OTL logfile created on: 1/16/2012 11:33:17 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\user\Documents\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.75 Gb Total Physical Memory | 2.81 Gb Available Physical Memory | 75.06% Memory free
7.68 Gb Paging File | 6.94 Gb Available in Paging File | 90.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.61 Gb Total Space | 348.60 Gb Free Space | 77.02% Space Free | Partition Type: NTFS
Drive D: | 13.15 Gb Total Space | 1.80 Gb Free Space | 13.69% Space Free | Partition Type: NTFS
Computer Name: BC2 | User Name: user | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/01/16 11:32:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\user\Documents\Downloads\OTL.exe
PRC - [2012/01/16 11:18:48 | 000,787,456 | ---- | M] () -- C:\Users\user\Documents\Downloads\RogueKiller.exe
PRC - [2008/01/20 20:48:06 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
========== Modules (No Company Name) ========== MOD - [2012/01/05 03:48:44 | 000,411,120 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll
MOD - [2012/01/05 03:48:43 | 003,767,792 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
MOD - [2012/01/05 03:47:19 | 000,122,880 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\avutil-51.dll
MOD - [2012/01/05 03:47:18 | 000,222,208 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\avformat-53.dll
MOD - [2012/01/05 03:47:17 | 001,746,432 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\avcodec-53.dll
MOD - [2012/01/05 01:06:01 | 008,593,056 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
========== Win32 Services (SafeList) ========== SRV:
64bit: - [2008/08/26 09:02:20 | 000,016,896 | -H-- | M] (Agere Systems) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:
64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/11/29 22:17:07 | 000,034,320 | ---- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2011/10/28 08:12:42 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Stopped] -- C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebarsvc.exe -- (VideoScavenger_1eService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/08/05 07:46:02 | 000,583,640 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/08/19 08:35:28 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/19 08:35:24 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2010/07/14 12:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\ctxusbm.sys -- (ctxusbm)
DRV:
64bit: - [2009/08/19 08:35:41 | 000,033,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:
64bit: - [2009/08/19 08:35:39 | 000,427,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:
64bit: - [2009/07/16 23:30:01 | 000,133,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:
64bit: - [2008/11/11 12:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:
64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64gps.sys -- (UsbGps)
DRV:
64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
DRV:
64bit: - [2008/11/11 12:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
DRV:
64bit: - [2008/09/09 19:19:36 | 000,025,888 | -H-- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV:
64bit: - [2008/04/16 13:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:
64bit: - [2008/03/21 06:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:
64bit: - [2008/01/20 20:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:
64bit: - [2008/01/20 20:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:
64bit: - [2008/01/15 14:53:22 | 000,083,776 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:
64bit: - [2008/01/15 14:53:22 | 000,063,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2008/09/26 04:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...avilion&pf=cndtIE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.h...avilion&pf=cndtIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...avilion&pf=cndtIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.h...avilion&pf=cndtIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://toolbar.inbox...aspx?tbid=80103IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://toolbar.inbox...aspx?tbid=80103IE - HKLM\..\URLSearchHook: {d5f7c10d-2f86-4e99-90da-25f8b0400992} - C:\Program Files (x86)\Mapit_1\prxtbMapi.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-182613431-3493043901-942358964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:
IE - HKU\S-1-5-21-182613431-3493043901-942358964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...avilion&pf=cndtIE - HKU\S-1-5-21-182613431-3493043901-942358964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
http://toolbar.inbox...tb_id&%languageIE - HKU\S-1-5-21-182613431-3493043901-942358964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKU\S-1-5-21-182613431-3493043901-942358964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..\URLSearchHook: {57dc49cc-5a9f-446c-bcf8-65c52b7060a6} - No CLSID value found
