Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AVG telling me that QTTask.exe (part of Quicktime) is a Trojan

Started by austinmusician , Dec 24 2010 01:02 PM

  • Please log in to reply

#1
austinmusician
Posted 24 December 2010 - 01:02 PM

austinmusician

    New Member

  • Member
  • Pip
  • 1 posts
Hello - I have Windows 7 Professional N, with AVG as the anti-virus program. I do have the Firewall on and I have been running Spybot and Ad-Aware since I installed Windows 7 on this machine about 6 months ago.

I have recently been getting many crashes from Flash in all browsers, so I followed some suggestions online to update my sound card driver and got the driver directly from the product website so I know that didn't have a malware in it. Just in case it has anything to do with all of this I wanted to let you know about that installation that was done earlier today.

Soon after I put in the new driver I got a notification that QTTask.exe in Quicktime's program folder was seen by AVG as being a Trojan.

I ran OTL and here is the Wordpad file from that run (I also posted the "extras" file after it):

OTL logfile created on: 12/24/2010 12:24:42 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Allen\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 34.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 10000 20000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.78 Gb Total Space | 29.55 Gb Free Space | 26.44% Space Free | Partition Type: NTFS

Computer Name: ALLEN-LAPTOP | User Name: Allen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/24 12:23:38 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Allen\Desktop\OTL.exe
PRC - [2010/12/23 13:55:15 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010/12/16 12:12:24 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/12/05 16:40:29 | 000,928,496 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/12/05 16:40:28 | 001,375,992 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/12/05 09:22:06 | 000,724,704 | ---- | M] (Notably Good Ltd) -- C:\Program Files (x86)\Affixa\AffixaTray.exe
PRC - [2010/11/24 09:45:52 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/11/24 09:45:12 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/14 15:45:37 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/07/21 07:21:32 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/06/22 20:54:53 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/22 20:54:45 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgam.exe
PRC - [2010/05/20 23:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/20 23:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/03/23 17:02:50 | 000,872,448 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/05/20 11:18:32 | 000,221,184 | ---- | M] () -- C:\Windows\system\cm106eye.exe


========== Modules (SafeList) ==========

MOD - [2010/12/24 12:23:38 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Allen\Desktop\OTL.exe
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/12/01 19:45:18 | 000,932,864 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2010/12/05 16:40:28 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/15 15:32:58 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/21 07:21:32 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/06/22 20:54:53 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/08 16:06:40 | 000,066,552 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mozy.sys -- (mozyFilter)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/23 01:46:09 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/09/15 15:19:44 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/07/21 15:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/21 15:59:28 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2010/07/07 17:18:58 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2010/06/22 20:55:05 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/06/22 20:55:03 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/06/22 20:54:49 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/06/22 12:11:02 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (AvgRkx64)
DRV:64bit: - [2010/05/31 01:29:58 | 000,077,312 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ax88772.sys -- (AX88772)
DRV:64bit: - [2010/03/12 17:21:52 | 000,097,280 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 17:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/07 23:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:34:35 | 000,087,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b44amd64.sys -- (bcm44amd64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/14 06:16:46 | 001,306,624 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CM10664.sys -- (USBMULCD)
DRV:64bit: - [2008/12/01 21:15:04 | 005,000,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2007/03/19 11:09:36 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/01/25 06:02:34 | 001,092,096 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM106.sys -- (CM1063264)
DRV:64bit: - [2006/11/07 09:31:30 | 000,017,168 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2010/12/05 16:40:38 | 000,017,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://empowermentco...phq.com/clients
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 47 04 33 8C 45 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://empowermentco...com/todo_lists"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.15.1b
FF - prefs.js..extensions.enabledItems: {732A141A-E40A-45c7-8F12-520284102A7D}:1.2
FF - prefs.js..extensions.enabledItems: {732A141A-E40A-45c7-8F12-520284102A7E}:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:3.4.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://www.google.co...lient&hl=en&q="
FF - prefs.js..network.proxy.type: 0

