Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Viruses CH8L2.exe and JDTLEJCH.exe [Closed]


  • This topic is locked This topic is locked

#1
Megan Adams

Megan Adams

    New Member

  • Member
  • Pip
  • 2 posts
The other night I was listening to some internet music and playing freecell when I got a pop up from AVG that said a virus had been found. It asked me what I wanted to do about it and I said quarantine it. The computer restarted and when it rebooted I had 2 virus alerts immediately. I quarantined both and went to bed. My husband got up in the morning and said everything was fine but when I got up a few hours later the only thing left on the computer was the recycling bin and my computer section. I did a system restore which restored settings to 3/31. Everything, to the best of my knowledge, came back except for my “Libraries”. Music, Pictures, Documents, etc. The computer is running slow still too. When I click the start button and search for a certain song or picture it shows that it’s there but when I right click and choose open file location it says the folder is empty. Also when I click the folder icon next to the start button, no libraries show up. I can right click libraries and select restore default libraries but nothing happens. Also, I thought I’d be clever and copy all of my IMG search and move it to a new folder I placed on the desktop. Turns out this was not a good idea because the pictures I cut and pasted completely disappeared. They were moved but were … invisible… I guess…. I undid it. So the stuff is there but it’s like it’s hidden or something. I don’t know. The viruses that were found by AVG were: CH8L2.exe and JDTLEJCH.exe. Thank you for your time! :D



OTL logfile created on: 4/4/2012 4:48:54 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Tony & Megan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 26.22% Memory free
5.50 Gb Paging File | 3.06 Gb Available in Paging File | 55.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.66 Gb Total Space | 313.95 Gb Free Space | 69.36% Space Free | Partition Type: NTFS

Computer Name: TOGAN-PC | User Name: Tony & Megan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/04/04 16:48:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Tony & Megan\Downloads\OTL.exe
PRC - [2012/03/31 16:50:45 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
PRC - [2012/03/13 01:24:56 | 000,918,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/13 01:24:54 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/01/24 18:24:26 | 004,200,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgui.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
PRC - [2009/08/25 15:18:34 | 000,499,712 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-649UB\WlanCU.exe
PRC - [2009/08/24 18:52:30 | 000,082,432 | ---- | M] () -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/26 19:09:36 | 000,167,936 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-649UB\WlanWpsSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/13 01:24:54 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2009/09/03 10:53:38 | 000,200,704 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-649UB\WPSCtrl.dll
MOD - [2009/08/25 15:18:34 | 000,499,712 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-649UB\WlanCU.exe
MOD - [2009/04/21 17:25:42 | 000,376,832 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-649UB\WlanDll.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2008/06/26 19:09:36 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files\TRENDnet\TEW-649UB\WlanWpsSvc.exe -- (WlanWpsSvc)
SRV - [2012/03/31 16:50:46 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/13 01:24:56 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/01 09:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/05 09:30:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/25 13:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/24 18:52:30 | 000,082,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/25 07:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 10:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/15 14:34:30 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwvmser2.sys -- (NWVMPort2)
DRV:64bit: - [2009/05/15 14:34:30 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwvmser.sys -- (NWVMPort)
DRV:64bit: - [2009/05/15 14:34:30 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwvmmdm.sys -- (NWVMModem)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/04/07 11:48:28 | 000,025,600 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NwUsbCdFil64.sys -- (NWUSBCDFIL64)
DRV:64bit: - [2009/02/23 17:43:44 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV:64bit: - [2009/02/23 17:43:44 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser.sys -- (NWUSBPort)
DRV:64bit: - [2009/02/23 17:43:44 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV:64bit: - [2008/12/19 12:26:38 | 000,255,488 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...05v1k5r4481s43o
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...05v1k5r4481s43o
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...05v1k5r4481s43o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...05v1k5r4481s43o
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh....q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...05v1k5r4481s43o
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3FD1E87F-3FEB-45B9-B95C-CA7D4464E9F4}: "URL" = http://search.yahoo....}&fr=chr-ydwnld
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACEW
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-10-09 20:55:31&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh....q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Tony & Megan\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/04/03 12:09:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/04/03 12:12:35 | 000,000,000 | ---D | M]