IE - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..\URLSearchHook: {d5f7c10d-2f86-4e99-90da-25f8b0400992} - C:\Program Files (x86)\Mapit_1\prxtbMapi.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..\URLSearchHook: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-182613431-3493043901-942358964-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ei.MyScrapNook_12.com/Plugin: C:\Program Files (x86)\MyScrapNook_12EI\Installr\1.bin\NP12EISB.dll (My Scrap Nook)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Windows\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@VideoScavenger_1e.com/Plugin: C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\NP1eStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7971191D-184A-4DA2-9C65-AE9EE58F4846}: C:\Users\user\AppData\Local\{7971191D-184A-4DA2-9C65-AE9EE58F4846} [2010/12/02 10:09:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\1effxtbr@VideoScavenger_1e.com: C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin [2011/10/28 08:12:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files (x86)\MyWebSearch\bar\1.bin [2011/11/29 22:17:14 | 000,000,000 | ---D | M]
========== Chrome ========== CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url =
http://mystart.smile...s}&a=6PQgLYk7WlCHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Google Update (Enabled) = C:\Users\user\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Windows\Downloaded Program Files\npsoe.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Cork Board = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\omedpokkgakfifajbapagggilbcenaga\1.0_0\
CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (PCCBHO.CPCCBHO) - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files (x86)\Winferno\PC Confidential\PCCBHO.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro)
O2 - BHO: (Toolbar BHO) - {c6549209-1ff1-4a5c-a815-981f64f34b19} - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebar.dll (MindSpark)
O2 - BHO: (Search Assistant BHO) - {d047fe10-dfe2-45cf-9fbf-966b9e64920f} - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eSrcAs.dll (MindSpark)
O2 - BHO: (Mapit 1 Toolbar) - {d5f7c10d-2f86-4e99-90da-25f8b0400992} - C:\Program Files (x86)\Mapit_1\prxtbMapi.dll (Conduit Ltd.)
O2 - BHO: (SmileBox EN Toolbar) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll File not found
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\alothelper.dll (Vertro)
O3 - HKLM\..\Toolbar: (VideoScavenger) - {acf7da4c-eeb2-484a-a3a1-303d4054d50c} - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Mapit 1 Toolbar) - {d5f7c10d-2f86-4e99-90da-25f8b0400992} - C:\Program Files (x86)\Mapit_1\prxtbMapi.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SmileBox EN Toolbar) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..\Toolbar\WebBrowser: (Mapit 1 Toolbar) - {D5F7C10D-2F86-4E99-90DA-25F8B0400992} - C:\Program Files (x86)\Mapit_1\prxtbMapi.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..\Toolbar\WebBrowser: (SmileBox EN Toolbar) - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
O4:
64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:
64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:
64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:
64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VideoScavenger Search Scope Monitor] C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [VideoScavenger_1e Browser Plugin Loader] C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebrmon.exe (VER_COMPANY_NAME)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-182613431-3493043901-942358964-1000..\Run: [EPSON NX300 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJA.EXE /FU "C:\Users\user\AppData\Local\Temp\E_S1534.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-182613431-3493043901-942358964-1000..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKU\S-1-5-21-182613431-3493043901-942358964-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKU\S-1-5-21-182613431-3493043901-942358964-1000..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"
http://www.candystan...ay/dunk-a-thon" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files (x86)\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files (x86)\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O13
64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A}
http://launch.soe.co...ebInstaller.cab (SOE Web Installer)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258}
http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F}
https://my.ohiohealt...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 50.95.79.129 64.134.255.2 64.134.255.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A420C3F6-CB07-408C-9627-43C265900C61}: DhcpNameServer = 50.95.79.129 64.134.255.2 64.134.255.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A420C3F6-CB07-408C-9627-43C265900C61}: Domain = .
O18:
64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:
64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:
64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18:
64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:
64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:
64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Yosemite Valley.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Yosemite Valley.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1c8b3d26-44ae-11e0-968a-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{1c8b3d26-44ae-11e0-968a-00248c6d880b}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{2a7e5961-76bb-11e0-a9c7-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{2a7e5961-76bb-11e0-a9c7-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{31eb0f57-0bc7-11e0-9803-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{31eb0f57-0bc7-11e0-9803-00248c6d880b}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{332957c3-064d-11df-a993-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{332957c3-064d-11df-a993-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{47d9e1d8-c214-11df-bb72-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{47d9e1d8-c214-11df-bb72-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{47d9e1e0-c214-11df-bb72-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{47d9e1e0-c214-11df-bb72-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe
O33 - MountPoints2\{47e455bf-d511-11de-aebb-00248c6d880b}\Shell\AutoRun\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe
O33 - MountPoints2\{47e455bf-d511-11de-aebb-00248c6d880b}\Shell\open\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe
O33 - MountPoints2\{4d9d7da9-c4e0-11e0-b68f-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{4d9d7da9-c4e0-11e0-b68f-00248c6d880b}\Shell\AutoRun\command - "" = J:\IronKey.exe
O33 - MountPoints2\{5c190234-3718-11e0-8310-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{5c190234-3718-11e0-8310-00248c6d880b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{5c1903a4-3718-11e0-8310-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{5c1903a4-3718-11e0-8310-00248c6d880b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{6147d3b4-7371-11df-9a2e-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{6147d3b4-7371-11df-9a2e-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{91e263cb-016d-11df-95ff-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{91e263cb-016d-11df-95ff-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{91eb2b5e-5e10-11df-8be8-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{91eb2b5e-5e10-11df-8be8-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{97ecdc65-ad31-11e0-88c0-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{97ecdc65-ad31-11e0-88c0-00248c6d880b}\Shell\AutoRun\command - "" = J:\HWPcAssistant.exe
O33 - MountPoints2\{98cc6cb2-a0cc-11de-9e1b-00248c6d880b}\Shell\AutoRun\command - "" = J:\setupSNK.exe
O33 - MountPoints2\{9fef9329-cbc4-11de-b6d1-00248c6d880b}\Shell\AutoRun\command - "" = J:\setupSNK.exe
O33 - MountPoints2\{9fef932c-cbc4-11de-b6d1-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{9fef932c-cbc4-11de-b6d1-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{aa65b517-e84e-11e0-b18b-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{aa65b517-e84e-11e0-b18b-00248c6d880b}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{c5350318-a069-11df-8e8d-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{c5350318-a069-11df-8e8d-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{ce5bf588-4ba3-11e0-a30a-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{ce5bf588-4ba3-11e0-a30a-00248c6d880b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{ce5bf974-4ba3-11e0-a30a-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{ce5bf974-4ba3-11e0-a30a-00248c6d880b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{f097bb37-1f29-11df-b280-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{f097bb37-1f29-11df-b280-00248c6d880b}\Shell\AutoRun\command - "" = K:\DTSP_Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ========== [2012/01/16 11:19:00 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\RK_Quarantine
[2012/01/15 18:15:33 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/15 18:11:16 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Ticket
[2010/12/01 13:48:32 | 000,080,896 | ---- | C] (Progressive Networks) -- C:\Users\user\AppData\Local\-804613313.exe
========== Files - Modified Within 30 Days ========== [2012/01/16 11:20:00 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/16 11:20:00 | 000,594,698 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/16 11:20:00 | 000,100,766 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/16 11:15:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/16 11:10:50 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\PCConfidential.job
[2012/01/16 11:10:43 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 11:10:43 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 11:10:39 | 000,000,034 | -H-- | M] () -- C:\Windows\SysWow64\bd2170w.dat
[2012/01/16 10:33:01 | 000,000,904 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-182613431-3493043901-942358964-1000UA.job
[2012/01/16 10:10:04 | 000,454,912 | ---- | M] () -- C:\ProgramData\FbrOmxdiOSr.exe
[2012/01/16 09:59:53 | 000,000,631 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/15 18:15:42 | 000,000,280 | -H-- | M] () -- C:\ProgramData\~N3GoMk2QnPKFmL
[2012/01/15 18:15:42 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~N3GoMk2QnPKFmLr
[2012/01/15 18:15:33 | 000,000,607 | ---- | M] () -- C:\Users\user\Desktop\System Check.lnk
[2012/01/15 18:15:31 | 000,000,344 | ---- | M] () -- C:\ProgramData\N3GoMk2QnPKFmL
[2012/01/15 18:15:18 | 000,365,320 | ---- | M] () -- C:\ProgramData\N3GoMk2QnPKFmL.exe
[2012/01/15 18:11:56 | 000,451,336 | ---- | M] () -- C:\ProgramData\TxWbdDFHVk.exe
[2012/01/15 18:09:33 | 000,000,264 | -H-- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012/01/15 16:50:01 | 000,000,454 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for user.job
[2012/01/15 08:07:54 | 088,919,153 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2012/01/15 06:44:30 | 000,000,852 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-182613431-3493043901-942358964-1000Core.job
[2012/01/10 09:34:48 | 000,000,020 | ---- | M] () -- C:\Users\user\Documents\gpfax.adr
[2012/01/10 09:34:48 | 000,000,008 | ---- | M] () -- C:\Users\user\Documents\gpfax.idx
[2012/01/06 22:34:07 | 000,002,039 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2012/01/06 22:34:07 | 000,002,001 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/20 04:13:44 | 000,000,456 | -H-- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
========== Files Created - No Company Name ========== [2012/01/16 11:27:12 | 000,002,001 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/16 11:27:12 | 000,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk
[2012/01/16 11:27:12 | 000,001,938 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
[2012/01/16 11:27:12 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2012/01/16 11:27:12 | 000,001,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/01/16 11:27:12 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
[2012/01/16 11:27:12 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
[2012/01/16 11:27:12 | 000,001,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
[2012/01/16 11:27:12 | 000,001,749 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Smilebox.lnk
[2012/01/16 11:27:12 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/01/16 11:27:12 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk
[2012/01/16 11:27:12 | 000,000,970 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/16 11:27:12 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2012/01/16 11:27:12 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
[2012/01/16 11:27:12 | 000,000,258 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/01/16 11:27:12 | 000,000,240 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/01/16 11:27:12 | 000,000,104 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Default Programs - Shortcut.lnk
[2012/01/16 11:27:11 | 000,002,111 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken Financial Center.lnk
[2012/01/16 11:27:11 | 000,001,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PictureMover.lnk
[2012/01/16 11:27:11 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/01/16 11:27:11 | 000,000,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Internet Radio.url
[2012/01/16 11:27:10 | 000,002,533 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2012/01/16 11:27:10 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/01/16 11:27:09 | 000,002,475 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/16 11:27:09 | 000,002,113 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2012/01/16 10:09:42 | 000,454,912 | ---- | C] () -- C:\ProgramData\FbrOmxdiOSr.exe
[2012/01/16 09:59:53 | 000,000,631 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/15 18:15:42 | 000,000,280 | -H-- | C] () -- C:\ProgramData\~N3GoMk2QnPKFmL
[2012/01/15 18:15:42 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~N3GoMk2QnPKFmLr
[2012/01/15 18:15:33 | 000,000,607 | ---- | C] () -- C:\Users\user\Desktop\System Check.lnk
[2012/01/15 18:15:31 | 000,000,344 | ---- | C] () -- C:\ProgramData\N3GoMk2QnPKFmL
[2012/01/15 18:15:16 | 000,365,320 | ---- | C] () -- C:\ProgramData\N3GoMk2QnPKFmL.exe
[2012/01/15 18:12:02 | 000,451,336 | ---- | C] () -- C:\ProgramData\TxWbdDFHVk.exe
[2012/01/10 09:34:48 | 000,000,020 | ---- | C] () -- C:\Users\user\Documents\gpfax.adr
[2012/01/10 09:34:48 | 000,000,008 | ---- | C] () -- C:\Users\user\Documents\gpfax.idx
[2011/04/01 19:40:33 | 000,004,096 | -H-- | C] () -- C:\Windows\d3dx.dat
[2011/01/31 14:26:42 | 000,024,226 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2010/12/02 05:11:35 | 000,000,006 | ---- | C] () -- C:\Users\user\AppData\Roaming\start
[2010/12/01 14:33:58 | 000,000,006 | ---- | C] () -- C:\Users\user\AppData\Roaming\completescan
[2010/12/01 13:49:15 | 000,000,010 | ---- | C] () -- C:\Users\user\AppData\Roaming\install
[2010/12/01 13:48:35 | 000,000,177 | ---- | C] () -- C:\Users\user\AppData\Roaming\agtyjkj.bat
[2010/12/01 13:48:32 | 000,636,416 | ---- | C] () -- C:\Users\user\AppData\Local\-804613312.exe
[2010/09/17 21:25:34 | 000,000,016 | -H-- | C] () -- C:\Windows\popcinfo.dat
[2010/08/18 22:30:14 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/08/18 22:29:25 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/08/18 22:29:03 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/08/18 22:28:52 | 000,045,568 | --S- | C] () -- C:\Users\user\AppData\Roaming\4D2BC7.exe
[2010/07/21 20:07:41 | 000,003,584 | -H-- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/23 06:00:09 | 000,000,924 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat
[2009/07/21 15:31:52 | 000,000,426 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2009/07/21 15:31:52 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\bd2170w.dat
[2009/07/17 12:41:06 | 000,000,680 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2009/01/09 12:02:49 | 000,327,680 | -H-- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2009/01/09 12:02:49 | 000,102,400 | -H-- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2009/01/09 11:43:14 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | -H-- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
========== LOP Check ========== [2011/07/01 07:17:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.minecraft
[2011/09/30 08:25:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canon
[2011/02/26 11:16:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Catalina Marketing Corp
[2011/01/31 14:33:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EPSON
[2009/07/30 17:41:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Gamelab
[2011/02/14 06:15:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ICAClient
[2011/08/07 14:37:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\iWin
[2011/03/17 16:56:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Juniper Networks
[2011/04/02 16:10:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Speed Maximizer
[2011/01/31 14:26:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PeerNetworking
[2009/07/17 09:13:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PictureMover
[2009/07/30 13:20:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PlayFirst
[2011/06/02 20:04:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Registry Mechanic
[2011/04/02 16:10:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\RegistryKeys
[2012/01/11 06:12:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Smilebox
[2009/12/04 09:44:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template
[2009/07/30 08:46:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WildTangent
[2012/01/16 11:10:50 | 000,000,440 | -H-- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2011/12/20 04:13:44 | 000,000,456 | -H-- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/01/15 18:09:33 | 000,000,264 | -H-- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2012/01/16 11:14:18 | 000,032,620 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 00:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 01:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 01:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 20:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 00:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/29 23:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 20:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 20:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
< MD5 for: SVCHOST.EXE >[2008/01/20 20:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 20:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 20:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 20:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe
< MD5 for: USERINIT.EXE >[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 20:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 20:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
< MD5 for: WINLOGON.EXE >[2009/04/11 01:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 01:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 20:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 20:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 87
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{A420C3F6-CB07-408C-9627-43C265900C61}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
"DhcpNameServerList" = 50.95.79.129 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 06 01 02 01 00 01 01 01 07 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1
< hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 03:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 03:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 03:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/01/05 03:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/05/18 15:20:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/05/18 15:20:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/05/18 15:20:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/05/18 15:20:21 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/05/18 15:20:21 | 000,748,336 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/18 15:20:12 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/18 15:20:12 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/18 15:20:12 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/05/18 15:20:21 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/05/18 15:20:21 | 000,748,336 | ---- | M] (Microsoft Corporation)
< C:\Windows\assembly\tmp\U\*.* /s > < %Temp%\smtmp\1\*.* >[2006/11/02 09:36:07 | 000,001,677 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\1\Default Programs.lnk
[2009/10/02 20:56:48 | 000,000,442 | -HS- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\1\desktop.ini
[2009/01/09 12:59:58 | 000,001,880 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\1\Juno Offer!.lnk
[2009/01/09 12:58:25 | 000,001,886 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\1\NetZero Offer!.lnk
[2009/07/17 09:07:57 | 000,001,440 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\1\Snapfish Photos - FREE - 1st 25 Prints.lnk
[2009/10/02 20:56:48 | 000,001,661 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\1\Windows Update.lnk
< %Temp%\smtmp\2\*.* >[2011/07/07 23:09:22 | 000,000,104 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\2\Default Programs - Shortcut.lnk
[2011/05/18 15:26:00 | 000,000,286 | -HS- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\2\desktop.ini
[2012/01/06 22:34:07 | 000,002,001 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\2\Google Chrome.lnk
[2008/01/20 21:20:45 | 000,000,258 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\2\Shows Desktop.lnk
[2011/11/29 22:41:22 | 000,001,749 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\2\Smilebox.lnk
[2012/01/15 18:15:33 | 000,000,631 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\2\System Check.lnk
[2008/01/20 21:20:45 | 000,000,240 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\2\Window Switcher.lnk
[2009/10/25 14:41:33 | 000,000,970 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\2\Windows Media Player.lnk
< %Temp%\smtmp\3\*.* > < %Temp%\smtmp\4\*.* >[2009/01/09 13:02:49 | 000,000,508 | -HS- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\4\desktop.ini
[2011/05/30 00:04:47 | 000,000,904 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\4\Registry Mechanic.lnk
========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:D1B5B4F1
< End of report >