FF - user.js..network.proxy.socks: ""
FF - user.js..network.proxy.socks_port: 0
FF - user.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/12/01 14:17:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2010/12/16 12:13:17 | 000,000,000 | ---D | M]

[2010/12/01 14:37:25 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Mozilla\Extensions
[2010/09/03 08:57:34 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/12/16 12:22:49 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\d4ecg2fh.default\extensions
[2010/12/01 14:37:28 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\d4ecg2fh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/12/01 14:37:28 | 000,000,000 | ---D | M] (Affixa - Login Handler) -- C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\d4ecg2fh.default\extensions\{732A141A-E40A-45c7-8F12-520284102A7D}
[2010/12/01 14:37:28 | 000,000,000 | ---D | M] (Affixa - Login Handler) -- C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\d4ecg2fh.default\extensions\{732A141A-E40A-45c7-8F12-520284102A7E}
[2010/12/01 14:37:27 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\d4ecg2fh.default\extensions\[email protected]
[2010/12/10 06:39:39 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\d4ecg2fh.default\extensions\[email protected]
[2010/10/04 20:44:19 | 000,001,820 | ---- | M] () -- C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\d4ecg2fh.default\searchplugins\bing.xml
[2010/12/16 12:44:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/01 14:18:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/01 14:18:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/01 14:18:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/27 13:45:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/12/05 17:00:51 | 000,426,705 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14693 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - No CLSID value found.
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [CM106Sound] C:\Windows\Syswow64\cm106.DLL (C-Media Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKCU..\Run: [Affixa] C:\Program Files (x86)\Affixa\AffixaTray.exe (Notably Good Ltd)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: experienceretirement.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: investprogram.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: nationallife.com ([www] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {70B51AE4-7CC1-42A8-9EB0-6A46621B8E0A} https://www.lifeofso...tController.ocx (PrintController Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/26 11:16:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/24 12:23:37 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Allen\Desktop\OTL.exe
[2010/12/24 12:06:58 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/12/24 11:57:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/12/24 08:57:56 | 008,126,464 | ---- | C] (C-Media Corporation) -- C:\Windows\SysWow64\CM106.dll
[2010/12/24 08:54:37 | 001,306,624 | ---- | C] (C-Media Electronics Inc) -- C:\Windows\SysNative\drivers\CM10664.sys
[2010/12/24 08:20:02 | 005,804,032 | ---- | C] (C-Media Corporation) -- C:\Windows\SysWow64\CM106.cpl
[2010/12/24 08:20:02 | 001,092,096 | ---- | C] (C-Media Inc) -- C:\Windows\SysNative\drivers\CM106.sys
[2010/12/24 08:20:02 | 000,491,520 | ---- | C] (C-Media Corporation) -- C:\Windows\SysWow64\CM106rm.exe
[2010/12/24 08:20:02 | 000,200,704 | ---- | C] (C-Media) -- C:\Windows\SysWow64\cmpa106.dll
[2010/12/24 08:20:02 | 000,032,768 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysNative\c106prop.dll
[2010/12/22 13:33:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Peter Drew
[2010/12/22 09:10:50 | 000,000,000 | ---D | C] -- C:\Users\Allen\Desktop\Unlock The Game
[2010/12/21 18:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/21 18:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/21 18:35:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/12/21 18:31:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/12/21 18:31:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/12/16 12:20:09 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\RoboForm