[2011/08/28 11:16:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Tony & Megan\AppData\Roaming\Mozilla\Extensions
[2011/08/28 11:16:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Tony & Megan\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/03 11:42:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony & Megan\AppData\Roaming\Mozilla\Firefox\extensions
[2012/04/03 12:13:32 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Tony & Megan\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.c...fr&d=2011-10-09 20:55:31&v=10.0.0.7&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.goog...outputEncoding}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Tony & Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Tony & Megan\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\Tony & Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\
CHR - Extension: AVG Safe Search = C:\Users\Tony & Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4:64bit: - HKLM..\RunOnce: [PLD_FrameworkRunOnce] C:\Windows\SysNative\OEM\_waitAndLaunch_PLD_Framework_NoWait.vbs ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} http://l.yimg.com/jh...itched/main.cab (BewitchedGameClass Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 184.2.146.253 184.2.146.252
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{425DBE9F-06F4-4DBB-8018-068B6F8715E9}: DhcpNameServer = 184.2.146.253 184.2.146.252
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2ae99050-8881-11df-90c0-4487fc41cf65}\Shell - "" = AutoRun
O33 - MountPoints2\{2ae99050-8881-11df-90c0-4487fc41cf65}\Shell\AutoRun\command - "" = J:\LiteAuto.exe
O33 - MountPoints2\{5ca6fee4-d330-11e0-b39f-4487fc41cf65}\Shell - "" = AutoRun
O33 - MountPoints2\{5ca6fee4-d330-11e0-b39f-4487fc41cf65}\Shell\AutoRun\command - "" = J:\LiteAuto.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/03 16:45:47 | 000,000,000 | ---D | C] -- C:\Users\Tony & Megan\AppData\Roaming\asoftech
[2012/04/03 16:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Asoftech
[2012/04/03 16:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asoftech Data Recovery
[2012/04/01 15:20:02 | 000,000,000 | -H-D | C] -- C:\Users\Tony & Megan\AppData\Roaming\WhiteBear
[2012/03/30 11:12:56 | 000,000,000 | -H-D | C] -- C:\Users\Tony & Megan\AppData\Roaming\Shopping Blocks
[2012/03/23 22:46:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/03/16 12:50:15 | 000,000,000 | ---D | C] -- C:\Users\Tony & Megan\Documents\Electronic Arts
[2012/03/16 11:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012/03/16 11:07:09 | 000,000,000 | -H-D | C] -- C:\Users\Tony & Megan\AppData\Local\Origin
[2012/03/16 11:05:21 | 000,000,000 | -H-D | C] -- C:\Users\Tony & Megan\AppData\Roaming\Origin
[2012/03/16 11:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012/03/16 11:04:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\EA Core
[2012/03/16 11:04:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2012/03/15 14:48:18 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Encore
[2012/03/15 14:48:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Encore
[2012/03/15 12:34:12 | 000,000,000 | -H-D | C] -- C:\Users\Tony & Megan\AppData\Roaming\Mean Hamster
[2012/03/15 12:34:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Mean Hamster
[2012/03/12 10:55:55 | 000,000,000 | -H-D | C] -- C:\Users\Tony & Megan\AppData\Roaming\Fugazo
[2012/03/10 23:52:16 | 000,000,000 | -H-D | C] -- C:\Users\Tony & Megan\AppData\Roaming\Braintonik
[2012/03/10 23:52:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\Braintonik
[2012/03/10 21:10:47 | 000,000,000 | -H-D | C] -- C:\Users\Tony & Megan\AppData\Local\{AB0FB518-5851-44BC-B552-9532833B8EBE}
[2012/03/10 21:10:35 | 000,000,000 | -H-D | C] -- C:\Users\Tony & Megan\AppData\Local\{847CA01D-486E-4BA7-A7BF-EE26DEBB86A9}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/04 16:34:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/04 16:28:30 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/04 15:51:44 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/04 15:51:44 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/04 15:51:44 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/04 15:51:26 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/04 15:51:26 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/04 15:44:16 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/04 15:43:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/04 15:43:33 | 2213,990,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/04 11:21:40 | 093,598,011 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/03 23:41:43 | 000,002,313 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/03 16:45:47 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\Asoftech Data Recovery.lnk
[2012/03/30 11:06:27 | 000,001,160 | ---- | M] () -- C:\WildTangent Games App - wildgames.lnk
[2012/03/30 11:06:19 | 000,002,450 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
[2012/03/22 21:28:27 | 000,003,816 | -H-- | M] () -- C:\Users\Tony & Megan\AppData\Roaming\wklnhst.dat
[2012/03/16 13:11:15 | 000,002,180 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Ambitions.lnk
[2012/03/16 12:39:42 | 000,002,064 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2012/03/16 11:05:21 | 000,000,184 | ---- | M] () -- C:\Windows\wininit.ini
[2012/03/16 11:05:20 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/03/14 17:00:14 | 000,408,755 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/03/14 01:36:27 | 005,151,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/03 16:45:47 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\Asoftech Data Recovery.lnk
[2012/03/31 16:50:49 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/16 13:11:15 | 000,002,180 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Ambitions.lnk
[2012/03/16 12:39:41 | 000,002,064 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2012/03/16 11:05:20 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/01/08 14:34:03 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2011/07/09 03:23:14 | 000,000,000 | ---- | C] () -- C:\Windows\CastleMalloy.INI
[2011/06/29 17:20:57 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2011/06/10 21:41:10 | 000,000,000 | ---- | C] () -- C:\Windows\Secrets.INI
[2011/05/31 13:02:11 | 000,000,184 | ---- | C] () -- C:\Windows\wininit.ini
[2011/01/20 17:54:52 | 000,000,044 | -H-- | C] () -- C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
[2010/11/05 12:59:50 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/05/12 21:08:06 | 000,000,505 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/04/28 16:27:47 | 000,003,816 | -H-- | C] () -- C:\Users\Tony & Megan\AppData\Roaming\wklnhst.dat
[2010/04/09 09:21:33 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/04/07 16:04:59 | 000,000,035 | ---- | C] () -- C:\Windows\popcinfo.dat

========== LOP Check ==========

[2010/06/22 09:40:17 | 000,000,000 | -HSD | M] -- C:\Users\Tony & Megan\AppData\Roaming\.#
[2010/11/29 15:30:35 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
[2010/04/22 17:02:53 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Absolutist
[2012/04/03 11:42:03 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Alawar
[2012/04/03 11:42:03 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Alawar Entertainment
[2010/12/02 12:28:30 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\AlawarSouthpoint
[2012/04/03 12:13:28 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\AlderGames
[2012/04/03 11:42:04 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\aliasworlds
[2010/11/26 19:28:06 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Anarchy
[2011/04/13 20:21:03 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Artifex Mundi
[2011/03/25 09:56:27 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Ascaron Entertainment
[2012/04/03 16:45:47 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\asoftech
[2012/04/03 12:13:28 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Aveyond 3
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\AVG2012
[2012/04/03 11:42:04 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Awem
[2011/10/28 20:10:52 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Be a King 2
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\BeachPartyCraze
[2011/08/11 11:21:25 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Big Finish
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Bloom
[2011/01/31 19:46:26 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Boomzap
[2012/03/10 23:52:16 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Braintonik
[2011/11/30 20:33:12 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\BULKYPIX
[2010/03/13 10:24:13 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Canon
[2011/04/06 21:52:46 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\cerasus.media
[2011/08/26 10:25:40 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Colibri Games
[2012/02/15 22:25:44 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/07/10 11:01:58 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\DigirononGames
[2011/06/08 19:06:48 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\dingogames
[2011/03/04 11:20:05 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\DivoGames
[2010/11/22 17:20:18 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\DocClockGame
[2011/07/07 16:27:19 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\DreamWoods2ScreenShot
[2011/04/11 13:24:13 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Dying for Daylight
[2011/04/11 11:16:33 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Dying for Daylight Shared
[2011/07/07 12:27:10 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\FairyTale
[2011/12/29 20:51:38 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\FamilyVacationCalifornia
[2011/08/11 18:58:24 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Farm Mania 2.1
[2010/12/29 14:23:34 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Freeze Tag
[2012/04/03 11:42:05 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Friday's games
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\FriendsGamesNetwork
[2012/04/03 11:42:05 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\FrostWire
[2012/03/12 10:55:55 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Fugazo
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\funkitron
[2010/05/14 13:24:11 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Gaijin Ent
[2011/02/28 11:18:52 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\GameInvest
[2010/09/07 12:02:13 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Gamers Digital
[2012/02/28 15:17:57 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Gemaica
[2011/04/01 23:29:59 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\GestaltGames
[2012/04/03 11:42:05 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\GO Games
[2011/05/02 16:16:45 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2010/08/18 10:14:27 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Gogii Games
[2012/04/03 11:42:05 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Green Clover Games
[2010/05/13 21:09:02 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Happyville__
[2011/05/21 23:09:34 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\HdO Adventure
[2010/07/26 09:35:00 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Home Sweet Home
[2010/08/16 09:13:43 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Hotdog Hotshot
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Hoyle Card Games
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Hoyle Casino
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Hoyle FaceCreator
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Hoyle Puzzle and Board Games
[2011/01/12 18:36:38 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\InImages
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Islands
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Islands2
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Islands3
[2012/02/25 23:53:47 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\iWin
[2010/09/29 11:09:01 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\iWinG
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Jane s Hotel 3
[2010/12/09 19:44:45 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Jumb-O-Fun Games
[2011/02/06 17:11:06 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\KingArthur
[2011/09/01 21:02:31 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Kutawaves Game
[2011/04/21 21:10:57 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Ladia Group
[2012/04/03 11:42:10 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\LimeWire
[2011/01/21 10:24:06 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Little Worlds Online
[2012/04/03 11:42:10 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Lonely Troops
[2010/11/19 20:35:24 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Magnet's Story
[2012/03/15 12:34:12 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Mean Hamster
[2011/11/10 22:20:45 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Meridian93
[2012/04/03 11:42:23 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\MP3Rocket
[2012/04/03 11:42:23 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\My Games
[2012/04/03 11:42:23 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Mystery of Mortlake Mansion
[2010/10/25 15:45:28 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\NatGeoGames
[2011/06/02 16:42:31 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\NevoSoft
[2010/10/14 19:54:12 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Nevosoft Games
[2011/02/04 16:25:46 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Nevosoft-Breeze
[2011/03/07 21:57:50 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Old Castle
[2012/03/16 11:07:18 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Origin
[2012/04/03 12:13:32 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\PathToSuccess
[2010/03/27 20:05:56 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Peace Craft
[2010/09/20 14:50:37 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\PeaceCraft2
[2011/08/31 16:11:44 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\PeaceCraft3
[2011/12/08 18:25:35 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Ph03nixNewMedia
[2012/02/29 20:36:51 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\PlayFirst
[2012/04/03 11:42:24 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\playmink
[2011/01/20 17:55:03 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Playtinum
[2011/12/16 19:43:06 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Sahmon Games
[2011/03/31 22:39:33 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Sanna
[2011/02/10 15:09:11 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Scholastic
[2010/12/11 23:09:13 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Shape games
[2010/05/20 09:16:06 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\ShinyTales
[2012/03/30 11:18:12 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Shopping Blocks
[2012/04/03 11:42:24 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Silverback Productions
[2010/04/19 14:35:46 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Skip-Bo
[2012/01/26 23:16:47 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Sky Bros
[2012/04/03 11:42:24 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\SMIGames
[2012/04/03 12:13:32 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\SpinTop Games
[2011/07/27 22:38:44 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Stand O'Food 3
[2010/09/01 20:52:54 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\SulusGames
[2012/04/03 12:13:32 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Supermarket Mania 2
[2010/04/28 16:29:18 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Template
[2011/05/19 21:59:40 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\thejoyoffarming
[2011/01/26 16:04:04 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\TripleHippo
[2010/04/20 17:32:44 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\UClick
[2012/04/03 11:42:25 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\V-Games
[2011/07/20 11:56:53 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Valusoft
[2011/05/04 20:58:33 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Vasilek Games
[2011/11/25 14:08:01 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\VC 2 Paradise Resort
[2012/04/01 15:20:02 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\WhiteBear
[2011/05/22 21:21:29 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Wild Tangent
[2010/11/19 20:17:49 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\WildTangent
[2012/04/03 12:13:32 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\WildTangent All My Gods
[2011/03/02 20:29:17 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Windows Live Writer
[2011/03/09 23:30:54 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\World-Loom
[2010/08/17 14:13:00 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\YoudaGames
[2009/07/14 01:08:49 | 000,031,900 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:5F15D632
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D05E7A8B
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:1C678466
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:624A80FD

< End of report >
  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Megan, :wave:
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same.
Because of this, you must reply within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • All tools must be run from an account with Administrator privileges.
  • If I instruct you to download a specific tool which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, so you can check off each step as you complete it.
    Also, part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions!
  • Do not do things I do not ask for, such as running a spyware scan on your computer, installing/uninstall programs, deleting files, modifying the registry or running any tools, unless instructed to do so. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date (if possible)!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
    In light of this be prepared to back up your data. Have means of backing up your data available.


I see evidence of a TDL rootkit. We need to get some more data. Please delete the copy of OTL from the C:\Users\Tony & Megan\Downloads location and download a fresh copy and save it to the desktop.


Step-1.

Posted Image OTL Custom Scan

Download OTL to the Desktop. It is important that it is download to the Desktop. (FireFox users should right click the download link and click "Save File As". On the window that comes up, make sure the download location is the Desktop and click the Save button.)


1. Please copy the text in the code box below and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the code box, right click the mouse and click Copy.
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
C:\Windows\assembly\tmp\U\*.* /s
C:\Program Files\Common Files\ComObjects\*.* /s
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c

2. Run OTL from the desktop. To do that:
  • Double click on the Posted Image OTL icon to run it. Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Check the box beside Scan All Users at the top of the console
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extra Registry section click the radio button beside Use Safelist
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted. The scan won't take long.
  • When the scan completes, it will open OTL.Txt. A file named Extras.txt will be minimized. These files are also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of these files and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.
  • Repeat for the Extras.txt file.


Step-2.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.


Step-3.

Things For Your Next Post:
1. The OTL.txt log
2. The Extras.txt log
3. The aswMBR log
  • 0

#3
Megan Adams

Megan Adams

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thankyou so much for getting back to me! I really appreciate it!! :D I don't have multiple accounts on my computer.




OTL logfile created on: 4/5/2012 9:39:14 AM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Tony & Megan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 50.70% Memory free
5.50 Gb Paging File | 2.57 Gb Available in Paging File | 46.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.66 Gb Total Space | 312.77 Gb Free Space | 69.10% Space Free | Partition Type: NTFS

Computer Name: TOGAN-PC | User Name: Tony & Megan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/04/05 09:35:51 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Tony & Megan\Downloads\OTL.exe
PRC - [2012/03/31 16:50:45 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
PRC - [2012/03/13 01:24:56 | 000,918,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/13 01:24:54 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/15 18:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
PRC - [2009/08/25 15:18:34 | 000,499,712 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-649UB\WlanCU.exe
PRC - [2009/08/24 18:52:30 | 000,082,432 | ---- | M] () -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/26 19:09:36 | 000,167,936 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-649UB\WlanWpsSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/13 01:24:54 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2009/09/03 10:53:38 | 000,200,704 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-649UB\WPSCtrl.dll
MOD - [2009/08/25 15:18:34 | 000,499,712 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-649UB\WlanCU.exe
MOD - [2009/04/21 17:25:42 | 000,376,832 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-649UB\WlanDll.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2008/06/26 19:09:36 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files\TRENDnet\TEW-649UB\WlanWpsSvc.exe -- (WlanWpsSvc)
SRV - [2012/03/31 16:50:46 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/13 01:24:56 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/01 09:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/05 09:30:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/25 13:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/24 18:52:30 | 000,082,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/25 07:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 10:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/15 14:34:30 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwvmser2.sys -- (NWVMPort2)
DRV:64bit: - [2009/05/15 14:34:30 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwvmser.sys -- (NWVMPort)
DRV:64bit: - [2009/05/15 14:34:30 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwvmmdm.sys -- (NWVMModem)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/04/07 11:48:28 | 000,025,600 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NwUsbCdFil64.sys -- (NWUSBCDFIL64)
DRV:64bit: - [2009/02/23 17:43:44 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV:64bit: - [2009/02/23 17:43:44 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser.sys -- (NWUSBPort)
DRV:64bit: - [2009/02/23 17:43:44 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV:64bit: - [2008/12/19 12:26:38 | 000,255,488 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...05v1k5r4481s43o
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...05v1k5r4481s43o
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...05v1k5r4481s43o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...05v1k5r4481s43o
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh....q={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3879762224-3032293843-1878041767-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...05v1k5r4481s43o
IE - HKU\S-1-5-21-3879762224-3032293843-1878041767-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3879762224-3032293843-1878041767-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-3879762224-3032293843-1878041767-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3879762224-3032293843-1878041767-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3879762224-3032293843-1878041767-1001\..\SearchScopes\{3FD1E87F-3FEB-45B9-B95C-CA7D4464E9F4}: "URL" = http://search.yahoo....}&fr=chr-ydwnld
IE - HKU\S-1-5-21-3879762224-3032293843-1878041767-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACEW
IE - HKU\S-1-5-21-3879762224-3032293843-1878041767-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-3879762224-3032293843-1878041767-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-10-09 20:55:31&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3879762224-3032293843-1878041767-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh....q={searchTerms}
IE - HKU\S-1-5-21-3879762224-3032293843-1878041767-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3879762224-3032293843-1878041767-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Tony & Megan\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/04/03 12:09:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/04/03 12:12:35 | 000,000,000 | ---D | M]

[2011/08/28 11:16:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Tony & Megan\AppData\Roaming\Mozilla\Extensions
[2011/08/28 11:16:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Tony & Megan\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/03 11:42:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony & Megan\AppData\Roaming\Mozilla\Firefox\extensions
[2012/04/03 12:13:32 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Tony & Megan\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.c...fr&d=2011-10-09 20:55:31&v=10.0.0.7&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.goog...outputEncoding}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Tony & Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Tony & Megan\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\Tony & Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\
CHR - Extension: AVG Safe Search = C:\Users\Tony & Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3879762224-3032293843-1878041767-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3879762224-3032293843-1878041767-1001\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3879762224-3032293843-1878041767-1001..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4:64bit: - HKLM..\RunOnce: [PLD_FrameworkRunOnce] C:\Windows\SysNative\OEM\_waitAndLaunch_PLD_Framework_NoWait.vbs ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3879762224-3032293843-1878041767-1001\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} http://l.yimg.com/jh...itched/main.cab (BewitchedGameClass Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 184.2.146.253 184.2.146.252
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{425DBE9F-06F4-4DBB-8018-068B6F8715E9}: DhcpNameServer = 184.2.146.253 184.2.146.252
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2ae99050-8881-11df-90c0-4487fc41cf65}\Shell - "" = AutoRun
O33 - MountPoints2\{2ae99050-8881-11df-90c0-4487fc41cf65}\Shell\AutoRun\command - "" = J:\LiteAuto.exe
O33 - MountPoints2\{5ca6fee4-d330-11e0-b39f-4487fc41cf65}\Shell - "" = AutoRun
O33 - MountPoints2\{5ca6fee4-d330-11e0-b39f-4487fc41cf65}\Shell\AutoRun\command - "" = J:\LiteAuto.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 30 Days ==========

[2012/04/03 16:45:47 | 000,000,000 | ---D | C] -- C:\Users\Tony & Megan\AppData\Roaming\asoftech
[2012/04/03 16:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Asoftech
[2012/04/03 16:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asoftech Data Recovery
[2012/04/03 12:16:39 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2012/04/01 15:20:02 | 000,000,000 | -H-D | C] -- C:\Users\Tony & Megan\AppData\Roaming\WhiteBear
[2012/03/31 16:50:46 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/30 11:12:56 | 000,000,000 | -H-D | C] -- C:\Users\Tony & Megan\AppData\Roaming\Shopping Blocks
[2012/03/23 22:46:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/03/16 12:50:15 | 000,000,000 | ---D | C] -- C:\Users\Tony & Megan\Documents\Electronic Arts
[2012/03/16 11:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012/03/16 11:07:09 | 000,000,000 | -H-D | C] -- C:\Users\Tony & Megan\AppData\Local\Origin
[2012/03/16 11:05:21 | 000,000,000 | -H-D | C] -- C:\Users\Tony & Megan\AppData\Roaming\Origin
[2012/03/16 11:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012/03/16 11:04:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\EA Core
[2012/03/16 11:04:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2012/03/15 14:48:18 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Encore
[2012/03/15 14:48:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Encore
[2012/03/15 12:34:12 | 000,000,000 | -H-D | C] -- C:\Users\Tony & Megan\AppData\Roaming\Mean Hamster
[2012/03/15 12:34:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Mean Hamster
[2012/03/14 01:20:51 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/14 01:20:50 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/14 01:20:47 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/14 01:12:04 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/13 14:38:25 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/13 14:38:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/13 14:38:25 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/13 14:38:17 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/13 14:38:17 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/12 10:55:55 | 000,000,000 | -H-D | C] -- C:\Users\Tony & Megan\AppData\Roaming\Fugazo
[2012/03/10 23:52:16 | 000,000,000 | -H-D | C] -- C:\Users\Tony & Megan\AppData\Roaming\Braintonik
[2012/03/10 23:52:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\Braintonik
[2012/03/10 21:10:47 | 000,000,000 | -H-D | C] -- C:\Users\Tony & Megan\AppData\Local\{AB0FB518-5851-44BC-B552-9532833B8EBE}
[2012/03/10 21:10:35 | 000,000,000 | -H-D | C] -- C:\Users\Tony & Megan\AppData\Local\{847CA01D-486E-4BA7-A7BF-EE26DEBB86A9}
[2012/03/08 23:54:07 | 040,937,784 | ---- | C] (Microsoft Corporation) -- C:\Users\Tony & Megan\Desktop\US_Win7_X64.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/05 09:34:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/05 09:27:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/05 09:17:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/04 21:27:06 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/04 19:32:59 | 000,128,000 | ---- | M] () -- C:\Users\Tony & Megan\Desktop\g2g1.wps
[2012/04/04 18:18:33 | 093,671,270 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/04 15:51:44 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/04 15:51:44 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/04 15:51:44 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/04 15:51:26 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/04 15:51:26 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/04 15:43:33 | 2213,990,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/03 23:41:43 | 000,002,313 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/03 16:45:47 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\Asoftech Data Recovery.lnk
[2012/03/31 16:50:46 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/31 16:50:46 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/30 11:06:27 | 000,001,160 | ---- | M] () -- C:\WildTangent Games App - wildgames.lnk
[2012/03/30 11:06:19 | 000,002,450 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
[2012/03/22 21:28:27 | 000,003,816 | -H-- | M] () -- C:\Users\Tony & Megan\AppData\Roaming\wklnhst.dat
[2012/03/16 13:11:15 | 000,002,180 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Ambitions.lnk
[2012/03/16 12:39:42 | 000,002,064 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2012/03/16 11:05:21 | 000,000,184 | ---- | M] () -- C:\Windows\wininit.ini
[2012/03/16 11:05:20 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/03/14 17:00:14 | 000,408,755 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/03/14 01:36:27 | 005,151,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/08 23:54:39 | 040,937,784 | ---- | M] (Microsoft Corporation) -- C:\Users\Tony & Megan\Desktop\US_Win7_X64.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/04 19:32:59 | 000,128,000 | ---- | C] () -- C:\Users\Tony & Megan\Desktop\g2g1.wps
[2012/04/03 16:45:47 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\Asoftech Data Recovery.lnk
[2012/03/31 16:50:49 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/16 13:11:15 | 000,002,180 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Ambitions.lnk
[2012/03/16 12:39:41 | 000,002,064 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2012/03/16 11:05:20 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/01/08 14:34:03 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2011/07/09 03:23:14 | 000,000,000 | ---- | C] () -- C:\Windows\CastleMalloy.INI
[2011/06/29 17:20:57 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2011/06/10 21:41:10 | 000,000,000 | ---- | C] () -- C:\Windows\Secrets.INI
[2011/05/31 13:02:11 | 000,000,184 | ---- | C] () -- C:\Windows\wininit.ini
[2011/01/20 17:54:52 | 000,000,044 | -H-- | C] () -- C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
[2010/11/05 12:59:50 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/05/12 21:08:06 | 000,000,505 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/04/28 16:27:47 | 000,003,816 | -H-- | C] () -- C:\Users\Tony & Megan\AppData\Roaming\wklnhst.dat
[2010/04/09 09:21:33 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/04/07 16:04:59 | 000,000,035 | ---- | C] () -- C:\Windows\popcinfo.dat

========== LOP Check ==========

[2010/06/22 09:40:17 | 000,000,000 | -HSD | M] -- C:\Users\Tony & Megan\AppData\Roaming\.#
[2010/11/29 15:30:35 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
[2010/04/22 17:02:53 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Absolutist
[2012/04/03 11:42:03 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Alawar
[2012/04/03 11:42:03 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Alawar Entertainment
[2010/12/02 12:28:30 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\AlawarSouthpoint
[2012/04/03 12:13:28 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\AlderGames
[2012/04/03 11:42:04 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\aliasworlds
[2010/11/26 19:28:06 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Anarchy
[2011/04/13 20:21:03 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Artifex Mundi
[2011/03/25 09:56:27 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Ascaron Entertainment
[2012/04/03 16:45:47 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\asoftech
[2012/04/03 12:13:28 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Aveyond 3
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\AVG2012
[2012/04/03 11:42:04 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Awem
[2011/10/28 20:10:52 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Be a King 2
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\BeachPartyCraze
[2011/08/11 11:21:25 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Big Finish
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Bloom
[2011/01/31 19:46:26 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Boomzap
[2012/03/10 23:52:16 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Braintonik
[2011/11/30 20:33:12 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\BULKYPIX
[2010/03/13 10:24:13 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Canon
[2011/04/06 21:52:46 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\cerasus.media
[2011/08/26 10:25:40 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Colibri Games
[2012/02/15 22:25:44 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/07/10 11:01:58 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\DigirononGames
[2011/06/08 19:06:48 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\dingogames
[2011/03/04 11:20:05 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\DivoGames
[2010/11/22 17:20:18 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\DocClockGame
[2011/07/07 16:27:19 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\DreamWoods2ScreenShot
[2011/04/11 13:24:13 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Dying for Daylight
[2011/04/11 11:16:33 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Dying for Daylight Shared
[2011/07/07 12:27:10 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\FairyTale
[2011/12/29 20:51:38 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\FamilyVacationCalifornia
[2011/08/11 18:58:24 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Farm Mania 2.1
[2010/12/29 14:23:34 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Freeze Tag
[2012/04/03 11:42:05 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Friday's games
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\FriendsGamesNetwork
[2012/04/03 11:42:05 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\FrostWire
[2012/03/12 10:55:55 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Fugazo
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\funkitron
[2010/05/14 13:24:11 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Gaijin Ent
[2011/02/28 11:18:52 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\GameInvest
[2010/09/07 12:02:13 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Gamers Digital
[2012/02/28 15:17:57 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Gemaica
[2011/04/01 23:29:59 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\GestaltGames
[2012/04/03 11:42:05 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\GO Games
[2011/05/02 16:16:45 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2010/08/18 10:14:27 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Gogii Games
[2012/04/03 11:42:05 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Green Clover Games
[2010/05/13 21:09:02 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Happyville__
[2011/05/21 23:09:34 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\HdO Adventure
[2010/07/26 09:35:00 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Home Sweet Home
[2010/08/16 09:13:43 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Hotdog Hotshot
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Hoyle Card Games
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Hoyle Casino
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Hoyle FaceCreator
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Hoyle Puzzle and Board Games
[2011/01/12 18:36:38 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\InImages
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Islands
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Islands2
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Islands3
[2012/02/25 23:53:47 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\iWin
[2010/09/29 11:09:01 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\iWinG
[2012/04/03 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Jane s Hotel 3
[2010/12/09 19:44:45 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Jumb-O-Fun Games
[2011/02/06 17:11:06 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\KingArthur
[2011/09/01 21:02:31 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Kutawaves Game
[2011/04/21 21:10:57 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Ladia Group
[2012/04/03 11:42:10 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\LimeWire
[2011/01/21 10:24:06 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Little Worlds Online
[2012/04/03 11:42:10 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Lonely Troops
[2010/11/19 20:35:24 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Magnet's Story
[2012/03/15 12:34:12 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Mean Hamster
[2011/11/10 22:20:45 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Meridian93
[2012/04/03 11:42:23 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\MP3Rocket
[2012/04/03 11:42:23 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\My Games
[2012/04/03 11:42:23 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Mystery of Mortlake Mansion
[2010/10/25 15:45:28 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\NatGeoGames
[2011/06/02 16:42:31 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\NevoSoft
[2010/10/14 19:54:12 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Nevosoft Games
[2011/02/04 16:25:46 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Nevosoft-Breeze
[2011/03/07 21:57:50 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Old Castle
[2012/03/16 11:07:18 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Origin
[2012/04/03 12:13:32 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\PathToSuccess
[2010/03/27 20:05:56 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Peace Craft
[2010/09/20 14:50:37 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\PeaceCraft2
[2011/08/31 16:11:44 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\PeaceCraft3
[2011/12/08 18:25:35 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Ph03nixNewMedia
[2012/02/29 20:36:51 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\PlayFirst
[2012/04/03 11:42:24 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\playmink
[2011/01/20 17:55:03 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Playtinum
[2011/12/16 19:43:06 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Sahmon Games
[2011/03/31 22:39:33 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Sanna
[2011/02/10 15:09:11 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Scholastic
[2010/12/11 23:09:13 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Shape games
[2010/05/20 09:16:06 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\ShinyTales
[2012/03/30 11:18:12 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Shopping Blocks
[2012/04/03 11:42:24 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Silverback Productions
[2010/04/19 14:35:46 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Skip-Bo
[2012/01/26 23:16:47 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Sky Bros
[2012/04/03 11:42:24 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\SMIGames
[2012/04/03 12:13:32 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\SpinTop Games
[2011/07/27 22:38:44 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Stand O'Food 3
[2010/09/01 20:52:54 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\SulusGames
[2012/04/03 12:13:32 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Supermarket Mania 2
[2010/04/28 16:29:18 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Template
[2011/05/19 21:59:40 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\thejoyoffarming
[2011/01/26 16:04:04 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\TripleHippo
[2010/04/20 17:32:44 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\UClick
[2012/04/03 11:42:25 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\V-Games
[2011/07/20 11:56:53 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Valusoft
[2011/05/04 20:58:33 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Vasilek Games
[2011/11/25 14:08:01 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\VC 2 Paradise Resort
[2012/04/01 15:20:02 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\WhiteBear
[2011/05/22 21:21:29 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Wild Tangent
[2010/11/19 20:17:49 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\WildTangent
[2012/04/03 12:13:32 | 000,000,000 | ---D | M] -- C:\Users\Tony & Megan\AppData\Roaming\WildTangent All My Gods
[2011/03/02 20:29:17 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\Windows Live Writer
[2011/03/09 23:30:54 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\World-Loom
[2010/08/17 14:13:00 | 000,000,000 | -H-D | M] -- C:\Users\Tony & Megan\AppData\Roaming\YoudaGames
[2009/07/14 01:08:49 | 000,031,900 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:45 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=2CEFF13ACE25A40BD8D97654944297CD -- C:\Windows\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 87
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{425DBE9F-06F4-4DBB-8018-068B6F8715E9}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{68ABDD1B-481A-469A-8588-5A9EB965BBBB}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{C8D7903A-C6A0-4DB4-A3D9-42C9BDF343EE}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 07 01 05 01 01 01 0A 01 04 01 03 01 09 01 00 01 08 01 06 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 10
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/26 22:28:45 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/26 22:28:45 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/26 22:28:45 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/03/26 22:28:45 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/06/09 17:57:10 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/06/09 17:57:10 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/06/09 17:57:10 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/06/09 17:57:12 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/06/09 17:57:12 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/03/26 22:28:45 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/03/26 22:28:45 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/03/26 22:28:45 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/03/26 22:28:45 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/06/09 17:57:06 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/06/09 17:57:06 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/06/09 17:57:06 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/06/09 17:57:12 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/06/09 17:57:12 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST350041 8AS SCSI Disk Device
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic Compact Flash USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic SD/MMC USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic microSD USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic MS/MS-PRO USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE5 -
Interface type: USB
Media Type:
Model: Generic SM/xD-Picture USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 13.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 13959692288
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 453.00GB
Starting Offset: 14064549888
Hidden sectors: 0


< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: TOGAN-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 SYSTEM RESE NTFS Partition 100 MB Healthy System
Volume 2 C eMachines NTFS Partition 452 GB Healthy Boot
Volume 3 PQSERVICE NTFS Partition 13 GB Healthy Hidden
Volume 4 E Removable 0 B No Media
Volume 5 F Removable 0 B No Media
Volume 6 G Removable 0 B No Media
Volume 7 H Removable 0 B No Media
Volume 8 I Removable 0 B No Media

========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:5F15D632
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D05E7A8B
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:1C678466
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:624A80FD

< End of report >





OTL Extras logfile created on: 4/5/2012 9:39:14 AM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Tony & Megan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 50.70% Memory free
5.50 Gb Paging File | 2.57 Gb Available in Paging File | 46.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.66 Gb Total Space | 312.77 Gb Free Space | 69.10% Space Free | Partition Type: NTFS

Computer Name: TOGAN-PC | User Name: Tony & Megan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6D40BDA-5023-438D-B347-BE870E5F6F10}" = AVG 2012
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"72708A878DC584199F3015875030DA798146FD6B" = Windows Driver Package - Realtek Semiconductor Corp. (RTL8192su) Net (08/15/2009 1085.7.0815.2009)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AVG" = AVG 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB3C535-1171-4A20-B549-E2CB5DEB9723}" = MySQL Connector/ODBC 3.51
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AED6EB7-8FEA-4021-B8FD-EBAA6B21679F}" = Asoftech Data Recovery
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35163C1D-77D1-4D6C-B7D5-B22E6EEBE2A8}" = TRENDnet TEW-649UB Wireless N speed USB Adapter
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{40C2D00A-9235-4EA2-8AB9-2CAB7A842B49}" = Learn with Gateway
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B9C32DB-DBCD-45A8-B901-3A92A99A2474}" = InstallVC90Support
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{818FB39B-1A57-4F1B-A54D-391C33D6C586}" = Tropico
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117256953}" = Artist Colony
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B2C904FA-DB34-47A3-B8D6-50F4E7AC5808}" = Virgin Mobile Broadband Modem Drivers
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7666229-351B-47D9-AA6F-DF777CF04BBF}" = Caesar IV
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C22E50B4-B9D0-4a07-B1F3-12362514FEA7}" = The Sims™ 2 Double Deluxe
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C39B7B95-5009-4C64-B25B-B1AD6BDD9E8F}" = Broadband2Go
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = THE SETTLERS - Rise of an Empire
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA5BA1B6-38D7-4A8F-B623-8A587AF1D34F}" = Mobile Broadband Generic Drivers
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f8ed8c7d-6d12-4eb1-9fb9-80e48c357a12}" = Nero 9 Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Broadband2Go" = Broadband2Go
"Caesar 3 Demo" = Caesar 3 Demo
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Creative WebCam Center" = Creative WebCam Center
"Creative WebCam Instant User's Guide English" = Creative WebCam Instant User's Guide (English)
"DPP" = Canon Utilities Digital Photo Professional 3.4
"EA Download Manager" = EA Download Manager
"eMachines Registration" = eMachines Registration
"eMachines Screensaver" = eMachines ScreenSaver
"eMachines Welcome Center" = Welcome Center
"EOS Utility" = Canon Utilities EOS Utility
"FrostWire 5" = FrostWire 5.1.4
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"Lords of Magic Special Edition" = Lords of Magic Special Edition
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"MP3 Rocket" = MP3 Rocket
"MyCamera" = Canon Utilities MyCamera
"Origin" = Origin
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Pivot Stickfigure Animator_is1" = Pivot Stickfigure Animator version 2.2.6
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealityFactory" = RealityFactory
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Sierra Utilities" = Sierra Utilities
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WildTangent emachines Master Uninstall" = eMachines Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-06f7f13d-d77e-4978-9742-2a3218f8256a" = Treasure Hunters
"WTA-06fe244e-3668-450c-8414-19d809ffd80a" = Hoyle Card Games 2012
"WTA-07b7310a-e611-4bb3-944e-7ad9d7fbde3f" = Nostradamus: The Last Prophecy - Episode 1: Deadly Providence
"WTA-07c8fc87-0ee2-4857-8f6c-f9b67c65cc34" = Bird's Town
"WTA-07e6cfcf-7f34-4cc2-8359-43c4ffc024f7" = Shopping Blocks
"WTA-08f1367a-faca-4137-9ab2-f8ada7b7454f" = Banana Bugs ™
"WTA-0ad269f7-e9cd-464b-b0ff-f0fc023e20ed" = Summer Resort Mogul
"WTA-0d8af969-9955-4d42-b24a-79d09eac810b" = Plan N Plant
"WTA-0f6fb02e-0ddb-4f87-965d-2aac7ee4a616" = Magic Life
"WTA-10cd3d61-912a-4d7f-a023-c62abd010021" = Turtle Odyssey 2
"WTA-154b5e8e-230e-48ce-b112-0b88802fb769" = Rescue Team 2
"WTA-178b0992-97b7-47d8-a17b-f531b0818287" = Chocolatier - Decadence by Design
"WTA-19e035dd-6731-45b6-ac6f-b31ad8a93424" = Soap Opera Dash
"WTA-1a7f2978-da82-4d04-a53f-bf489cb378b4" = Rolling Spells
"WTA-1af84378-9ca9-4d8a-aaee-be7524f7e9cd" = Megapolis
"WTA-1f6437b8-9401-404f-aba7-3c9f94b1c627" = Time to Hurry: Nicole's Story
"WTA-20876695-0d68-4e1c-a067-c140d77d579a" = Smiling Pasta
"WTA-2542e6a0-6e97-437a-b479-0adc02178256" = The Golden Years: Way Out West
"WTA-278d691a-08d1-4b14-a0a4-fc035e3671e3" = Feelers
"WTA-27ef1634-c233-4d8a-8d65-27d1c64b8e6d" = Eighteen Wheels of Steel: Extreme Trucker 2
"WTA-2c45d540-3d2b-4629-8642-da6413f4936f" = World's Best Board Games
"WTA-2e6c9ee0-7ae4-4a36-8b4a-0d063c3bff3d" = Blue Madonna: A Carol Reed Mystery
"WTA-38c31bfb-9aae-4f3b-93fa-5c0ef00e708c" = Great Migrations
"WTA-3a14a103-feda-438d-a966-36d2772bd75b" = Fashionista
"WTA-3d64b23d-3311-4e1d-8f71-0ae03fd75b97" = Family Vacation: California
"WTA-410a97d9-4959-4c0a-8715-b374ce814e0d" = Railroad Lines
"WTA-42898acc-ca5d-4cc4-a5c8-83b498f90ab5" = The Island: Castaway
"WTA-4553cefe-72cc-4cb0-9cd6-779c02e5404a" = Ziro
"WTA-468a1735-c839-486f-8cf7-a21665d10f3f" = Glowfish
"WTA-46dd8cba-9845-4162-bb3a-ef4421717079" = Farmers Market
"WTA-47c45f2a-5e2e-4764-9aac-fa3311a9697a" = The Island: Castaway 2
"WTA-4927c6e6-4d9e-4e6c-bbb5-87e614eadee0" = Garden Dash
"WTA-4aef46bf-c8f8-441e-8e0c-b7300b015b12" = Puzzle Quest 2
"WTA-4b7e21c1-97c6-4cab-b2e7-990920453aa8" = Doc Clock: The Toasted Sandwich of Time
"WTA-4bbe7b89-513d-4e2b-bb1f-d446af25d606" = Trinklit Supreme
"WTA-502df99c-17ca-4f50-9817-3f99e5e7f02e" = Adam's Venture Episode 1: The Search for the Lost Garden
"WTA-5490359c-67d7-419a-878c-71ab1d880cfb" = Westward IV - All Aboard
"WTA-56ae988b-f4e7-4316-86db-3e27edd1c8d4" = DNA
"WTA-62948f02-7720-476d-bef0-9d58abca7677" = Drugstore Mania
"WTA-6332b31d-2631-41a1-bdd7-628f5c05473e" = Zooloretto
"WTA-65c93897-1dcc-4572-9835-2fb7e11a053c" = Mortimer Beckett and the Crimson Thief Premium Edition
"WTA-660c37b7-bcfc-4f9b-91a2-aa22680f8d1d" = Saving Private Sheep
"WTA-6789da8e-4047-40da-b070-c9be845a2bc0" = Gourmania 2: Great Expectations
"WTA-6a2500be-a7d5-4733-9da6-9e47083fa369" = All My Gods
"WTA-6adcec5e-91c8-4682-a9e4-f5f53224a30f" = Sky Taxi: Top Secret
"WTA-6b7028aa-b9a1-40b3-b385-de5f0a5399ee" = Gemaica
"WTA-6bb000ea-5e0b-44c4-a32f-7ac6bd2e92d4" = Shangri La 2 Deluxe
"WTA-6dc2365c-3d84-400f-a861-1bfaa83e43b7" = Dracula Series Part 3: The Destruction of the Evil
"WTA-6fdbe8d1-e940-4efc-b4b0-5a4b3c953b6c" = Royal Trouble
"WTA-71f7cb14-fcc5-465b-a3d7-90bc5ddf31d0" = Go Go Gourmet - Chef of the Year
"WTA-73f6b317-e982-4305-ab56-413f3300af2e" = Nancy Drew: Treasure in the Royal Tower
"WTA-75afbfaf-5a64-420e-bd1c-b7660251ef4e" = Jewelleria
"WTA-76b95fe0-8490-427b-8b91-6ebea79915ce" = Nancy Drew®: The Final Scene
"WTA-777b9325-05b2-4362-b6c9-fb39b691a046" = Mega World Smash
"WTA-790bda0c-4260-421a-b10a-fcfd765781d0" = Buried in Time
"WTA-79f34f92-76f2-452c-9691-375282be3b1e" = Farm 2
"WTA-7f139620-ec0e-4afc-aba1-6ff0621d88b0" = Bridge Constructor
"WTA-80821369-be18-496c-9cf8-1800900eb52b" = Burger Rush
"WTA-828a841d-4c8c-479d-a3e8-64acc961f08d" = Nightfall Mysteries: Asylum Conspiracy
"WTA-842372aa-37df-43ec-ba68-2bab5096cc8f" = Avenue Flo: Special Delivery
"WTA-881efa2e-4a18-47c9-a214-20cede0744c2" = Bicycle Blackjack
"WTA-8a9b5099-6027-497b-aa1f-1a090791b1a7" = Plants vs. Zombies - Game of the Year
"WTA-8c07f1bd-c60f-4eb7-9a70-46dee46a7bc7" = Ice Cream Mania
"WTA-8fae2d73-f4b9-4d1f-8ff8-e0accc03ba26" = Word Wonders: The Tower of Babel
"WTA-908b85ae-e0f6-4069-b1f7-423d27969121" = Royal Envoy 2 Collector's Edition
"WTA-93c8a438-b6dd-4c77-aa0b-a4a87c2818cb" = Supple: Episode 2
"WTA-94f8ffc3-7309-4f10-ae14-6c91a2953c05" = Farmscapes
"WTA-95da908c-cb0d-4976-a4d1-b22a385a3cb3" = Deal or No Deal
"WTA-98418f61-e117-4e09-be93-851165b5a9e1" = Country Harvest
"WTA-9acb75db-e437-49ed-a7e5-2ff0d2c1e02c" = Party Planner
"WTA-9c44f37f-502b-4862-a2f3-77d3234e594c" = World Riddles 3
"WTA-9ce54f5b-ec6e-4fed-83a2-0ad40cb19fe9" = Hotel Mogul: Las Vegas
"WTA-9d0640a3-fd8e-4f7e-857c-ad8b88a31a67" = Wild West Story: The Beginnings
"WTA-9ef4b04d-6912-4b8e-93cb-ddc07fa89114" = Farm Craft
"WTA-9f78e96f-58ad-44bd-a72f-4fe3acea38af" = Dancing Craze
"WTA-9f7cdf4e-ef3a-4f78-b0fe-6784e1157061" = Haunted Domains
"WTA-a73c1e71-50c6-4e16-9354-cf34ae7021cb" = New Yankee in King Arthur's Court
"WTA-a78caef8-8017-47d4-9c37-fdfedde9d513" = Wedding Salon
"WTA-ab9c2e1d-b916-4e7b-bbe1-2fe5d562ee85" = Running Sheep: Tiny Worlds
"WTA-b2182162-8ae5-4a38-9a83-7b3e06271cf6" = Mother Nature
"WTA-b425dd84-7f38-4d7d-8d22-28c18ed0f110" = Crazy Chicken Tales
"WTA-b4607045-624f-4359-8c82-480ff444c25f" = Rescue Frenzy
"WTA-b9842306-db20-432c-b7e8-ca49652b8aab" = World Mosaics
"WTA-b9c3785d-d585-40b7-b6db-543cc6010630" = Terrafarmers
"WTA-be7f0005-f9ec-41c2-879f-0246145ba6db" = Paradise Beach 2
"WTA-c0ff27a0-9072-4567-be4c-ba31155c0faa" = Candace Kane's Candy Factory
"WTA-c4e837d7-8a7a-4a5a-b370-e08b0ce5145c" = Samantha Swift
"WTA-cba73704-de5e-4d1f-8b39-e6a05c8877ac" = World Mosaics 5
"WTA-cd230a07-e9fd-41b2-a3c3-fbc05df25d08" = Virtual Farm 2
"WTA-cfab2637-c08f-4fc6-95ba-7a63b590634a" = Vampires vs. Zombies
"WTA-d2c9433e-b412-4273-9efb-2b232c62b133" = Super Collapse Puzzle Gallery 2
"WTA-d382dd09-d25e-42a3-a07d-99c8db282d0e" = World Mosaics 3 - Fairy Tales
"WTA-d54fd956-1075-434f-be46-50027b20c3b9" = Mahjongg - Ancient Egypt
"WTA-d7d160d3-54f2-4416-a3ae-22e97fd9819a" = Christmas Wonderland
"WTA-dc926629-1ae5-4cd2-adfa-57ab2a89db47" = SpongeBob Typing
"WTA-df41610f-8790-488f-9efb-29455110089c" = Oceanis
"WTA-e255f3d9-4bb3-4e64-8ac3-6facf82ae4dc" = Garden Defense
"WTA-e8fe83cb-6fd8-44bd-9a7a-181daa2ebb8f" = Success Story
"WTA-eaea5f88-0629-4fce-a847-3c3eed95128b" = Nancy Drew: Secrets Can Kill Remastered
"WTA-eb78a7a8-73f8-472f-820c-256bf04d9999" = Jane's Hotel Mania
"WTA-eba0bc46-0b26-48c0-82f5-5d4c5a378c59" = Phantasmat
"WTA-ebf245bb-6544-454d-a330-94fe02c3ad66" = Jenguu
"WTA-f15603c4-f801-479a-9150-c44feb826443" = Oddly Enough: Pied Piper
"WTA-f25d80c8-5f9a-4a9a-b362-85ea9fbe7e07" = Strimko
"WTA-f309b31a-db11-4196-b447-d4753d0f982a" = Faded Reality
"WTA-f71871a5-3c4b-43eb-b3a2-efc40cc04b34" = World Class Poker with T.J. Cloutier
"WTA-f79d56d9-40c5-4107-b589-df056f3c04d1" = Tiny Token Empires™
"WTA-fed64f3e-02ff-4ff1-8438-3a5b61d6eae4" = Prison Tycoon - Alcatraz
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3879762224-3032293843-1878041767-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-05 10:11:12
-----------------------------
10:11:12.069 OS Version: Windows x64 6.1.7601 Service Pack 1
10:11:12.069 Number of processors: 1 586 0x1601
10:11:12.069 ComputerName: TOGAN-PC UserName:
10:11:31.545 Initialize success
10:13:13.381 AVAST engine defs: 12040500
10:13:27.181 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
10:13:27.181 Disk 0 Vendor: ST350041 CC44 Size: 476940MB BusType: 3
10:13:27.191 Device \Driver\nvstor64 -> MajorFunction fffffa80037995c4
10:13:27.191 Disk 0 MBR read successfully
10:13:27.201 Disk 0 MBR scan
10:13:27.323 Disk 0 unknown MBR code
10:13:27.333 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
10:13:27.353 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
10:13:27.373 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463526 MB offset 27469824
10:13:27.413 Disk 0 scanning C:\Windows\system32\drivers
10:13:51.535 Service scanning
10:14:40.035 Modules scanning
10:14:40.045 Disk 0 trace - called modules:
10:14:40.397 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80037995c4]<<
10:14:40.407 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031c3060]
10:14:40.417 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8002fa3e40]
10:14:40.437 5 ACPI.sys[fffff88000f287a1] -> nt!IofCallDriver -> \Device\0000005b[0xfffffa8002f9b180]
10:14:40.450 \Driver\nvstor64[0xfffffa80036baa20] -> IRP_MJ_CREATE -> 0xfffffa80037995c4
10:14:50.527 AVAST engine scan C:\Windows
10:15:00.979 AVAST engine scan C:\Windows\system32
10:22:17.810 AVAST engine scan C:\Windows\system32\drivers
10:23:18.887 AVAST engine scan C:\Users\Tony & Megan
10:43:20.353 File: C:\Users\Tony & Megan\AppData\Local\Temp\A39F.tmp **INFECTED** Win32:MalOb-HP [Cryp]
11:04:56.314 AVAST engine scan C:\ProgramData
11:15:27.041 Scan finished successfully
11:18:06.973 Disk 0 MBR has been saved successfully to "C:\Users\Tony & Megan\Desktop\MBR.dat"
11:18:06.983 The log file has been saved successfully to "C:\Users\Tony & Megan\Desktop\aswMBR.txt"
  • 0

#4
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Megan,

I see some evidence of a TDL rootkit. Let's see if we can find it.


Step-1.

Posted Image Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Disable your Firewall

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programs being marked for deletion then reboot again, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Don't forget to reenable your Firewall and Anti-Virus


Step-2.

Things For Your Next Post:
1. The ComboFix log
2. How are things running?
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP