.63 Gb Available in Paging File | 76.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.47 Gb Total Space | 641.07 Gb Free Space | 93.25% Space Free | Partition Type: NTFS
Drive D: | 189.95 Gb Total Space | 154.56 Gb Free Space | 81.37% Space Free | Partition Type: NTFS
Drive E: | 11.07 Gb Total Space | 1.47 Gb Free Space | 13.31% Space Free | Partition Type: NTFS
Drive F: | 508.69 Gb Total Space | 437.69 Gb Free Space | 86.04% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 434.08 Gb Free Space | 46.60% Space Free | Partition Type: NTFS
Drive K: | 7.41 Gb Total Space | 7.19 Gb Free Space | 97.00% Space Free | Partition Type: FAT32
Drive M: | 931.51 Gb Total Space | 377.05 Gb Free Space | 40.48% Space Free | Partition Type: NTFS
Drive R: | 931.51 Gb Total Space | 326.73 Gb Free Space | 35.08% Space Free | Partition Type: NTFS
Drive Y: | 214.09 Gb Total Space | 90.15 Gb Free Space | 42.11% Space Free | Partition Type: NTFS

Computer Name: RXENERGY-PC | User Name: RxEnergy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2012/03/25 08:52:04 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\RxEnergy\Desktop\OTL.exe
PRC - [2012/02/28 23:00:13 | 000,109,296 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/02/25 15:14:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/28 23:07:13 | 003,462,552 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/01/23 15:42:34 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/20 01:03:02 | 000,822,384 | ---- | M] (ACD Systems) -- C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
PRC - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/15 01:19:14 | 000,307,200 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2010/10/23 17:40:38 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/03/10 12:09:14 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WN311T\WN311T.exe
PRC - [2007/09/25 04:29:38 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files (x86)\FlashGet\flashget.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/25 08:47:57 | 008,527,520 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/25 15:14:36 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/08/31 16:44:40 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2011/08/31 16:44:38 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/07/13 18:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 18:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2008/03/10 12:09:14 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WN311T\WN311T.exe
MOD - [2007/09/11 06:21:34 | 001,327,184 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGEMCORE.dll
MOD - [2007/09/11 06:21:34 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGBTCORE.dll
MOD - [2004/08/30 18:31:58 | 000,082,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WN311T\NETWEP.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/09 22:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/09/27 14:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/26 19:48:06 | 000,148,104 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2011/11/09 22:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/11/09 22:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/11/09 21:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/17 12:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/07 07:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 07:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/09/02 01:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 01:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/08/08 07:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 02:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/06/15 03:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 22:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/12/15 15:41:32 | 000,346,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SRS_SSCFilter_amd64.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 15:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 15:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/08/20 05:31:40 | 000,514,048 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MRVW148.sys -- (MRVW148) Marvell TOPDOG ™ 802.11bgn Driver for Vista Native WIFI (CB8x/EC8x)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3113676377-2342901040-2773481060-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3113676377-2342901040-2773481060-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3113676377-2342901040-2773481060-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3113676377-2342901040-2773481060-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 24 44 A1 55 A3 CC 01 [binary data]
IE - HKU\S-1-5-21-3113676377-2342901040-2773481060-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3113676377-2342901040-2773481060-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3113676377-2342901040-2773481060-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS458
IE - HKU\S-1-5-21-3113676377-2342901040-2773481060-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\RxEnergy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\RxEnergy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/02/28 23:00:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/25 15:14:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/12 04:23:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\RxEnergy\AppData\Roaming\IDM\idmmzcc5 [2012/02/02 18:41:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\RxEnergy\AppData\Roaming\IDM\idmmzcc5 [2012/02/02 18:41:04 | 000,000,000 | ---D | M]

[2011/11/15 00:25:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RxEnergy\AppData\Roaming\Mozilla\Extensions
[2012/03/25 08:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RxEnergy\AppData\Roaming\Mozilla\Firefox\Profiles\gd4bqdfk.default\extensions
[2011/11/15 01:25:04 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\RxEnergy\AppData\Roaming\Mozilla\Firefox\Profiles\gd4bqdfk.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2011/11/27 08:36:13 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\RxEnergy\AppData\Roaming\Mozilla\Firefox\Profiles\gd4bqdfk.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/01/23 03:27:25 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Users\RxEnergy\AppData\Roaming\Mozilla\Firefox\Profiles\gd4bqdfk.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2011/11/15 01:25:04 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\RxEnergy\AppData\Roaming\Mozilla\Firefox\Profiles\gd4bqdfk.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2012/03/02 07:32:51 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\RxEnergy\AppData\Roaming\Mozilla\Firefox\Profiles\gd4bqdfk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/01/01 20:40:26 | 000,000,000 | ---D | M] (Translate This!) -- C:\Users\RxEnergy\AppData\Roaming\Mozilla\Firefox\Profiles\gd4bqdfk.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack
[2011/12/15 00:38:51 | 000,000,000 | ---D | M] (My-Translator) -- C:\Users\RxEnergy\AppData\Roaming\Mozilla\Firefox\Profiles\gd4bqdfk.default\extensions\[email protected]
[2012/03/25 08:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RxEnergy\AppData\Roaming\Mozilla\Firefox\Profiles\gd4bqdfk.default\extensions\staged
[2011/11/15 05:59:14 | 000,001,504 | ---- | M] () -- C:\Users\RxEnergy\AppData\Roaming\Mozilla\Firefox\Profiles\gd4bqdfk.default\searchplugins\imdb.xml
[2011/11/15 05:59:55 | 000,001,030 | ---- | M] () -- C:\Users\RxEnergy\AppData\Roaming\Mozilla\Firefox\Profiles\gd4bqdfk.default\searchplugins\wikipedia-ru.xml
[2011/11/15 00:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\RXENERGY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GD4BQDFK.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
() (No name found) -- C:\USERS\RXENERGY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GD4BQDFK.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\RXENERGY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GD4BQDFK.DEFAULT\EXTENSIONS\{5CEFD22F-9A9E-4544-9BFC-C4F2FBCA87D6}.XPI
() (No name found) -- C:\USERS\RXENERGY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GD4BQDFK.DEFAULT\EXTENSIONS\{C2D0E930-64DE-11DB-BD13-0800200C9A66}.XPI
() (No name found) -- C:\USERS\RXENERGY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GD4BQDFK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\RXENERGY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GD4BQDFK.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\RXENERGY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GD4BQDFK.DEFAULT\EXTENSIONS\{E6463D12-450D-45EB-9D47-804AEB0A9561}.XPI
() (No name found) -- C:\USERS\RXENERGY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GD4BQDFK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\RXENERGY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GD4BQDFK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\RXENERGY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GD4BQDFK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\RXENERGY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GD4BQDFK.DEFAULT\EXTENSIONS\[email protected]
[2012/02/25 15:14:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/26 13:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/01/31 20:45:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/31 20:45:43 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\RxEnergy\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\RxEnergy\AppData\Local\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\RxEnergy\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Google Update (Enabled) = C:\Users\RxEnergy\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Translate = C:\Users\RxEnergy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\RxEnergy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.16_0\
CHR - Extension: YouTube = C:\Users\RxEnergy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Minimalist for Everything [Beta] = C:\Users\RxEnergy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmihblnpomgpjkfddepdpdafhhepdbek\0.5.20_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\RxEnergy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_1\
CHR - Extension: Tab Position Customizer = C:\Users\RxEnergy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cldflinjcjehpjddjkohganfpjlnbpem\2.7_0\
CHR - Extension: Google Search = C:\Users\RxEnergy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Tab Manager = C:\Users\RxEnergy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coonecdghnepgiblpccbbihiahajndda\3.11_0\
CHR - Extension: RSS Subscription Extension Plus = C:\Users\RxEnergy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dobjkkjbcmhohalobdalmmenogajjlaj\2.0.3_0\
CHR - Extension: FB Photo Zoom = C:\Users\RxEnergy\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1109.26.1_0\
CHR - Extension: AdBlock = C:\Users\RxEnergy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.20_0\
CHR - Extension: Instant Translate = C:\Users\RxEnergy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\0.8.4_0\
CHR - Extension: Downloads = C:\Users\RxEnergy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1_0\
CHR - Extension: LiveJournal Extension = C:\Users\RxEnergy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkmfgnboikinlhnaomlhalipemjbmfgi\2.5.9_0\
CHR - Extension: Gimme back my Google Bar! = C:\Users\RxEnergy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfohjdiahmhjbenfohpjplbffoeabkhj\1.0_0\
CHR - Extension: Smooth Gestures = C:\Users\RxEnergy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld\0.15.4.12_1\
CHR - Extension: Google Redesigned = C:\Users\RxEnergy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkpckdjkmmgflnghjdokniaakigbfofa\1.0.1_0\
CHR - Extension: RSS Subscription Extension (by Google) = C:\Users\RxEnergy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.1.3_0\
CHR - Extension: Context Menu Search = C:\Users\RxEnergy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocpcmghnefmdhljkoiapafejjohldoga\2.82_0\
CHR - Extension: Gmail = C:\Users\RxEnergy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/02/02 03:42:54 | 000,000,852 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKU\S-1-5-21-3113676377-2342901040-2773481060-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-3113676377-2342901040-2773481060-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-3113676377-2342901040-2773481060-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [ACPW05EN] C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Flashget] C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WN311T.exe] C:\Program Files (x86)\NETGEAR\WN311T\WN311T.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3113676377-2342901040-2773481060-1000..\Run: [FeedDemon] C:\Program Files (x86)\FeedDemon\FeedDemon.exe (NewsGator Technologies, Inc.)
O4 - HKU\S-1-5-21-3113676377-2342901040-2773481060-1000..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-3113676377-2342901040-2773481060-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-3113676377-2342901040-2773481060-1000..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\RxEnergy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3113676377-2342901040-2773481060-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Download with Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download with Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2F53888-0AC6-4EE8-820A-5C0362A8E819}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D31DF3CE-B2D4-4F36-AB53-82B8DE5BA101}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\S\Shell - "" = AutoRun
O33 - MountPoints2\S\Shell\AutoRun\command - "" = S:\SETUP.EXE /adminfile IU.MSP
O33 - MountPoints2\S\Shell\configure\command - "" = S:\SETUP.EXE
O33 - MountPoints2\S\Shell\install\command - "" = S:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 60 Days ==========

[2012/03/25 08:52:02 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\RxEnergy\Desktop\OTL.exe
[2012/03/14 03:03:11 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/14 03:03:11 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/14 03:03:10 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/13 21:59:15 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/13 21:59:14 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/13 21:59:14 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/13 21:59:14 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/13 21:58:54 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/03/13 21:58:54 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/13 21:58:54 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/02/15 04:00:59 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/15 04:00:59 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/15 04:00:58 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/15 04:00:58 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/15 04:00:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/15 04:00:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/15 04:00:56 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/15 04:00:56 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/15 04:00:56 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/15 04:00:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/15 04:00:55 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/14 18:53:49 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/14 18:53:48 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/14 18:53:47 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/14 18:53:39 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/03 09:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2012/02/03 08:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/02/03 08:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012/02/03 08:32:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/02/03 08:31:59 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/02/03 08:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012/02/03 08:29:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/02/03 08:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/02/03 08:28:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/02/03 08:28:10 | 000,000,000 | ---D | C] -- C:\Users\RxEnergy\AppData\Local\Microsoft Help
[2012/02/03 08:28:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/02/03 08:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/02/03 08:27:33 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/02/02 18:40:57 | 000,000,000 | ---D | C] -- C:\Users\RxEnergy\AppData\Roaming\IDM
[2012/02/02 18:40:57 | 000,000,000 | ---D | C] -- C:\Users\RxEnergy\AppData\Roaming\DMCache
[2012/02/02 18:40:55 | 000,000,000 | ---D | C] -- C:\Users\RxEnergy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/02/02 18:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/02/02 18:40:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Download Manager
[2012/02/02 04:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/02/02 04:00:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2012/02/02 04:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/02/02 03:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/02/02 03:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/02/01 18:53:20 | 000,000,000 | R--D | C] -- C:\Users\RxEnergy\Documents\Scanned Documents
[2012/02/01 18:53:19 | 000,000,000 | ---D | C] -- C:\Users\RxEnergy\Documents\Fax
[2012/01/26 08:42:01 | 000,148,104 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2012/01/25 16:34:02 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/25 16:34:02 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/25 16:34:02 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/25 16:34:02 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/25 16:34:02 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/25 16:34:02 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll

========== Files - Modified Within 60 Days ==========

[2012/03/25 08:52:04 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\RxEnergy\Desktop\OTL.exe
[2012/03/25 08:49:10 | 000,002,515 | ---- | M] () -- C:\Users\RxEnergy\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/03/25 08:49:10 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/03/25 08:47:57 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/25 08:43:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/25 08:32:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113676377-2342901040-2773481060-1000UA.job
[2012/03/25 07:53:49 | 000,020,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/25 07:53:49 | 000,020,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/25 04:53:20 | 092,621,341 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/03/24 23:32:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113676377-2342901040-2773481060-1000Core.job
[2012/03/24 21:43:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/23 05:32:35 | 000,002,419 | ---- | M] () -- C:\Users\RxEnergy\Desktop\Google Chrome.lnk
[2012/03/23 05:32:35 | 000,002,381 | ---- | M] () -- C:\Users\RxEnergy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/20 03:01:38 | 001,552,260 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/20 03:01:38 | 000,683,890 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2012/03/20 03:01:38 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/20 03:01:38 | 000,132,444 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2012/03/20 03:01:38 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/14 08:53:00 | 000,333,477 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/03/14 03:23:02 | 004,972,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/14 03:22:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/14 03:21:36 | 4025,921,536 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/17 01:38:27 | 001,112,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/02/17 01:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/02/17 00:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/02/10 01:36:07 | 001,544,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/02/08 17:42:30 | 000,066,048 | ---- | M] () -- C:\Users\RxEnergy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/04 07:53:37 | 000,001,304 | ---- | M] () -- C:\Users\RxEnergy\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2012/02/03 23:01:12 | 000,001,456 | ---- | M] () -- C:\Users\RxEnergy\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/02/03 08:53:43 | 000,472,576 | ---- | M] () -- C:\Windows\AutoKMS.exe
[2012/02/02 22:32:48 | 000,001,244 | ---- | M] () -- C:\Users\RxEnergy\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop CS5 (64 Bit).lnk
[2012/02/02 18:42:25 | 000,001,049 | ---- | M] () -- C:\Users\RxEnergy\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Download Manager.lnk
[2012/02/02 16:35:08 | 000,001,007 | ---- | M] () -- C:\Users\RxEnergy\Application Data\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk
[2012/02/02 03:44:06 | 000,002,067 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 3.6 64-bit.lnk
[2012/02/01 18:48:46 | 000,000,410 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012/02/01 18:48:46 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\BD7420.DAT
[2012/02/01 10:07:07 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/01/31 20:45:46 | 000,001,146 | ---- | M] () -- C:\Users\RxEnergy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/26 19:48:06 | 000,148,104 | ---- | M] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys

========== Files Created - No Company Name ==========

[2012/02/04 07:53:37 | 000,001,304 | ---- | C] () -- C:\Users\RxEnergy\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2012/02/03 08:53:43 | 000,472,576 | ---- | C] () -- C:\Windows\AutoKMS.exe
[2012/02/02 22:32:47 | 000,001,244 | ---- | C] () -- C:\Users\RxEnergy\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop CS5 (64 Bit).lnk
[2012/02/02 18:42:25 | 000,001,049 | ---- | C] () -- C:\Users\RxEnergy\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Download Manager.lnk
[2012/02/02 15:43:24 | 000,001,456 | ---- | C] () -- C:\Users\RxEnergy\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/02/02 04:05:53 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
[2012/02/02 04:04:49 | 000,001,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2012/02/02 04:02:04 | 000,001,173 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2012/02/02 04:01:32 | 000,001,266 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2012/02/02 03:59:21 | 000,001,357 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2012/02/02 03:59:10 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2012/02/02 03:58:31 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/02/02 03:44:06 | 000,002,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.6 64-bit.lnk
[2012/02/02 03:44:06 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 3.6 64-bit.lnk
[2012/02/01 18:48:46 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/02/01 18:48:46 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7420.DAT
[2012/01/24 20:41:58 | 000,088,664 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/12/28 11:08:16 | 000,000,410 | ---- | C] () -- C:\Windows\DSSAR.ini
[2011/12/28 03:58:32 | 000,028,510 | ---- | C] () -- C:\Users\RxEnergy\AppData\Roaming\UserTile.png
[2011/12/04 19:11:20 | 000,007,636 | ---- | C] () -- C:\Users\RxEnergy\AppData\Local\Resmon.ResmonCfg
[2011/11/15 01:45:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/11/15 00:43:55 | 000,066,048 | ---- | C] () -- C:\Users\RxEnergy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/15 00:42:08 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/11/15 00:42:07 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/11/15 00:42:07 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/11/15 00:42:07 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/11/09 21:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/11/09 21:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011/11/15 01:56:40 | 000,000,000 | ---D | M] -- C:\Users\RxEnergy\AppData\Roaming\ACD Systems
[2011/11/15 03:11:07 | 000,000,000 | ---D | M] -- C:\Users\RxEnergy\AppData\Roaming\AVG2012
[2012/03/14 03:18:53 | 000,000,000 | ---D | M] -- C:\Users\RxEnergy\AppData\Roaming\DMCache
[2011/12/28 11:09:00 | 000,000,000 | ---D | M] -- C:\Users\RxEnergy\AppData\Roaming\EBookSys
[2011/12/04 16:50:02 | 000,000,000 | ---D | M] -- C:\Users\RxEnergy\AppData\Roaming\EurekaLog
[2011/11/15 01:40:03 | 000,000,000 | ---D | M] -- C:\Users\RxEnergy\AppData\Roaming\FlashGet
[2011/12/04 11:55:09 | 000,000,000 | ---D | M] -- C:\Users\RxEnergy\AppData\Roaming\gtk-2.0
[2012/02/03 03:42:32 | 000,000,000 | ---D | M] -- C:\Users\RxEnergy\AppData\Roaming\IDM
[2011/11/15 01:04:58 | 000,000,000 | ---D | M] -- C:\Users\RxEnergy\AppData\Roaming\Leadertech
[2012/01/10 11:07:32 | 000,000,000 | ---D | M] -- C:\Users\RxEnergy\AppData\Roaming\MediaMonkey
[2012/02/02 16:47:32 | 000,000,000 | ---D | M] -- C:\Users\RxEnergy\AppData\Roaming\Mipony
[2011/12/27 12:01:36 | 000,000,000 | ---D | M] -- C:\Users\RxEnergy\AppData\Roaming\Mp3tag
[2011/11/15 00:29:46 | 000,000,000 | ---D | M] -- C:\Users\RxEnergy\AppData\Roaming\RoboForm
[2012/02/03 15:29:03 | 000,000,000 | ---D | M] -- C:\Users\RxEnergy\AppData\Roaming\uTorrent
[2011/11/27 08:45:11 | 000,000,000 | ---D | M] -- C:\Users\RxEnergy\AppData\Roaming\WinBatch
[2009/07/14 00:08:49 | 000,007,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/25 15:14:36 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/25 15:14:36 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/25 15:14:36 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/02/25 15:14:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/02/25 15:14:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/25 15:14:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\RxEnergy\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/21 07:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\RxEnergy\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/21 07:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\RxEnergy\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/21 07:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\RxEnergy\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/03/21 07:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/11/15 03:27:47 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/11/15 03:27:47 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/11/15 03:27:47 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/11/15 03:27:50 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/11/15 03:27:50 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2012/03/08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2012/03/08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2012/03/08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2012/03/08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/02/25 15:14:36 | 000,834,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/02/25 15:14:36 | 000,834,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/02/25 15:14:36 | 000,834,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/02/25 15:14:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/02/25 15:14:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/02/25 15:14:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\RXENERGY\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/03/21 07:21:14 | 001,049,072 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\RXENERGY\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/03/21 07:21:14 | 001,049,072 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\RXENERGY\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/03/21 07:21:14 | 001,049,072 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\RXENERGY\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/03/21 07:21:14 | 001,049,072 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/11/15 03:27:39 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/11/15 03:27:39 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/11/15 03:27:39 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/11/15 03:27:50 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/11/15 03:27:50 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /REINSTALL [2012/03/08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /HIDEICONS [2012/03/08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /SHOWICONS [2012/03/08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" [2012/03/08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:D031D15E
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:EEC454BD

< End of report >

#26
RxEnergy

Posted 25 March 2012 - 08:06 AM

Member

Topic Starter
Member
24 posts

OTL Extras Log

---------------------------------------------

OTL Extras logfile created on: 3/25/2012 8:53:33 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\RxEnergy\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.00 Gb Total Physical Memory | 2.73 Gb Available Physical Memory | 54.60% Memory free
10.00 Gb Paging File | 7.63 Gb Available in Paging File | 76.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.47 Gb Total Space | 641.07 Gb Free Space | 93.25% Space Free | Partition Type: NTFS
Drive D: | 189.95 Gb Total Space | 154.56 Gb Free Space | 81.37% Space Free | Partition Type: NTFS
Drive E: | 11.07 Gb Total Space | 1.47 Gb Free Space | 13.31% Space Free | Partition Type: NTFS
Drive F: | 508.69 Gb Total Space | 437.69 Gb Free Space | 86.04% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 434.08 Gb Free Space | 46.60% Space Free | Partition Type: NTFS
Drive K: | 7.41 Gb Total Space | 7.19 Gb Free Space | 97.00% Space Free | Partition Type: FAT32
Drive M: | 931.51 Gb Total Space | 377.05 Gb Free Space | 40.48% Space Free | Partition Type: NTFS
Drive R: | 931.51 Gb Total Space | 326.73 Gb Free Space | 35.08% Space Free | Partition Type: NTFS
Drive Y: | 214.09 Gb Total Space | 90.15 Gb Free Space | 42.11% Space Free | Partition Type: NTFS

Computer Name: RXENERGY-PC | User Name: RxEnergy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3113676377-2342901040-2773481060-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 5.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeQVPro5.exe" "%1" (ACD Systems International Inc.)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 5.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeQVPro5.exe" "%1" (ACD Systems International Inc.)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7AE27077-F326-46AA-9CB2-DF595D56C8FA}" = Russian Phonetic Student - WinRus.com
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A6FE29A0-622B-2763-88AA-D1E084F77CD9}" = AMD Media Foundation Decoders
"{B69A7CBA-9139-7ACB-7564-4CD5D8C36E26}" = AMD Drag and Drop Transcoding
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}" = Adobe Photoshop Lightroom 3.6 64-bit
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E3EC7FC4-B4BF-4911-9A43-F7C753CE03F5}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.4.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"sp6" = Logitech SetPoint 6.32
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{347151C4-7F16-B275-8865-CC6B64056D3F}" = Catalyst Control Center Graphics Previews Common
"{35E0BA9D-3AFE-402A-99CA-D94FE1E73D18}" = ACDSee Pro 5
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{54B19DCE-232F-45A3-80D9-2141DEDF6D8F}" = Simple Adblock
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62AEBBB6-8314-7902-B3DA-1690F97DFA74}" = CCC Help English
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7BFD42CA-460A-11E1-AE58-984BE15F174E}" = Evernote v. 4.5.3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy
"{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}" = Application Profiles
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7321BC6-51AD-4299-9CE9-462DBC141C93}" = NETGEAR WN311T Wireless PCI Adapter
"{F865B0B5-0D43-2704-0B22-35C5F721374B}" = Catalyst Control Center
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD71E2F7-B9FC-4072-88DB-AC19E2464D82}" = LightScribe System Software
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AI RoboForm" = RoboForm 7-7-2 (All Users)
"AudioFilesGDSIndexer_is1" = Audio Files GDS Indexer 1.1
"AudioShell_is1" = AudioShell 1.3.5
"Belarc Advisor" = Belarc Advisor 8.2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DDD Pool" = DDD Pool 1.2
"DFX for Winamp" = DFX for Winamp
"DFX for Windows Media Player" = DFX for Windows Media Player
"FeedDemon_is1" = FeedDemon
"FlashGet" = FlashGet 1.9.6.1073
"GamblerJ" = Гамблер (remove only)
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.9.0 (Full)
"MediaMonkey_is1" = MediaMonkey 4.0
"MiPony" = MiPony 1.6.0
"ml_WMPImport" = Windows Media Player Import 1.1
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"Mp3tag" = Mp3tag v2.49a
"Network MagicUninstall" = Network Magic
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PowerISO" = PowerISO
"ReNamer_is1" = ReNamer
"Tag&Rename_is1" = Tag&Rename 3.5.7
"uTorrent" = µTorrent
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.10
"Zortam Id3 Tag Editor 5.50_is1" = Zortam Id3 Tag Editor 5.50

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3113676377-2342901040-2773481060-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/25/2012 12:38:42 AM | Computer Name = RxEnergy-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 3/25/2012 1:38:42 AM | Computer Name = RxEnergy-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 3/25/2012 2:38:48 AM | Computer Name = RxEnergy-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 3/25/2012 3:38:48 AM | Computer Name = RxEnergy-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 3/25/2012 4:38:48 AM | Computer Name = RxEnergy-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 3/25/2012 5:38:48 AM | Computer Name = RxEnergy-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 3/25/2012 6:38:48 AM | Computer Name = RxEnergy-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 3/25/2012 7:38:48 AM | Computer Name = RxEnergy-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 3/25/2012 8:38:49 AM | Computer Name = RxEnergy-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 3/25/2012 9:38:49 AM | Computer Name = RxEnergy-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

[ System Events ]
Error - 3/13/2012 2:29:44 PM | Computer Name = RxEnergy-PC | Source = DCOM | ID = 10001
Description =

Error - 3/14/2012 4:29:10 AM | Computer Name = RxEnergy-PC | Source = BROWSER | ID = 8032
Description =

Error - 3/18/2012 7:38:23 AM | Computer Name = RxEnergy-PC | Source = DCOM | ID = 10001
Description =

Error - 3/19/2012 7:38:25 AM | Computer Name = RxEnergy-PC | Source = DCOM | ID = 10001
Description =

Error - 3/20/2012 7:38:28 AM | Computer Name = RxEnergy-PC | Source = DCOM | ID = 10001
Description =

Error - 3/21/2012 7:38:31 AM | Computer Name = RxEnergy-PC | Source = DCOM | ID = 10001
Description =

Error - 3/22/2012 7:38:34 AM | Computer Name = RxEnergy-PC | Source = DCOM | ID = 10001
Description =

Error - 3/23/2012 7:38:37 AM | Computer Name = RxEnergy-PC | Source = DCOM | ID = 10001
Description =

Error - 3/24/2012 7:38:40 AM | Computer Name = RxEnergy-PC | Source = DCOM | ID = 10001
Description =

Error - 3/25/2012 7:38:48 AM | Computer Name = RxEnergy-PC | Source = DCOM | ID = 10001
Description =

< End of report >

#27
RxEnergy

Posted 25 March 2012 - 08:09 AM

Member

Topic Starter
Member
24 posts

And aswMBR Log

-----------------------------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-25 09:07:41
-----------------------------
09:07:41.973 OS Version: Windows x64 6.1.7601 Service Pack 1
09:07:41.973 Number of processors: 4 586 0xF0B
09:07:41.974 ComputerName: RXENERGY-PC UserName: RxEnergy
09:07:44.026 Initialize success
09:07:50.155 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:07:50.157 Disk 0 Vendor: ST375063 HP24 Size: 715404MB BusType: 8
09:07:50.160 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
09:07:50.162 Disk 1 Vendor: ST375033 SD15 Size: 715404MB BusType: 8
09:07:50.179 Disk 0 MBR read successfully
09:07:50.182 Disk 0 MBR scan
09:07:50.185 Disk 0 Windows 7 default MBR code
09:07:50.194 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:07:50.198 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 703966 MB offset 206848
09:07:50.219 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11334 MB offset 1441930140
09:07:50.252 Disk 0 scanning C:\Windows\system32\drivers
09:07:56.628 Service scanning
09:08:08.054 Modules scanning
09:08:08.063 Disk 0 trace - called modules:
09:08:08.077 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
09:08:08.084 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800620a060]
09:08:08.090 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005b9b050]
09:08:08.096 Scan finished successfully
09:08:15.530 Disk 0 MBR has been saved successfully to "C:\Users\RxEnergy\Desktop\MBR.dat"
09:08:15.536 The log file has been saved successfully to "C:\Users\RxEnergy\Desktop\aswMBR.txt"

I'll be waiting for your further instructions. Thanks again.

#28
blmadara

Posted 26 March 2012 - 02:55 PM

Trusted Helper

Malware Removal
767 posts

Hi RxEnergy,

Step One: CKScanner

Download CKScanner from here

Important : Save it to your desktop.

Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify that the file is saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

What I need in your next post:
1. The CKScanner log, CKFiles.txt.

#29
RxEnergy

Posted 27 March 2012 - 01:47 AM

Member

Topic Starter
Member
24 posts

Hello blmadara, hope all is well.

Here's the list produced by CKScanner per your instructions.

------------------------------------

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
c:\windows\system32\slmgr.vbs.removewat
c:\windows\syswow64\slmgr.vbs.removewat
hosts 127.0.0.1 activate.adobe.com
scanner sequence 3.CA.11.PRNATV
----- EOF -----

#30
blmadara

Posted 28 March 2012 - 04:15 PM

Trusted Helper

Malware Removal
767 posts

Hi RxEnergy,

Step One: Run WVCheck
Please download WVCheck from Artellos.com.

Double click WVCheck.exe. (If you downloaded the zipped version you will need to extract it.)
As indicated by the prompt, This program can take a while depending on your hard drive space.
Once the program is done, copy the contents of the notepad file as a reply.

Step Two: Run MGADiag

Please run the MGA Diagnostic Tool and post the report it produces:

Download MGADiag to your desktop.
Double-click on MGADiag.exe to launch the program.
Click Continue.
Ensure that the Windows tab is selected (it should be by default).
Click the Copy button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.