[2010/12/16 03:04:16 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/12/13 18:08:51 | 001,871,008 | ---- | C] (Notably Good Ltd ) -- C:\Users\Allen\AppData\Roaming\Affixa-Download.exe
[2010/12/07 09:54:19 | 000,000,000 | ---D | C] -- C:\Users\Allen\Desktop\Book Yourself Solid
[2010/12/05 16:40:45 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/12/05 16:34:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/12/05 16:33:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010/12/04 22:33:47 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll
[2010/12/04 22:33:46 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll
[2010/12/04 22:33:46 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll
[2010/12/04 22:33:36 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BROSNMP.DLL
[2010/12/03 19:46:35 | 000,000,000 | ---D | C] -- C:\Users\Allen\sanders triplets 6
[2010/12/02 08:05:09 | 000,000,000 | R--D | C] -- C:\Users\Allen\Documents\Notes
[2010/12/01 16:02:38 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/12/01 15:50:07 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2010/12/01 15:41:06 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2010/12/01 14:11:48 | 000,000,000 | --SD | C] -- C:\Users\Allen\AppData\Roaming\Microsoft
[2010/12/01 14:11:48 | 000,000,000 | R--D | C] -- C:\Users\Allen\Videos
[2010/12/01 14:11:48 | 000,000,000 | R--D | C] -- C:\Users\Allen\Saved Games
[2010/12/01 14:11:48 | 000,000,000 | R--D | C] -- C:\Users\Allen\Pictures
[2010/12/01 14:11:48 | 000,000,000 | R--D | C] -- C:\Users\Allen\Music
[2010/12/01 14:11:48 | 000,000,000 | R--D | C] -- C:\Users\Allen\Links
[2010/12/01 14:11:48 | 000,000,000 | R--D | C] -- C:\Users\Allen\Favorites
[2010/12/01 14:11:48 | 000,000,000 | R--D | C] -- C:\Users\Allen\Downloads
[2010/12/01 14:11:48 | 000,000,000 | R--D | C] -- C:\Users\Allen\My Documents
[2010/12/01 14:11:48 | 000,000,000 | R--D | C] -- C:\Users\Allen\Desktop
[2010/12/01 14:11:48 | 000,000,000 | -HSD | C] -- C:\Users\Allen\AppData\Local\Temporary Internet Files
[2010/12/01 14:11:48 | 000,000,000 | -HSD | C] -- C:\Users\Allen\Templates
[2010/12/01 14:11:48 | 000,000,000 | -HSD | C] -- C:\Users\Allen\Start Menu
[2010/12/01 14:11:48 | 000,000,000 | -HSD | C] -- C:\Users\Allen\SendTo
[2010/12/01 14:11:48 | 000,000,000 | -HSD | C] -- C:\Users\Allen\Recent
[2010/12/01 14:11:48 | 000,000,000 | -HSD | C] -- C:\Users\Allen\PrintHood
[2010/12/01 14:11:48 | 000,000,000 | -HSD | C] -- C:\Users\Allen\NetHood
[2010/12/01 14:11:48 | 000,000,000 | -HSD | C] -- C:\Users\Allen\Documents\My Videos
[2010/12/01 14:11:48 | 000,000,000 | -HSD | C] -- C:\Users\Allen\Documents\My Pictures
[2010/12/01 14:11:48 | 000,000,000 | -HSD | C] -- C:\Users\Allen\Documents\My Music
[2010/12/01 14:11:48 | 000,000,000 | -HSD | C] -- C:\Users\Allen\My Documents
[2010/12/01 14:11:48 | 000,000,000 | -HSD | C] -- C:\Users\Allen\Local Settings
[2010/12/01 14:11:48 | 000,000,000 | -HSD | C] -- C:\Users\Allen\AppData\Local\History
[2010/12/01 14:11:48 | 000,000,000 | -HSD | C] -- C:\Users\Allen\Cookies
[2010/12/01 14:11:48 | 000,000,000 | -HSD | C] -- C:\Users\Allen\Application Data
[2010/12/01 14:11:48 | 000,000,000 | -HSD | C] -- C:\Users\Allen\AppData\Local\Application Data
[2010/12/01 14:11:48 | 000,000,000 | -H-D | C] -- C:\Users\Allen\AppData
[2010/12/01 14:11:48 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\Temp
[2010/12/01 14:11:48 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\Microsoft
[2010/12/01 14:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/12/01 14:05:18 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/11/29 12:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2010/11/29 12:55:00 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\Citrix
[2010/11/27 15:28:44 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\ATI
[2010/11/27 15:28:44 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\ATI
[2010/11/27 15:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/11/27 13:46:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/11/14 09:05:21 | 000,066,552 | ---- | C] (Mozy, Inc.) -- C:\Windows\SysNative\drivers\mozy.sys

========== Files - Modified Within 30 Days ==========

[2010/12/24 12:23:38 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Allen\Desktop\OTL.exe
[2010/12/24 12:10:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-222924860-212169808-1978721503-1000UA.job
[2010/12/24 12:09:04 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-222924860-212169808-1978721503-1000Core.job
[2010/12/24 11:57:50 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/12/24 11:51:30 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/24 10:57:36 | 000,017,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/24 10:57:36 | 000,017,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/24 10:49:56 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/24 10:48:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/24 10:48:44 | 1508,413,440 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/24 08:57:56 | 000,000,276 | ---- | M] () -- C:\Windows\Cm106.ini.cfl
[2010/12/24 08:57:56 | 000,000,133 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2010/12/24 08:57:55 | 000,000,100 | ---- | M] () -- C:\Windows\Cm106.ini.imi
[2010/12/24 08:55:43 | 000,000,049 | ---- | M] () -- C:\Windows\System\Cm106.ini
[2010/12/24 06:44:44 | 069,305,001 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/12/24 04:40:34 | 000,003,450 | ---- | M] () -- C:\Windows\mozy.flt
[2010/12/24 04:40:34 | 000,002,854 | ---- | M] () -- C:\Windows\mozy.blk
[2010/12/22 13:33:13 | 000,002,707 | ---- | M] () -- C:\Users\Public\Desktop\EVO2.lnk
[2010/12/21 18:36:39 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/16 17:59:04 | 000,406,592 | ---- | M] () -- C:\Users\Allen\.ranktracker.properties
[2010/12/16 12:06:27 | 000,002,316 | ---- | M] () -- C:\Users\Allen\Desktop\Google Chrome.lnk
[2010/12/16 03:22:46 | 000,462,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/15 15:52:12 | 000,001,214 | ---- | M] () -- C:\Users\Allen\Desktop\John Assaraf course - Money - Shortcut.lnk
[2010/12/15 07:23:32 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010/12/13 18:08:57 | 001,871,008 | ---- | M] (Notably Good Ltd ) -- C:\Users\Allen\AppData\Roaming\Affixa-Download.exe
[2010/12/13 17:34:34 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/13 17:34:34 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/13 17:34:34 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/08 02:21:30 | 000,000,600 | ---- | M] () -- C:\Users\Allen\AppData\Local\PUTTY.RND
[2010/12/05 17:00:51 | 000,426,705 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/12/05 16:34:45 | 000,001,166 | ---- | M] () -- C:\Users\Allen\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/12/05 16:34:45 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/12/04 22:34:59 | 000,000,308 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2010/12/04 22:34:59 | 000,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini
[2010/12/04 22:34:55 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010/12/04 22:34:55 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\BD8660DN.DAT
[2010/12/04 22:34:26 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini
[2010/12/04 22:34:26 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bd8660dn.dat
[2010/12/04 21:27:38 | 000,007,595 | ---- | M] () -- C:\Users\Allen\AppData\Local\Resmon.ResmonCfg
[2010/12/04 10:52:16 | 000,001,379 | ---- | M] () -- C:\Users\Allen\Desktop\DVDMaker.lnk
[2010/12/03 22:22:34 | 000,001,097 | ---- | M] () -- C:\Users\Allen\Desktop\Antrim lawsuit - Shortcut.lnk
[2010/12/01 16:02:23 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/12/01 15:36:46 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/12/01 15:32:00 | 000,001,437 | ---- | M] () -- C:\Users\Allen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/01 15:08:21 | 000,038,521 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/12/01 15:08:21 | 000,038,521 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/12/01 14:49:55 | 000,022,744 | ---- | M] () -- C:\Windows\SysNative\emptyregdb.dat
[2010/12/01 14:09:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2010/12/01 14:08:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ax88772_01009.Wdf
[2010/12/01 14:08:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2010/12/01 14:07:59 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010/12/01 14:05:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2010/12/01 12:47:36 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/12/01 12:47:36 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/12/01 11:55:43 | 000,001,865 | ---- | M] () -- C:\Users\Allen\Desktop\ImgBurn.lnk
[2010/12/01 11:11:21 | 000,012,288 | ---- | M] () -- C:\Users\Allen\Documents\Bio for Allen Sanders.doc
[2010/11/29 12:54:53 | 000,110,456 | ---- | M] () -- C:\Users\Allen\g2ax_customer_downloadhelper_win32_x86.exe
[2010/11/29 08:52:27 | 001,807,340 | ---- | M] () -- C:\Users\Allen\Desktop\Winning The Inner Game of Money Users Manual.pdf
[2010/11/27 13:24:26 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010/11/24 13:57:49 | 003,319,264 | ---- | M] () -- C:\Users\Allen\Desktop\bonus-10-niches-PDF.pdf
[2010/11/14 09:05:29 | 000,000,913 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[2010/11/08 16:06:40 | 000,066,552 | ---- | M] (Mozy, Inc.) -- C:\Windows\SysNative\drivers\mozy.sys
[2010/11/06 03:36:28 | 005,120,095 | ---- | M] () -- C:\Users\Allen\Desktop\Howie Schwartz - 15 new niches.pdf
[2010/11/04 10:34:10 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/10/26 19:24:10 | 009,994,696 | ---- | M] () -- C:\Users\Allen\Desktop\Byron Katie - Loving What Is.pdf

========== Files Created - No Company Name ==========

[2010/12/24 11:57:50 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/12/24 08:57:56 | 000,389,120 | ---- | C] () -- C:\Windows\SysNative\CM106.cpl
[2010/12/24 08:57:56 | 000,221,184 | ---- | C] () -- C:\Windows\System\cm106eye.exe
[2010/12/24 08:57:56 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll
[2010/12/24 08:57:56 | 000,010,134 | ---- | C] () -- C:\Windows\cmeau106.ico
[2010/12/24 08:57:56 | 000,000,276 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2010/12/24 08:55:43 | 000,354,304 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll
[2010/12/24 08:55:43 | 000,002,391 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2010/12/24 08:55:43 | 000,000,100 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2010/12/24 08:55:43 | 000,000,049 | ---- | C] () -- C:\Windows\System\Cm106.ini
[2010/12/24 08:55:40 | 000,000,518 | ---- | C] () -- C:\Windows\cm106.ini
[2010/12/24 08:22:46 | 000,779,776 | ---- | C] () -- C:\Windows\SysNative\Cmeau106.exe
[2010/12/24 08:22:46 | 000,000,133 | ---- | C] () -- C:\Windows\System\Dlap.pfx
[2010/12/24 08:20:45 | 000,065,536 | ---- | C] () -- C:\Windows\VMix.dll
[2010/12/24 08:20:02 | 000,491,520 | ---- | C] () -- C:\Windows\System\cmau106.dll
[2010/12/24 08:20:02 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\CM106rm.dll
[2010/12/22 13:33:13 | 000,002,707 | ---- | C] () -- C:\Users\Public\Desktop\EVO2.lnk
[2010/12/21 18:36:39 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/16 12:06:27 | 000,002,316 | ---- | C] () -- C:\Users\Allen\Desktop\Google Chrome.lnk
[2010/12/16 12:05:00 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-222924860-212169808-1978721503-1000UA.job
[2010/12/16 12:04:58 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-222924860-212169808-1978721503-1000Core.job
[2010/12/15 15:52:12 | 000,001,214 | ---- | C] () -- C:\Users\Allen\Desktop\John Assaraf course - Money - Shortcut.lnk
[2010/12/08 02:21:07 | 000,000,600 | ---- | C] () -- C:\Users\Allen\AppData\Local\PUTTY.RND
[2010/12/05 16:34:45 | 000,001,166 | ---- | C] () -- C:\Users\Allen\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/12/05 16:34:45 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/12/04 22:34:55 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD8660DN.DAT
[2010/12/04 22:33:59 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2010/12/04 22:33:59 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2010/12/04 22:30:03 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\bd8660dn.dat
[2010/12/04 21:27:38 | 000,007,595 | ---- | C] () -- C:\Users\Allen\AppData\Local\Resmon.ResmonCfg
[2010/12/04 10:52:16 | 000,001,379 | ---- | C] () -- C:\Users\Allen\Desktop\DVDMaker.lnk
[2010/12/03 22:22:11 | 000,001,097 | ---- | C] () -- C:\Users\Allen\Desktop\Antrim lawsuit - Shortcut.lnk
[2010/12/01 17:02:02 | 000,316,640 | ---- | C] () -- C:\Windows\WMSysPr9.prx
[2010/12/01 15:36:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/01 15:10:40 | 1508,413,440 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/01 14:49:56 | 000,022,744 | ---- | C] () -- C:\Windows\SysNative\emptyregdb.dat
[2010/12/01 14:11:48 | 000,000,290 | ---- | C] () -- C:\Users\Allen\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/12/01 14:11:48 | 000,000,272 | ---- | C] () -- C:\Users\Allen\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/12/01 14:09:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2010/12/01 14:08:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ax88772_01009.Wdf
[2010/12/01 14:08:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2010/12/01 14:07:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/01 14:05:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2010/12/01 12:47:35 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/12/01 12:47:35 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/11/29 12:54:51 | 000,110,456 | ---- | C] () -- C:\Users\Allen\g2ax_customer_downloadhelper_win32_x86.exe
[2010/11/29 08:51:50 | 001,807,340 | ---- | C] () -- C:\Users\Allen\Desktop\Winning The Inner Game of Money Users Manual.pdf
[2010/11/28 04:30:35 | 000,003,450 | ---- | C] () -- C:\Windows\mozy.flt
[2010/11/28 04:30:35 | 000,002,854 | ---- | C] () -- C:\Windows\mozy.blk
[2010/11/27 13:24:26 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010/11/24 13:57:38 | 003,319,264 | ---- | C] () -- C:\Users\Allen\Desktop\bonus-10-niches-PDF.pdf
[2010/11/06 03:36:28 | 005,120,095 | ---- | C] () -- C:\Users\Allen\Desktop\Howie Schwartz - 15 new niches.pdf
[2010/10/26 18:33:46 | 009,994,696 | ---- | C] () -- C:\Users\Allen\Desktop\Byron Katie - Loving What Is.pdf
[2010/10/11 07:34:19 | 000,000,000 | ---- | C] () -- C:\Windows\amtui.INI
[2010/10/11 07:26:37 | 000,000,622 | ---- | C] () -- C:\Windows\InsMark.INI
[2010/10/11 07:11:50 | 000,000,805 | ---- | C] () -- C:\Windows\Ics.ini
[2010/10/11 07:11:50 | 000,000,655 | ---- | C] () -- C:\Windows\LEDGER.INI
[2010/10/11 06:39:44 | 000,000,252 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/07/08 21:13:25 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/24 10:05:09 | 000,000,308 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/06/24 10:05:09 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/06/24 10:03:09 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2010/06/24 00:45:31 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/06/22 22:26:33 | 000,004,544 | ---- | C] () -- C:\Windows\Cmudau.ini
[2010/06/22 22:16:08 | 000,076,407 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\Smiley.ico
[2010/06/22 19:15:07 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\STLL Notifier
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2005/01/17 06:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2004/08/09 06:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI

========== LOP Check ==========

[2010/12/01 14:35:44 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Affixa
[2010/12/01 14:36:57 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Audacity
[2010/12/01 14:36:57 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\AVG9
[2010/12/01 14:36:57 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\CherryPickerLive
[2010/12/01 14:36:57 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\CoreFTP
[2010/12/01 14:36:57 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Facebook
[2010/12/01 14:36:57 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\FileZilla
[2010/12/14 14:53:45 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\GoodSync
[2010/12/01 14:36:58 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\ImgBurn
[2010/12/09 08:59:53 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Mapi2Xml
[2010/12/01 14:37:10 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/12/01 14:37:28 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\OpenOffice.org
[2010/12/16 12:20:09 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\RoboForm
[2010/06/24 23:42:55 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Windows Live Writer
[2009/07/13 23:08:02 | 000,014,444 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >


EXTRAS.txt file:

OTL Extras logfile created on: 12/24/2010 12:24:42 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Allen\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 34.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 10000 20000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.78 Gb Total Space | 29.55 Gb Free Space | 26.44% Space Free | Partition Type: NTFS

Computer Name: ALLEN-LAPTOP | User Name: Allen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 61 01 DA 5A 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{639673E9-D53F-44F4-A046-485C8A6ADA16}" = Paint.NET v3.5.6
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{98386ADC-F440-7D46-B4A9-C80767ECB355}" = ccc-utility64
"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{CB090A2C-B2F9-110F-F9D2-08B47D08D36F}" = MozyHome
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"C-Media CM106 Like Sound Driver" = USB Multi-Channel Audio Device
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0444FC4A-DF1E-DD5F-7AFC-4D2328A13CC0}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2E84FD26-F08D-5A71-EF55-33D44118E9C7}" = Catalyst Control Center Graphics Previews Vista
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{38BB71E6-2678-4C3E-9B87-2CEB661E6DE7}" = Hyland Web ActiveX Controls
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Ver.3.53.02
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5D96FDF2-5B2C-2C1A-87E2-EF468F51E13E}" = Catalyst Control Center Graphics Full Existing
"{5E2691D1-9EDF-43E8-9CF2-E3DF6A17706E}" = Catalyst Registration
"{7C28FB61-96F5-247F-7826-CF667A89D30C}" = Market Samurai
"{87EFDEB9-BB85-4094-773C-8C2CAF1FC515}" = CCC Help English
"{90120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{90120000-0019-0000-0000-0000000FF1CE}_PUBLISHER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0000-0000-0000000FF1CE}_PUBLISHER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PUBLISHER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PUBLISHER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PUBLISHER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}" = Brother MFL-Pro Suite MFC-8660DN
"{9E592B66-DCDF-4774-A27D-DF62A772C0B9}" = IC Solutions
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C155AA8C-1DC6-ABD1-C655-E623F4127561}" = Catalyst Control Center Graphics Previews Common
"{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}" = Sibelius 5
"{C24D518D-3645-4BAA-83BA-D73C827E2607}" = Private Proxy
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB5089FC-CC3E-4021-BF63-2BC6ADB110F9}" = EVO2
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{D695502C-713E-4F14-9025-92E02FB40B0E}" = MySpeed v3.6.6
"{D8DC9FBC-85A7-E176-AE3C-C20981C0DDF1}" = Catalyst Control Center Core Implementation
"{DCC8DA46-5386-1941-7065-3FDB3C7BD0F6}" = CherryPicker
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E35743C3-D86D-DDCA-448F-BF8D6FDFB84B}" = Skins
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ECEF1A6A-3A05-6271-8020-1D3616E6AA58}" = Catalyst Control Center Graphics Full New
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F610A6F4-9D9C-2E07-6646-D90AE7974CC5}" = ccc-core-static
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{FCE9245B-BBAC-4F18-8A3D-C30778DAEDAE}" = NACIS
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Affixa_is1" = Affixa
"AI RoboForm" = AI RoboForm 7-1-0 (All Users)
"A-PDF Password Security_is1" = A-PDF Password Security 2.1
"A-PDF Restrictions Remover_is1" = A-PDF Restrictions Remover 1.6
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"AVG9Uninstall" = AVG 9.0
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Editor 4_is1" = AVS Video Editor 4
"CherryPickerLive" = CherryPicker
"Core FTP LE 2.1" = Core FTP LE 2.1
"DVD Shrink_is1" = DVD Shrink 3.2
"eMule Plus_is1" = eMule Plus 1.2e
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"FileZilla Client" = FileZilla Client 3.3.3
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0
"HaaliMkx" = Haali Media Splitter
"IIS 15.1" = IIS 15.1
"ImgBurn" = ImgBurn
"jZip" = jZip
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"PremElem70" = Adobe Premiere Elements 7.0
"PUBLISHER" = Microsoft Office Publisher 2007
"seopowersuite" = Rank Tracker
"the InsMark Datafile Update" = the InsMark Datafile Update
"VLC media player" = VLC media player 1.1.0
"XHeader" = XHeader

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/23/2010 3:33:07 PM | Computer Name = Allen-laptop | Source = EventSystem | ID = 4621
Description =

Error - 12/23/2010 3:44:29 PM | Computer Name = Allen-laptop | Source = EventSystem | ID = 4621
Description =

Error - 12/23/2010 7:06:05 PM | Computer Name = Allen-laptop | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4cffee6d Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x6d6c7326 Faulting process id: 0x1370 Faulting application
start time: 0x01cba2e7633e5b53 Faulting application path: C:\Users\Allen\AppData\Local\Google\Chrome\Application\chrome.exe
Faulting
module path: unknown Report Id: 37b1a964-0ee9-11e0-9c16-887251c3b2a4

Error - 12/24/2010 12:34:17 AM | Computer Name = Allen-laptop | Source = EventSystem | ID = 4621
Description =

Error - 12/24/2010 2:34:42 AM | Computer Name = Allen-laptop | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search box extension\SrchBxEx.dll".Error in manifest or policy
file "c:\program files (x86)\microsoft\search enhancement pack\search box extension\SrchBxEx.dll"
on line 2. Invalid Xml syntax.

Error - 12/24/2010 2:34:42 AM | Computer Name = Allen-laptop | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\SearchHelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll"
on line 2. Invalid Xml syntax.

Error - 12/24/2010 2:34:47 AM | Computer Name = Allen-laptop | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 12/24/2010 10:38:22 AM | Computer Name = Allen-laptop | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: wwanapi.dll, version: 6.1.7600.16385,
time stamp: 0x4a5be0a8 Exception code: 0xc0000005 Fault offset: 0x00000000000333eb
Faulting
process id: 0xdd8 Faulting application start time: 0x01cba37804b9ca3a Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\wwanapi.dll
Report
Id: 7485b9e5-0f6b-11e0-8702-ac5c295c84a8

Error - 12/24/2010 12:36:08 PM | Computer Name = Allen-laptop | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4cffee6d Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x6d6c7326 Faulting process id: 0x510 Faulting application
start time: 0x01cba37c053abe72 Faulting application path: C:\Users\Allen\AppData\Local\Google\Chrome\Application\chrome.exe
Faulting
module path: unknown Report Id: e877bbe1-0f7b-11e0-8637-cd76d624f3ad

Error - 12/24/2010 12:47:14 PM | Computer Name = Allen-laptop | Source = EventSystem | ID = 4621
Description =

[ System Events ]
Error - 11/30/2010 12:54:08 PM | Computer Name = Allen-laptop | Source = DCOM | ID = 10016
Description =

Error - 11/30/2010 12:54:08 PM | Computer Name = Allen-laptop | Source = DCOM | ID = 10016
Description =

Error - 12/1/2010 10:16:12 AM | Computer Name = Allen-laptop | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 12/1/2010 10:27:54 AM | Computer Name = Allen-laptop | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 12/1/2010 12:38:45 PM | Computer Name = Allen-laptop | Source = DCOM | ID = 10016
Description =

Error - 12/1/2010 12:38:45 PM | Computer Name = Allen-laptop | Source = DCOM | ID = 10016
Description =

Error - 12/1/2010 12:38:47 PM | Computer Name = Allen-laptop | Source = DCOM | ID = 10016
Description =

Error - 12/1/2010 1:51:25 PM | Computer Name = Allen-laptop | Source = DCOM | ID = 10016
Description =

Error - 12/1/2010 1:51:26 PM | Computer Name = Allen-laptop | Source = DCOM | ID = 10016
Description =

Error - 12/1/2010 1:51:26 PM | Computer Name = Allen-laptop | Source = DCOM | ID = 10016
Description =


< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP