BLEKKO - How to Remove It? [Solved]

Welcome to your place for tech questions! ( Log In or Join today ) Get answers from experts today. (it's 100% free) Virus removal forum

What the Tech > Spyware / Malware / Virus Removal > Virus, Spyware & Malware Removal

2 Pages

1 2 >

BLEKKO - How to Remove It? [Solved]

Options

Rixtertrader View Member Profile	Jun 1 2012, 03:11 PM Post #1
New Member Group: Authentic Member Posts: 19 Joined: 1-June 12 Member No.: 100,456 Operating System: Windows 7 Ultimate	Every time I open Google Chrome, another tab opens up with a "Blekko - spam free search" search engine. I have already removed all search engines except Google from Chrome in Settings. I have already uninstalled it from Control Panel. I have gone through RegEdit and deleted anything with the Blekko name. It still pops up with Chrome! Here is my DDS listing: ======================== . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 Run by Rick at 16:02:15 on 2012-06-01 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3199.535 [GMT -5:00] . AV: avast! Antivirus Enabled/Updated {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus Enabled/Updated {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender Enabled/Outdated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe C:\Program Files (x86)\FingerPrint\FingerPrintService.exe C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Windows\splwow64.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\spool\drivers\x64\3\E_IATIAJA.EXE C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files (x86)\Cloudmark\Desktop\Service\cdswin.exe C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\SSC Service Utility\ssc_serv.exe C:\Program Files (x86)\FingerPrint\FingerPrint.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files (x86)\TechSmith\Snagit 11\TSCHelp.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\PROGRAM FILES (X86)\LOGITECH\VID HD\VID.EXE C:\Program Files (x86)\TechSmith\Snagit 11\snagiteditor.exe C:\Windows\splwow64.exe C:\PROGRAM FILES (X86)\ITUNES\ITUNESHELPER.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.google.com/ig?hl=en&source=mpes uSearch Bar = Preserve uInternet Settings,ProxyOverride = .local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll BHO: Wondershare YouTube Downloader: {133232d2-dae3-4b6f-aac2-17cd87495682} - C:\Program Files (x86)\Wondershare\AllMyTube\SVRIEPlugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [SSC Service Utility] C:\Program Files (x86)\SSC Service Utility\ssc_serv.exe /s StartupFolder: C:\Users\Rick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Rick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPROG~1.LNK - C:\Program Files (x86)\FingerPrint\FingerPrint.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CLOUDM~1.LNK - C:\Program Files (x86)\Cloudmark\Desktop\Service\cdswin.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1304800472071 DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 TCP: Interfaces\{EBC6F3D2-75C5-4943-AD76-8E42EEED8E2F} : DhcpNameServer = 208.67.222.222 208.67.220.220 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll BHO-X64: Wondershare YouTube Downloader: {133232D2-DAE3-4B6F-AAC2-17CD87495682} - C:\Program Files (x86)\Wondershare\AllMyTube\SVRIEPlugin.dll BHO-X64: WsSVRIEHelper - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO-X64: RoboForm BHO - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll BHO-X64: uTorrentBar - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [SSC Service Utility] C:\Program Files (x86)\SSC Service Utility\ssc_serv.exe /s Hosts: 69.174.255.126 hcurltest1 Hosts: 67.215.65.132 hcurltest2 . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\oojdjm1x.default\ FF - prefs.js: browser.search.selectedEngine - Blekko FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll FF - plugin: C:\Users\Rick\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Users\Rick\AppData\Local\Google\Update\1.3.21.67\npGoogleUpdate3.dll FF - plugin: C:\Users\Rick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Rick\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll . ============= SERVICES / DRIVERS =============== . R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys --> C:\Windows\system32\drivers\eubakup.sys [?] R0 EUBKMON;EUBKMON;C:\Windows\system32\drivers\EUBKMON.sys --> C:\Windows\system32\drivers\EUBKMON.sys [?] R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?] R1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?] R1 EUFDDISK;EUFDDISK;\??\C:\Windows\system32\drivers\EuFdDisk.sys --> C:\Windows\system32\drivers\EuFdDisk.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2012-3-19 43072] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-16 44768] R2 EaseUS Agent;EaseUS Agent;C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-10-9 60040] R2 FingerPrint;FingerPrint Service;C:\Program Files (x86)\FingerPrint\FingerPrintService.exe -start --> C:\Program Files (x86)\FingerPrint\FingerPrintService.exe -start [?] R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-12-6 1248256] R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] R3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 VUSB3HUB;VIA USB 3.0 Root Hub Service;C:\Windows\system32\DRIVERS\ViaHub3.sys --> C:\Windows\system32\DRIVERS\ViaHub3.sys [?] R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\Windows\system32\drivers\WsAudioDevice_383S(1).sys --> C:\Windows\system32\drivers\WsAudioDevice_383S(1).sys [?] R3 xhcdrv;VIA USB eXtensible Host Controller Service;C:\Windows\system32\DRIVERS\xhcdrv.sys --> C:\Windows\system32\DRIVERS\xhcdrv.sys [?] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] RUnknown szkg5;szkg5; [x] S1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-28 136176] S2 Secunia Update Agent;Secunia Update Agent;"C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service --> C:\Program Files (x86)\Secunia\PSI\sua.exe [?] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856] S2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe --> C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [?] S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?] S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-7-14 130976] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-28 136176] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?] S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?] S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\rtl8187.sys --> C:\Windows\system32\DRIVERS\rtl8187.sys [?] S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360] S3 STSService;STSService;C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe [2010-5-27 344064] S3 SWDUMon;SWDUMon;C:\Windows\system32\DRIVERS\SWDUMon.sys --> C:\Windows\system32\DRIVERS\SWDUMon.sys [?] S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?] S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976] S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464] SUnknown is3srv;is3srv; [x] . =============== Created Last 30 ================ . 2012-06-01 20:44:29 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DEBE683A-CEEB-429A-BBA3-271AB5D82EA2}\offreg.dll 2012-06-01 19:48:43 57976 ----a-r- C:\Windows\System32\drivers\SBREDrv.sys 2012-05-31 19:28:35 -------- d-----w- C:\ProgramData\MetaQuotes 2012-05-31 03:35:46 -------- d-----w- C:\ProgramData\blekko toolbars 2012-05-31 03:35:09 -------- d-----w- C:\Program Files (x86)\pazera-software 2012-05-31 03:34:38 -------- d-----w- C:\Users\Rick\AppData\Local\blekkotb_031 2012-05-25 21:55:45 -------- d-----w- C:\Users\Rick\AppData\Local\libimobiledevice 2012-05-19 17:06:09 -------- d-----w- C:\ProgramData\ArcSoft 2012-05-19 17:06:00 -------- d-----w- C:\Users\Rick\AppData\Local\ArcSoft 2012-05-11 01:23:05 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DEBE683A-CEEB-429A-BBA3-271AB5D82EA2}\mpengine.dll 2012-05-11 01:15:32 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-11 01:15:27 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-11 01:15:27 3146240 ----a-w- C:\Windows\System32\win32k.sys 2012-05-11 01:15:26 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-11 01:15:26 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-11 01:15:23 1544704 ----a-w- C:\Windows\System32\DWrite.dll 2012-05-11 01:15:23 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-05-11 01:14:19 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 01:14:19 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2012-05-11 01:14:19 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 01:14:18 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2012-05-11 01:14:18 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-05-11 01:14:10 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-05-11 01:11:41 8192 ----a-w- C:\Windows\SysWow64\TSSOFT32.ACM 2012-05-11 01:11:41 15360 ----a-w- C:\Windows\SysWow64\TSD32.DLL 2012-05-11 01:11:38 947472 ----a-w- C:\Windows\SysWow64\msjava.bak 2012-05-11 01:11:34 -------- d-----w- C:\ProgramData\1stWorks 2012-05-11 01:11:34 -------- d-----w- C:\Program Files (x86)\1stWORKS 2012-05-07 02:44:19 -------- d-----w- C:\Program Files (x86)\Pandora . ==================== Find3M ==================== . 2012-05-25 01:25:15 65536 ----a-w- C:\Windows\SysWow64\MSDATGRD.oca 2012-05-25 01:25:15 166400 ----a-w- C:\Windows\SysWow64\mschrt20.oca 2012-05-25 01:25:13 135168 ----a-w- C:\Windows\SysWow64\MSCOMCT2.oca 2012-05-24 22:01:00 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-24 22:01:00 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-04-19 01:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-04-19 01:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2012-04-18 18:28:50 266752 ----a-w- C:\Windows\SysWow64\MSCOMCTL.oca 2012-04-14 15:22:41 502272 --sha-w- C:\EUMONBMP.SYS 2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-24 01:18:21 240128 ----a-w- C:\Windows\SysWow64\comctl32.oca 2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr 2012-03-17 03:54:43 15672 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys 2012-03-07 15:08:29 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr 2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2012-03-06 23:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys . ============= FINISH: 16:05:45.79 =============== I have attached my "attach.txt" as a zip file. Please help. TIX Attached File(s)* Attach.zip ( 5.39K ) Number of downloads: 98

CatByte View Member Profile	Jun 1 2012, 03:24 PM Post #2
Classroom Administrator Group: Classroom Admin Posts: 19,743 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: XP, Vista, Win7	Hi, Please run the following: Download OTL to your Desktop Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. Select All Users Under the Custom Scan box paste this in netsvcs %SYSTEMDRIVE%\.exe /md5start explorer.exe winlogon.exe Userinit.exe svchost.exe /md5stop %systemroot%\. /rp /s DRIVES CREATERESTOREPOINT Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs NEXT Please download aswMBR to your desktop. Double click the aswMBR.exe icon to run it When asked if you want to download Avast's virus definitions please select Yes. Click the Scan button to start the scan On completion of the scan, click the save log button, save it to your desktop and post it in your next reply. You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Rixtertrader View Member Profile	Jun 1 2012, 05:53 PM Post #3
New Member Group: Authentic Member Posts: 19 Joined: 1-June 12 Member No.: 100,456 Operating System: Windows 7 Ultimate	Here are the two logs from the OTL Log Analysis. OTL.Txt ======= OTL logfile created on: 06/01/2012 6:33:42 PM - Run 1 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\Rick\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: MM/dd/yyyy 3.12 Gb Total Physical Memory \| 0.99 Gb Available Physical Memory \| 31.71% Memory free 6.25 Gb Paging File \| 3.35 Gb Available in Paging File \| 53.63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 244.83 Gb Total Space \| 144.02 Gb Free Space \| 58.83% Space Free \| Partition Type: NTFS Drive D: \| 220.93 Gb Total Space \| 152.12 Gb Free Space \| 68.85% Space Free \| Partition Type: NTFS Drive E: \| 698.63 Gb Total Space \| 624.91 Gb Free Space \| 89.45% Space Free \| Partition Type: NTFS Drive G: \| 85.77 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: CDFS Computer Name: DOLPHIN \| User Name: Rick \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: All users \| Quick Scan \| Include 64bit Scans Company Name Whitelist: On \| Skip Microsoft Files: On \| No Company Name Whitelist: On \| File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/01 18:32:24 \| 000,595,968 \| ---- \| M] (OldTimer Tools) -- C:\Users\Rick\Downloads\OTL.exe PRC - [2012/05/24 09:40:36 \| 000,109,336 \| ---- \| M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe PRC - [2012/03/14 10:19:46 \| 000,045,056 \| ---- \| M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe PRC - [2012/03/06 18:15:17 \| 004,241,512 \| ---- \| M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/03/06 18:15:14 \| 000,044,768 \| ---- \| M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012/02/14 18:03:14 \| 024,246,216 \| ---- \| M] (Dropbox, Inc.) -- C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012/02/05 12:07:58 \| 000,924,728 \| ---- \| M] (Collobos Software) -- C:\Program Files (x86)\FingerPrint\FingerPrint.exe PRC - [2012/02/05 12:07:10 \| 001,299,968 \| ---- \| M] (Collobos Software) -- C:\Program Files (x86)\FingerPrint\FingerPrintService.exe PRC - [2012/01/23 15:25:14 \| 000,097,696 \| ---- \| M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe PRC - [2012/01/23 15:24:56 \| 008,119,200 \| ---- \| M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\SnagitEditor.exe PRC - [2012/01/23 15:24:48 \| 008,873,376 \| ---- \| M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe PRC - [2012/01/23 14:59:04 \| 000,046,080 \| ---- \| M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe PRC - [2012/01/18 07:44:52 \| 000,450,848 \| ---- \| M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2012/01/03 08:10:42 \| 000,063,928 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/12/06 06:40:30 \| 001,248,256 \| ---- \| M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe PRC - [2011/08/30 14:24:59 \| 000,624,056 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe PRC - [2011/08/12 12:19:40 \| 000,680,984 \| ---- \| M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe PRC - [2011/08/12 12:18:42 \| 000,205,336 \| ---- \| M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011/08/12 12:18:30 \| 000,265,240 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe PRC - [2011/05/05 19:40:02 \| 000,654,848 \| ---- \| M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2011/05/04 09:15:16 \| 001,167,096 \| ---- \| M] (Cloudmark, Inc.) -- C:\Program Files (x86)\Cloudmark\Desktop\Service\cdswin.exe PRC - [2011/01/12 21:01:28 \| 006,129,496 \| ---- \| M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe PRC - [2007/10/09 13:55:58 \| 000,665,600 \| ---- \| M] (SSC Localization Group) -- C:\Program Files (x86)\SSC Service Utility\ssc_serv.exe ========== Modules (No Company Name) ========== MOD - [2012/06/01 16:41:52 \| 000,095,232 \| ---- \| M] () -- C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\odoegbfnimkkocjoeoelkonmlfpbhlnc\2.2.0_0\FlashHook.dll MOD - [2012/05/22 20:56:50 \| 000,441,880 \| ---- \| M] () -- C:\Users\Rick\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dll MOD - [2012/05/22 20:56:49 \| 003,922,456 \| ---- \| M] () -- C:\Users\Rick\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll MOD - [2012/05/22 20:55:35 \| 000,553,496 \| ---- \| M] () -- C:\Users\Rick\AppData\Local\Google\Chrome\Application\19.0.1084.52\libglesv2.dll MOD - [2012/05/22 20:55:33 \| 000,117,784 \| ---- \| M] () -- C:\Users\Rick\AppData\Local\Google\Chrome\Application\19.0.1084.52\libegl.dll MOD - [2012/05/22 20:55:24 \| 000,134,696 \| ---- \| M] () -- C:\Users\Rick\AppData\Local\Google\Chrome\Application\19.0.1084.52\avutil-51.dll MOD - [2012/05/22 20:55:23 \| 000,250,408 \| ---- \| M] () -- C:\Users\Rick\AppData\Local\Google\Chrome\Application\19.0.1084.52\avformat-54.dll MOD - [2012/05/22 20:55:21 \| 002,375,720 \| ---- \| M] () -- C:\Users\Rick\AppData\Local\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll MOD - [2012/05/22 20:06:23 \| 008,743,584 \| ---- \| M] () -- C:\Users\Rick\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll MOD - [2012/05/11 15:41:32 \| 001,782,272 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll MOD - [2012/05/11 09:03:43 \| 000,628,224 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll MOD - [2012/05/11 09:03:42 \| 000,627,200 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll MOD - [2012/05/11 09:03:41 \| 006,611,456 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll MOD - [2012/05/11 09:03:07 \| 012,433,408 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll MOD - [2012/05/11 09:02:59 \| 001,590,784 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll MOD - [2012/05/11 09:02:33 \| 000,680,448 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll MOD - [2012/05/11 09:02:26 \| 005,452,800 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/11 09:02:20 \| 000,971,264 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/11 09:02:18 \| 007,967,232 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/11 09:01:51 \| 011,492,864 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/05/10 20:32:15 \| 018,000,896 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\041b1bcf6ae9ab58925791d8198c37e2\PresentationFramework.ni.dll MOD - [2012/05/10 20:32:03 \| 011,451,904 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a1de74c8d0dfd15e3246e5dd394013bf\PresentationCore.ni.dll MOD - [2012/05/10 20:31:54 \| 003,858,432 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\4b7adff986a085bb562222d0c5fdf5aa\WindowsBase.ni.dll MOD - [2012/05/10 20:31:52 \| 000,595,968 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll MOD - [2012/05/10 20:29:12 \| 013,197,312 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll MOD - [2012/05/10 20:29:02 \| 001,665,536 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll MOD - [2012/05/10 20:28:52 \| 007,069,184 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll MOD - [2012/05/10 20:28:44 \| 009,091,584 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll MOD - [2012/05/10 20:28:39 \| 014,412,800 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll MOD - [2012/01/08 08:41:12 \| 000,093,696 \| ---- \| M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll MOD - [2011/08/22 15:47:44 \| 000,336,408 \| ---- \| M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll MOD - [2011/08/19 04:26:16 \| 000,183,320 \| ---- \| M] () -- C:\Program Files (x86)\Common Files\logishrd\SharedBin\LvApi11.dll MOD - [2011/08/12 12:19:40 \| 000,680,984 \| ---- \| M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe MOD - [2011/08/12 12:18:30 \| 000,265,240 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe MOD - [2011/06/24 22:56:36 \| 000,087,328 \| ---- \| M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 22:56:14 \| 001,241,888 \| ---- \| M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/05/04 09:15:10 \| 000,910,072 \| ---- \| M] () -- C:\Program Files (x86)\Cloudmark\Desktop\Service\System.Data.SQLite.DLL MOD - [2011/05/04 09:15:00 \| 000,058,616 \| ---- \| M] () -- C:\Program Files (x86)\Cloudmark\Desktop\Service\cdswin.XmlSerializers.dll MOD - [2011/05/04 09:14:56 \| 000,050,424 \| ---- \| M] () -- C:\Program Files (x86)\Cloudmark\Desktop\Service\cdspop.XmlSerializers.dll MOD - [2011/05/04 09:14:52 \| 000,054,520 \| ---- \| M] () -- C:\Program Files (x86)\Cloudmark\Desktop\Service\cdsimap.XmlSerializers.dll MOD - [2011/03/17 00:11:16 \| 004,297,568 \| ---- \| M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2011/03/01 23:15:28 \| 000,126,808 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll MOD - [2011/03/01 23:15:28 \| 000,027,480 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll MOD - [2011/03/01 23:15:04 \| 000,340,824 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll MOD - [2011/03/01 23:14:42 \| 007,954,776 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll MOD - [2011/03/01 23:14:30 \| 002,143,576 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll MOD - [2011/01/12 20:57:34 \| 000,751,616 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll MOD - [2011/01/12 20:55:28 \| 000,027,472 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\Vid HD\SDL.dll MOD - [2010/11/20 22:24:08 \| 002,927,616 \| ---- \| M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/10/20 15:45:26 \| 008,801,120 \| ---- \| M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2009/06/10 16:23:19 \| 000,261,632 \| ---- \| M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009/04/22 16:53:56 \| 000,969,040 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll MOD - [2009/04/09 18:04:56 \| 002,141,008 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll MOD - [2009/03/03 17:18:08 \| 000,138,064 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll MOD - [2009/03/03 17:18:06 \| 000,035,152 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll MOD - [2009/03/03 17:18:06 \| 000,029,008 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll MOD - [2009/03/03 17:17:46 \| 011,311,952 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll MOD - [2009/03/03 17:17:46 \| 000,363,856 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll MOD - [2009/03/03 17:17:44 \| 000,200,016 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll MOD - [2009/03/03 17:17:40 \| 000,475,472 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll MOD - [2009/03/03 17:17:38 \| 007,704,400 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll MOD - [2009/03/03 17:17:32 \| 000,291,664 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/03/06 18:15:14 \| 000,044,768 \| ---- \| M] (AVAST Software) [Auto \| Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2011/09/22 22:06:04 \| 000,431,464 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) SRV:64bit: - [2010/11/20 22:24:42 \| 000,084,992 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc) SRV:64bit: - [2009/07/22 03:17:44 \| 000,061,976 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV:64bit: - [2009/07/13 20:41:55 \| 000,119,808 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\SysNative\trkwks.dll -- (TrkWks) SRV:64bit: - [2009/07/13 20:41:27 \| 001,011,712 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 20:41:27 \| 000,097,792 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV:64bit: - [2009/07/13 20:41:10 \| 000,359,424 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess) SRV:64bit: - [2009/07/13 20:40:01 \| 000,193,536 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/05/03 08:31:10 \| 000,158,856 \| R--- \| M] (Skype Technologies) [Auto \| Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/03/14 10:19:46 \| 000,045,056 \| ---- \| M] (Intuit) [Auto \| Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService) SRV - [2012/02/05 12:07:10 \| 001,299,968 \| ---- \| M] (Collobos Software) [Auto \| Running] -- C:\Program Files (x86)\FingerPrint\FingerPrintService.exe -- (FingerPrint) SRV - [2012/01/18 07:44:52 \| 000,450,848 \| ---- \| M] (Logitech Inc.) [Auto \| Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2012/01/03 08:10:42 \| 000,063,928 \| ---- \| M] (Adobe Systems Incorporated) [Auto \| Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/12/06 06:40:30 \| 001,248,256 \| ---- \| M] (Intuit Inc.) [Auto \| Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS) SRV - [2011/12/06 06:40:08 \| 000,061,440 \| ---- \| M] (Intuit Inc.) [On_Demand \| Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService) SRV - [2011/10/14 01:01:50 \| 000,994,360 \| ---- \| M] (Secunia) [On_Demand \| Stopped] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2011/09/22 17:17:26 \| 000,255,336 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2011/08/06 00:52:46 \| 000,060,040 \| ---- \| M] (CHENGDU YIWO Tech Development Co., Ltd) [On_Demand \| Stopped] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent) SRV - [2011/05/05 19:40:02 \| 000,654,848 \| ---- \| M] (Macrovision Europe Ltd.) [On_Demand \| Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011/03/01 18:29:58 \| 000,130,976 \| ---- \| M] (Futuremark Corporation) [On_Demand \| Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2010/05/27 03:36:48 \| 000,344,064 \| ---- \| M] () [On_Demand \| Stopped] -- C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe -- (STSService) SRV - [2010/03/18 13:16:28 \| 000,130,384 \| ---- \| M] (Microsoft Corporation) [Auto \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/07/13 20:15:41 \| 000,075,264 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2009/06/10 16:23:09 \| 000,066,384 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/10 15:39:58 \| 000,089,920 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2007/03/20 16:41:24 \| 000,153,792 \| ---- \| M] (Adobe Systems Incorporated) [On_Demand \| Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/16 22:54:43 \| 000,015,672 \| ---- \| M] () [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon) DRV:64bit: - [2012/03/06 18:04:06 \| 000,819,032 \| ---- \| M] (AVAST Software) [File_System \| System \| Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012/03/06 18:04:04 \| 000,337,240 \| ---- \| M] (AVAST Software) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012/03/06 18:02:20 \| 000,053,080 \| ---- \| M] (AVAST Software) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012/03/06 18:01:57 \| 000,059,224 \| ---- \| M] (AVAST Software) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012/03/06 18:01:52 \| 000,069,976 \| ---- \| M] (AVAST Software) [File_System \| Auto \| Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012/03/06 18:01:32 \| 000,024,408 \| ---- \| M] (AVAST Software) [File_System \| Auto \| Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012/03/01 01:46:16 \| 000,023,408 \| ---- \| M] (Microsoft Corporation) [Recognizer \| Boot \| Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 11:01:50 \| 000,052,736 \| ---- \| M] (Apple, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/01/18 16:56:08 \| 000,019,936 \| ---- \| M] () [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio) DRV:64bit: - [2012/01/18 16:56:06 \| 000,013,280 \| ---- \| M] () [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio) DRV:64bit: - [2012/01/18 07:44:36 \| 004,865,568 \| ---- \| M] (Logitech Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam Pro 9000(UVC) DRV:64bit: - [2012/01/18 07:44:28 \| 000,351,136 \| ---- \| M] (Logitech Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2012/01/12 09:28:48 \| 000,057,976 \| R--- \| M] (GFI Software) [Kernel \| System \| Stopped] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE) DRV:64bit: - [2011/09/22 21:01:54 \| 000,311,144 \| ---- \| M] (Microsoft Corporation) [File_System \| Disabled \| Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105) DRV:64bit: - [2011/08/06 00:52:40 \| 000,189,576 \| ---- \| M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\EuFdDisk.sys -- (EUFDDISK) DRV:64bit: - [2011/08/06 00:52:38 \| 000,050,312 \| ---- \| M] () [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\EUBKMON.sys -- (EUBKMON) DRV:64bit: - [2011/08/06 00:52:32 \| 000,019,592 \| ---- \| M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\eudskacs.sys -- (EUDSKACS) DRV:64bit: - [2011/08/06 00:52:30 \| 000,044,680 \| ---- \| M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\eubakup.sys -- (EUBAKUP) DRV:64bit: - [2011/03/11 01:41:12 \| 000,107,904 \| ---- \| M] (Advanced Micro Devices) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 01:41:12 \| 000,027,008 \| ---- \| M] (Advanced Micro Devices) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/04 10:53:52 \| 000,075,776 \| R--- \| M] (VIA Technologies, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB) DRV:64bit: - [2011/01/04 10:53:46 \| 000,167,936 \| R--- \| M] (VIA Technologies, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\xhcdrv.sys -- (xhcdrv) DRV:64bit: - [2010/12/24 11:43:40 \| 000,029,288 \| ---- \| M] (Wondershare) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys -- (WsAudioDevice_383S(1)) WsAudioDevice_383S(1) DRV:64bit: - [2010/12/10 13:50:36 \| 000,181,248 \| ---- \| M] (Renesas Electronics Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/12/10 13:50:36 \| 000,080,384 \| ---- \| M] (Renesas Electronics Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010/11/20 22:24:43 \| 000,020,992 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/11/20 22:24:33 \| 000,059,392 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 22:23:55 \| 000,328,192 \| ---- \| M] (Microsoft Corporation) [File_System \| Disabled \| Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs) DRV:64bit: - [2010/11/20 22:23:48 \| 000,117,248 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010/11/20 22:23:48 \| 000,088,960 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010/11/20 22:23:48 \| 000,071,168 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/20 22:23:48 \| 000,034,816 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010/11/20 22:23:47 \| 000,078,720 \| ---- \| M] (Hewlett-Packard Company) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 22:23:47 \| 000,031,232 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/09/01 03:30:58 \| 000,017,976 \| ---- \| M] (Secunia) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2010/06/23 10:47:26 \| 000,402,720 \| ---- \| M] (Marvell) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2010/05/31 13:44:50 \| 000,116,848 \| ---- \| M] (JMicron Technology Corp.) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010/01/07 03:20:22 \| 000,448,512 \| ---- \| M] (Realtek Semiconductor Corporation ) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\RTL8187.sys -- (RTL8187) DRV:64bit: - [2009/07/16 11:38:40 \| 000,015,416 \| ---- \| M] () [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009/07/13 20:52:20 \| 000,194,128 \| ---- \| M] (AMD Technologies Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 \| 000,065,600 \| ---- \| M] (LSI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:47:48 \| 000,024,144 \| ---- \| M] (Microsoft Corporation) [Kernel \| Disabled \| Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk) DRV:64bit: - [2009/07/13 20:45:55 \| 000,024,656 \| ---- \| M] (Promise Technology) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 19:10:33 \| 000,021,504 \| ---- \| M] (Microsoft Corporation) [Kernel \| Disabled \| Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl) DRV:64bit: - [2009/07/13 16:59:33 \| 005,020,672 \| ---- \| M] (ATI Technologies Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/06/10 15:34:33 \| 003,286,016 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 \| 000,468,480 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 \| 000,270,848 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 \| 000,031,232 \| ---- \| M] (Hauppauge Computer Works, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 \| 000,034,152 \| ---- \| M] (GEAR Software Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/05/08 16:08:00 \| 000,020,520 \| ---- \| M] (GARMIN Corp.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb) DRV:64bit: - [2007/11/06 15:23:14 \| 000,040,464 \| ---- \| M] (CACE Technologies) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2005/09/23 23:18:34 \| 000,261,120 \| ---- \| M] (Pinnacle Systems GmbH) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus) DRV - [2009/07/13 20:19:10 \| 000,019,008 \| ---- \| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [1998/05/07 00:00:00 \| 000,000,111 \| ---- \| M] () [Adapter \| On_Demand \| Unknown] -- C:\Windows\SysWow64\WINSOCK.SRG -- (Winsock) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerm...mp;sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerm...mp;sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?...;ctid=CT2786678 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1380197145-2163725741-2770577485-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-1380197145-2163725741-2770577485-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1380197145-2163725741-2770577485-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en&source=mpes IE - HKU\S-1-5-21-1380197145-2163725741-2770577485-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\S-1-5-21-1380197145-2163725741-2770577485-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-1380197145-2163725741-2770577485-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1380197145-2163725741-2770577485-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-1380197145-2163725741-2770577485-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1380197145-2163725741-2770577485-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1380197145-2163725741-2770577485-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}...amp;FORM=IE8SRC IE - HKU\S-1-5-21-1380197145-2163725741-2770577485-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerm...;rlz=1I7ADRA_en IE - HKU\S-1-5-21-1380197145-2163725741-2770577485-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?...;ctid=CT2786678 IE - HKU\S-1-5-21-1380197145-2163725741-2770577485-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1380197145-2163725741-2770577485-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Blekko" FF - prefs.js..browser.search.order.1: "Blekko" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig" FF - prefs.js..keyword.URL: "http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..network.proxy.no_proxies_on: ".local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Rick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Rick\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rick\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rick\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/16 21:40:22 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9193F654-D886-4fef-8894-A97EF6623104}: C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt\ [2012/04/09 10:37:05 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/05/24 09:44:15 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/01 13:17:13 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/21 17:56:56 \| 000,000,000 \| ---D \| M] [2012/01/26 01:28:51 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\Rick\AppData\Roaming\Mozilla\Extensions [2012/01/26 01:28:51 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\Rick\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com [2012/06/01 15:23:26 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\oojdjm1x.default\extensions [2012/05/30 13:17:21 \| 000,000,000 \| ---D \| M] (uTorrentBar Community Toolbar) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\oojdjm1x.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2012/05/16 20:33:53 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/05/16 20:33:53 \| 000,000,000 \| ---D \| M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/04/09 10:37:05 \| 000,000,000 \| ---D \| M] (Wondershare YouTube Downloader) -- C:\PROGRAM FILES (X86)\WONDERSHARE\ALLMYTUBE\SVRFIREFOXEXT [2012/03/12 23:39:39 \| 000,097,208 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/03/18 14:32:12 \| 000,091,552 \| ---- \| M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2011/03/18 14:32:14 \| 000,091,552 \| ---- \| M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2012/03/12 23:38:32 \| 000,002,252 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/05/30 22:35:45 \| 000,002,134 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml [2012/03/12 23:38:32 \| 000,002,040 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{googl e:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chro me&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client =chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Rick\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rick\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rick\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Wondershare Chrome Plugin (Enabled) = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\odoegbfnimkkocjoeoelkonmlfpbhlnc\2.2.0_0\npSVRChromePlugin.dll CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Rick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Rick\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - Extension: YouTube = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google Search = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: avast! WebRep = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\ CHR - Extension: Skype Click to Call = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\ CHR - Extension: Wondershare YouTube Downloader = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\odoegbfnimkkocjoeoelkonmlfpbhlnc\2.2.0_0\ CHR - Extension: Wondershare YouTube Downloader = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\odoegbfnimkkocjoeoelkonmlfpbhlnc\2.2.0_0\.svn\text-base\.svn-base CHR - Extension: Gmail = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2012/06/01 14:56:14 \| 000,000,913 \| ---- \| M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 69.174.255.126 hcurltest1 O1 - Hosts: 67.215.65.132 hcurltest2 O2:64bit: - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - No CLSID value found. O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Wondershare YouTube Downloader) - {133232D2-DAE3-4B6F-AAC2-17CD87495682} - C:\Program Files (x86)\Wondershare\AllMyTube\SVRIEPlugin.dll (Wondershare Software Co., Ltd.) O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.) O3:64bit: - HKU\S-1-5-21-1380197145-2163725741-2770577485-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-1380197145-2163725741-2770577485-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKU\S-1-5-21-1380197145-2163725741-2770577485-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.) O3 - HKU\S-1-5-21-1380197145-2163725741-2770577485-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKU\S-1-5-21-1380197145-2163725741-2770577485-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [SSC Service Utility] C:\Program Files (x86)\SSC Service Utility\ssc_serv.exe (SSC Localization Group) O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1380197145-2163725741-2770577485-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\My Program.lnk = C:\Program Files (x86)\FingerPrint\FingerPrint.exe (Collobos Software) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-21-1380197145-2163725741-2770577485-1000\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-21-1380197145-2163725741-2770577485-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html () O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html () O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.) O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.) O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.) O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.) O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.) O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.) O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1304800472071 (MUCatalogWebControl Class) O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab (DLC Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBC6F3D2-75C5-4943-AD76-8E42EEED8E2F}: DhcpNameServer = 208.67.222.222 208.67.220.220 O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\qbwc - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/11/27 23:14:58 \| 000,002,132 \| R--- \| M] () - G:\autorun.dat -- [ CDFS ] O32 - AutoRun File - [2004/02/29 11:08:54 \| 000,262,656 \| R--- \| M] (RJL Software, Inc.) - G:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2006/11/27 23:14:59 \| 000,000,082 \| R--- \| M] () - G:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{099a18aa-76c4-11e0-9af2-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{099a18aa-76c4-11e0-9af2-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe -- [2004/02/29 11:08:54 \| 000,262,656 \| R--- \| M] (RJL Software, Inc.) O34 - HKLM BootExecute: (autocheck autochk ) O35:64bit:* - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-1380197145-2163725741-2770577485-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/06/01 16:41:38 \| 000,000,000 \| ---D \| C] -- C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012/06/01 14:48:43 \| 000,057,976 \| R--- \| C] (GFI Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2012/05/31 14:28:35 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\MetaQuotes [2012/05/30 22:35:46 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\blekko toolbars [2012/05/30 22:35:09 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\pazera-software [2012/05/30 22:34:38 \| 000,000,000 \| ---D \| C] -- C:\Users\Rick\AppData\Local\blekkotb_031 [2012/05/25 16:55:45 \| 000,000,000 \| ---D \| C] -- C:\Users\Rick\AppData\Local\libimobiledevice [2012/05/19 12:06:09 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\ArcSoft [2012/05/19 12:06:00 \| 000,000,000 \| ---D \| C] -- C:\Users\Rick\AppData\Local\ArcSoft [2012/05/19 12:05:59 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\ArcSoft [2012/05/15 16:32:04 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/05/10 20:11:38 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1stWORKS Corporation [2012/05/10 20:11:34 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\1stWorks [2012/05/10 20:11:34 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\1stWORKS [2012/05/06 21:44:19 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Pandora [1 C:\Windows\.tmp files -> C:\Windows\.tmp -> ] [1 C:\Users\Rick\.tmp files -> C:\Users\Rick\.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/01 18:31:00 \| 000,000,904 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1380197145-2163725741-2770577485-1000UA.job [2012/06/01 18:01:00 \| 000,000,898 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/01 16:46:44 \| 000,000,043 \| ---- \| M] () -- C:\Windows\WALLSTRT.INI [2012/06/01 16:34:04 \| 000,001,445 \| ---- \| M] () -- C:\Users\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/06/01 16:24:48 \| 000,000,082 \| ---- \| M] () -- C:\Users\Rick\Desktop\BLEKKO - How to Remove It-.url [2012/06/01 15:21:34 \| 000,021,872 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/01 15:21:34 \| 000,021,872 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/01 15:20:34 \| 000,001,196 \| ---- \| M] () -- C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/06/01 15:17:35 \| 000,001,072 \| ---- \| M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg [2012/06/01 15:17:22 \| 000,000,894 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/01 15:13:07 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2012/06/01 15:13:01 \| 000,000,000 \| ---- \| M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2012/06/01 15:12:53 \| 2515,886,080 \| -HS- \| M] () -- C:\hiberfil.sys [2012/06/01 14:31:00 \| 000,000,852 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1380197145-2163725741-2770577485-1000Core.job [2012/06/01 14:30:55 \| 000,009,216 \| ---- \| M] () -- C:\Users\Rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/05/31 14:28:42 \| 000,001,983 \| ---- \| M] () -- C:\Users\Public\Desktop\OANDA - MetaTrader.lnk [2012/05/25 21:08:12 \| 000,000,975 \| ---- \| M] () -- C:\Users\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2012/05/25 21:08:12 \| 000,000,951 \| ---- \| M] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012/05/24 20:25:15 \| 000,166,400 \| ---- \| M] () -- C:\Windows\SysWow64\mschrt20.oca [2012/05/24 20:25:15 \| 000,065,536 \| ---- \| M] () -- C:\Windows\SysWow64\MSDATGRD.oca [2012/05/24 20:25:13 \| 000,135,168 \| ---- \| M] () -- C:\Windows\SysWow64\MSCOMCT2.oca [2012/05/21 16:38:36 \| 000,000,077 \| ---- \| M] () -- C:\Users\Rick\Desktop\craigslist - manage posting.url [2012/05/18 22:57:48 \| 000,000,048 \| ---- \| M] () -- C:\Users\Rick\Desktop\MyP2P - Free Live Sports on your PC..url [2012/05/11 08:55:03 \| 002,424,320 \| ---- \| M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/05/10 20:30:43 \| 000,890,708 \| ---- \| M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/05/10 20:30:43 \| 000,729,322 \| ---- \| M] () -- C:\Windows\SysNative\perfh009.dat [2012/05/10 20:30:43 \| 000,147,280 \| ---- \| M] () -- C:\Windows\SysNative\perfc009.dat [2012/05/10 20:11:42 \| 000,002,167 \| ---- \| M] () -- C:\Users\Public\Desktop\hotCommCL.lnk [2012/05/06 21:44:19 \| 000,000,861 \| ---- \| M] () -- C:\Users\Public\Desktop\Pandora.lnk [2012/05/06 15:39:30 \| 000,000,079 \| ---- \| M] () -- C:\Users\Rick\Desktop\Top 148 Free iPhone Apps » 148Apps » iPhone and iPod Touch Application Reviews and News.url [1 C:\Windows\.tmp files -> C:\Windows\.tmp -> ] [1 C:\Users\Rick\.tmp files -> C:\Users\Rick\.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/01 16:34:04 \| 000,001,451 \| ---- \| C] () -- C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012/06/01 16:24:48 \| 000,000,082 \| ---- \| C] () -- C:\Users\Rick\Desktop\BLEKKO - How to Remove It-.url [2012/06/01 15:15:18 \| 000,001,072 \| ---- \| C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg [2012/05/25 21:08:12 \| 000,000,975 \| ---- \| C] () -- C:\Users\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2012/05/25 21:08:12 \| 000,000,951 \| ---- \| C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012/05/21 16:38:36 \| 000,000,077 \| ---- \| C] () -- C:\Users\Rick\Desktop\craigslist - manage posting.url [2012/05/18 22:57:48 \| 000,000,048 \| ---- \| C] () -- C:\Users\Rick\Desktop\MyP2P - Free Live Sports on your PC..url [2012/05/10 20:11:41 \| 000,015,360 \| ---- \| C] () -- C:\Windows\SysWow64\TSD32.DLL [2012/05/10 20:11:38 \| 000,002,167 \| ---- \| C] () -- C:\Users\Public\Desktop\hotCommCL.lnk [2012/05/06 15:39:30 \| 000,000,079 \| ---- \| C] () -- C:\Users\Rick\Desktop\Top 148 Free iPhone Apps » 148Apps » iPhone and iPod Touch Application Reviews and News.url [2012/03/10 02:20:53 \| 000,000,320 \| ---- \| C] () -- C:\Users\Rick\AppData\Roaming\SEC563431.trad [2012/03/10 02:20:39 \| 000,000,043 \| ---- \| C] () -- C:\Windows\WALLSTRT.INI [2012/03/02 22:09:52 \| 000,000,070 \| ---- \| C] () -- C:\Windows\ArticleAnnouncer.ini [2012/03/02 22:09:01 \| 000,000,754 \| ---- \| C] () -- C:\Windows\aainst.ini [2012/01/30 01:10:13 \| 000,000,600 \| ---- \| C] () -- C:\Users\Rick\AppData\Roaming\winscp.rnd [2012/01/28 16:41:47 \| 000,238,944 \| -H-- \| C] () -- C:\Windows\SysWow64\mlfcache.dat [2012/01/18 07:44:00 \| 010,920,984 \| ---- \| C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012/01/18 07:44:00 \| 000,336,408 \| ---- \| C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012/01/18 07:44:00 \| 000,104,472 \| ---- \| C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011/12/22 17:13:59 \| 000,000,384 \| ---- \| C] () -- C:\Users\Rick\AppData\Roaming\Xtend2_state.xml [2011/11/02 12:36:36 \| 000,175,616 \| ---- \| C] () -- C:\Windows\SysWow64\unrar.dll [2011/11/02 12:36:35 \| 000,000,038 \| ---- \| C] () -- C:\Windows\avisplitter.ini [2011/11/02 12:36:04 \| 000,007,680 \| ---- \| C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011/08/28 13:44:43 \| 000,000,358 \| RHS- \| C] () -- C:\ProgramData\ntuser.pol [2011/07/26 16:16:22 \| 000,000,017 \| ---- \| C] () -- C:\Windows\MovingPicture.ini [2011/07/26 15:23:34 \| 000,237,568 \| R--- \| C] () -- C:\Windows\SysWow64\qtmlClient.dll [2011/07/26 15:23:34 \| 000,000,000 \| ---- \| C] () -- C:\Windows\Graffiti5.2Pin.ini [2011/06/14 17:55:25 \| 000,001,265 \| ---- \| C] () -- C:\ProgramData\1222318736 [2011/06/14 17:55:09 \| 000,000,144 \| -HS- \| C] () -- C:\ProgramData\1760637372 [2011/06/08 17:38:51 \| 000,139,264 \| ---- \| C] () -- C:\Windows\ShareBarData.dll [2011/06/03 18:15:36 \| 000,007,626 \| ---- \| C] () -- C:\Users\Rick\AppData\Local\Resmon.ResmonCfg [2011/05/26 18:38:27 \| 000,000,069 \| ---- \| C] () -- C:\Windows\easyicon.ini [2011/05/26 18:38:27 \| 000,000,030 \| ---- \| C] () -- C:\Windows\iconeasl.ini [2011/05/23 11:21:05 \| 000,000,056 \| -H-- \| C] () -- C:\ProgramData\ezsidmv.dat [2011/05/16 11:01:42 \| 000,009,216 \| ---- \| C] () -- C:\Users\Rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/05/05 19:44:55 \| 002,463,976 \| ---- \| C] () -- C:\Windows\SysWow64\NPSWF32.dll [2011/05/05 12:53:47 \| 000,000,535 \| ---- \| C] () -- C:\Windows\ODBCINST.INI [2011/05/05 12:53:47 \| 000,000,288 \| ---- \| C] () -- C:\Windows\ODBC.INI [2011/05/05 12:49:07 \| 000,006,550 \| ---- \| C] () -- C:\Windows\jautoexp.dat [2011/05/05 12:00:47 \| 000,000,090 \| ---- \| C] () -- C:\Windows\QBChanUtil_Trigger.ini [2011/05/05 01:00:30 \| 000,870,490 \| ---- \| C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/05/04 22:03:50 \| 000,000,000 \| ---- \| C] () -- C:\Windows\ativpsrm.bin [2010/07/05 07:37:06 \| 000,033,792 \| ---- \| C] () -- C:\Windows\SysWow64\dokan.dll ========== LOP Check ========== [2011/10/09 00:17:12 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\833D9DFA-BCCC-4C01-A878-17A88F2BB30F [2011/07/05 19:05:01 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\A5B37800-55DE-45B6-8B34-98CE44D7D618 [2011/06/21 09:54:51 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Acronis [2012/04/14 15:04:04 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\AnvSoft [2011/06/09 02:14:16 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Ashampoo [2011/11/30 23:22:17 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\calibre [2011/06/07 18:39:17 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Canon [2012/03/07 21:22:47 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\ChemTable Software [2011/05/07 11:30:34 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Cloudmark [2011/05/08 22:52:19 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1 [2012/02/29 18:11:39 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\DisplayFusion [2012/06/01 15:18:58 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Dropbox [2011/09/15 13:10:43 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\EPSON [2011/06/20 21:21:41 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\F4E08758-D3C3-428C-8464-2C8236038025 [2012/05/24 15:27:10 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\FileZilla [2012/04/14 14:03:11 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\gtk-2.0 [2012/04/14 13:51:48 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Gui4Cli [2012/01/29 23:36:40 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\HandBrake [2011/06/27 17:53:07 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\ISTool [2011/05/07 17:58:14 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Leadertech [2012/04/14 14:39:49 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Leawo [2011/06/14 18:17:47 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\LimeWire [2011/05/07 12:39:39 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Notepad++ [2011/12/16 17:26:10 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Participatory Culture Foundation [2012/05/30 22:40:33 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\PCF-VLC [2011/07/26 17:36:43 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\proDAD [2012/01/28 17:11:16 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\redsn0w [2011/05/26 15:35:21 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\ShellFolderFix [2011/05/05 02:19:53 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Stardock [2011/12/28 19:45:33 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\TeamViewer [2012/01/19 14:50:10 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\TechSmith [2011/11/15 20:12:10 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\TeraCopy [2012/04/14 14:40:52 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\tiger-k [2012/01/26 01:28:50 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\TomTom [2011/12/20 13:57:09 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\TradeMiner [2012/01/04 18:49:19 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\TradeMiner2 [2011/05/13 13:37:03 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\TradeStation Technologies [2012/05/30 00:45:38 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\uTorrent [2012/01/05 15:50:48 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Volcone Analyzer Pro [2011/05/15 14:21:12 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Watchtower [2012/04/20 09:00:15 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\webex [2011/06/20 21:23:37 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\WinPatrol [2012/04/09 10:37:18 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Wondershare [2011/05/05 20:32:36 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Xtend2.71305F52FFD36D9BDDE00284EF6181AE6688276A.1 [2011/08/28 13:46:55 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Zeon [2012/03/10 13:05:08 \| 000,032,640 \| ---- \| M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\.exe > < MD5 for: EXPLORER.EXE > [2011/02/26 00:19:21 \| 002,616,320 \| ---- \| M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011/02/25 01:19:30 \| 002,871,808 \| ---- \| M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/02/25 01:19:30 \| 002,871,808 \| ---- \| M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 01:14:34 \| 002,871,808 \| ---- \| M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 22:24:25 \| 002,616,320 \| ---- \| M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011/02/25 00:30:54 \| 002,616,320 \| ---- \| M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/02/25 00:30:54 \| 002,616,320 \| ---- \| M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010/11/20 22:24:11 \| 002,872,320 \| ---- \| M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: SVCHOST.EXE > [2012/04/04 15:56:38 \| 000,199,240 \| ---- \| M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [2009/07/13 20:14:41 \| 000,020,992 \| ---- \| M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009/07/13 20:14:41 \| 000,020,992 \| ---- \| M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2009/07/13 20:39:46 \| 000,027,136 \| ---- \| M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe [2009/07/13 20:39:46 \| 000,027,136 \| ---- \| M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe < MD5 for: USERINIT.EXE > [2010/11/20 22:23:55 \| 000,026,624 \| ---- \| M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 22:23:55 \| 000,026,624 \| ---- \| M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010/11/20 22:24:28 \| 000,030,720 \| ---- \| M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/20 22:24:28 \| 000,030,720 \| ---- \| M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2012/04/04 15:56:38 \| 000,199,240 \| ---- \| M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010/11/20 22:24:29 \| 000,390,656 \| ---- \| M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/20 22:24:29 \| 000,390,656 \| ---- \| M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < %systemroot%\. /rp /s > ========== Drive Information ========== Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media Interface type: IDE Media Type: Fixed hard disk media Model: WDC WD5002AALX-00J37A0 ATA Device Partitions: 2 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media Interface type: IDE Media Type: Fixed hard disk media Model: SAMSUNG HD753LJ ATA Device Partitions: 1 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE2 - Interface type: USB Media Type: Model: EPSON Stylus Storage USB Device Partitions: 0 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 245.00GB Starting Offset: 1048576 Hidden sectors: 0 DeviceID: Disk #0, Partition #1 PartitionType: Extended w/Extended Int 13 Bootable: False BootPartition: False PrimaryPartition: False Size: 221.00GB Starting Offset: 262879948800 Hidden sectors: 0 DeviceID: Disk #1, Partition #0 PartitionType: Extended w/Extended Int 13 Bootable: False BootPartition: False PrimaryPartition: False Size: 699.00GB Starting Offset: 28672 Hidden sectors: 0 ========== Alternate Data Streams ========== @Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:9FBE2A28 @Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:F0A9F8B2 @Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:85FB0BBF @Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:F580541F @Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:D2F2F703 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:68FB068F @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:2B05BED0 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7D298E29 < End of report > OTL Extras logfile created on: 06/01/2012 6:33:42 PM - Run 1 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\Rick\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: MM/dd/yyyy 3.12 Gb Total Physical Memory \| 0.99 Gb Available Physical Memory \| 31.71% Memory free 6.25 Gb Paging File \| 3.35 Gb Available in Paging File \| 53.63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 244.83 Gb Total Space \| 144.02 Gb Free Space \| 58.83% Space Free \| Partition Type: NTFS Drive D: \| 220.93 Gb Total Space \| 152.12 Gb Free Space \| 68.85% Space Free \| Partition Type: NTFS Drive E: \| 698.63 Gb Total Space \| 624.91 Gb Free Space \| 89.45% Space Free \| Partition Type: NTFS Drive G: \| 85.77 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: CDFS Computer Name: DOLPHIN \| User Name: Rick \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: All users \| Quick Scan \| Include 64bit Scans Company Name Whitelist: On \| Skip Microsoft Files: On \| No Company Name Whitelist: On \| File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1380197145-2163725741-2770577485-1000\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00C60627-7F5A-4F8B-AB35-A46D9603255D}" = lport=rpc-epmap \| protocol=6 \| dir=in \| svc=rpcss \| name=@firewallapi.dll,-28539 \| "{0E828C32-34BF-4854-A9E5-F99D5563443F}" = lport=5355 \| protocol=17 \| dir=in \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{106C3965-F076-4AB0-A1FF-72914D7361A5}" = rport=138 \| protocol=17 \| dir=out \| app=system \| "{1BF0B8C7-6855-42C5-814D-BC226255351D}" = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{1C3DE2D9-9007-4C19-8992-C8C7B1F1D2B9}" = lport=137 \| protocol=17 \| dir=in \| app=system \| "{294A6F73-BCA5-4E74-8540-66FBF62123F3}" = lport=50901 \| protocol=6 \| dir=in \| name=adobe version cue cs3 server \| "{36F0EEE3-C4AF-4060-8471-EFE538A96723}" = lport=3702 \| protocol=17 \| dir=in \| svc=fdphost \| app=%systemroot%\system32\svchost.exe \| "{3A86B78C-8D95-436B-96AD-2C7DC786E6A6}" = lport=139 \| protocol=6 \| dir=in \| app=system \| "{4A87E11C-7A5F-4BA6-923F-18BDA2E9FD59}" = lport=138 \| protocol=17 \| dir=in \| app=system \| "{4E479107-85D1-4518-B009-6CF6A479AF01}" = rport=5355 \| protocol=17 \| dir=out \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{5CF37A60-0DB6-4A7F-BA5F-4D9207547A99}" = rport=139 \| protocol=6 \| dir=out \| app=system \| "{81F39285-A92D-40DE-BF31-78AD77792326}" = rport=445 \| protocol=6 \| dir=out \| app=system \| "{9BCE9FB2-A959-4768-A8D2-98022AF65A7F}" = lport=50900 \| protocol=6 \| dir=in \| name=adobe version cue cs3 server \| "{9F716DC9-F3B7-4DB5-9D98-57DAD44BBF48}" = lport=3703 \| protocol=6 \| dir=in \| name=adobe version cue cs3 server \| "{A526A033-0BEC-40E5-843F-0C35092E1590}" = lport=5355 \| protocol=17 \| dir=in \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{A6CF1166-3F40-4DE3-833A-41D7C15443FB}" = lport=5355 \| protocol=17 \| dir=in \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{C988C29B-6CBF-4BA6-B8DA-FE2C3005FB03}" = lport=3704 \| protocol=6 \| dir=in \| name=adobe version cue cs3 server \| "{CA49D2F8-6B85-4A34-8193-D763BCC6D6F0}" = rport=1900 \| protocol=17 \| dir=out \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{CD420434-0AA5-4B07-B7C2-160516F09BE1}" = lport=6004 \| protocol=17 \| dir=in \| app=c:\program files (x86)\microsoft office\office14\outlook.exe \| "{D1D043A8-4DDE-499C-A9D8-78DB542B0B54}" = rport=5355 \| protocol=17 \| dir=out \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{D48A3DF1-D534-44C2-94AB-66A9F32863FA}" = rport=3702 \| protocol=17 \| dir=out \| svc=fdrespub \| app=%systemroot%\system32\svchost.exe \| "{D91B1C53-897B-4481-BCA5-34EF68B55BA8}" = lport=3702 \| protocol=17 \| dir=in \| svc=fdrespub \| app=%systemroot%\system32\svchost.exe \| "{DD831124-4015-4923-9730-3A9B90BA9D8D}" = lport=808 \| protocol=6 \| dir=in \| svc=nettcpactivator \| app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe \| "{E76A70C6-278B-4176-BE94-FFC6B4FCE429}" = lport=rpc \| protocol=6 \| dir=in \| svc=spooler \| app=%systemroot%\system32\spoolsv.exe \| "{ED09A7D0-D00D-4D65-A79D-101F216B7D10}" = rport=137 \| protocol=17 \| dir=out \| app=system \| "{F3DF6332-B1D8-427A-9061-FD1D05061562}" = rport=3702 \| protocol=17 \| dir=out \| svc=fdphost \| app=%systemroot%\system32\svchost.exe \| "{F3ED5761-830C-49CF-9DF8-266AA5F6E927}" = rport=5355 \| protocol=17 \| dir=out \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{FAC25B7C-5BCC-4650-A5FA-D175CD2B7833}" = lport=445 \| protocol=6 \| dir=in \| app=system \| ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A5E4F32-70E6-42EA-8499-8F11076E0D79}" = protocol=6 \| dir=out \| svc=upnphost \| app=%systemroot%\system32\svchost.exe \| "{0AAC6826-D086-45B0-A75A-BCA5E3A43245}" = protocol=6 \| dir=in \| app=c:\program files (x86)\microsoft office\office14\groove.exe \| "{0FAAADB1-217A-46DE-BFD1-029E15901EAB}" = protocol=1 \| dir=out \| name=@firewallapi.dll,-28544 \| "{151CC774-174C-4620-A7B5-4F3F01CD74A2}" = protocol=17 \| dir=in \| app=c:\program files (x86)\teamviewer\version7\teamviewer.exe \| "{163DBCC5-CE05-49E3-B894-100D3FC29DA4}" = protocol=17 \| dir=in \| app=%programfiles%\windows media player\wmplayer.exe \| "{19E24749-1AC5-42D4-9E57-39DE8E871877}" = protocol=6 \| dir=in \| app=c:\program files (x86)\microsoft office\office14\onenote.exe \| "{1CBB81C4-4675-48E0-91A0-FEDADFCF1A6D}" = dir=in \| app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe \| "{20D4D475-2EBF-415C-A4AD-36161F9451F9}" = dir=in \| app=c:\program files (x86)\skype\phone\skype.exe \| "{2B4FD569-D76D-4E7B-8473-AD71CD9D13AF}" = protocol=1 \| dir=in \| name=@firewallapi.dll,-28543 \| "{35F0035E-568B-464A-8D89-54ABD9AE6A5C}" = protocol=58 \| dir=out \| name=@firewallapi.dll,-28546 \| "{4A434C87-905B-4A85-9713-087F0A92E9E1}" = protocol=6 \| dir=in \| app=c:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe \| "{4B79E487-8ADA-4452-93AE-2E7F40676309}" = protocol=6 \| dir=in \| app=c:\program files (x86)\teamviewer\version7\teamviewer.exe \| "{4EE8525A-9E65-42C4-A17C-9FAF4D37BCF5}" = protocol=58 \| dir=in \| name=@firewallapi.dll,-28545 \| "{55670FCD-D3FA-438C-8C76-71C13D070D4B}" = protocol=17 \| dir=in \| app=c:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe \| "{583D13F7-A5F7-44BC-84A3-FA90D5305463}" = protocol=6 \| dir=out \| app=%programfiles(x86)%\windows media player\wmplayer.exe \| "{5C5776C0-F296-4869-8569-5F528518B621}" = protocol=6 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| "{5F807AD9-0990-4B92-9143-DF9451F121D2}" = protocol=17 \| dir=in \| app=c:\program files (x86)\bonjour\mdnsresponder.exe \| "{65667F26-3A3F-426A-86F1-513E1C5DCE3D}" = protocol=17 \| dir=in \| app=c:\program files (x86)\utorrent\utorrent.exe \| "{7057E5C0-E9EF-4D7F-A9DE-0034E332E7C0}" = protocol=6 \| dir=in \| app=c:\program files (x86)\bonjour\mdnsresponder.exe \| "{80C2FAB0-ED2E-46F8-88E4-5BE538E6DFBA}" = dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| "{89498970-81A8-438F-9EEF-EA787876B8CA}" = protocol=17 \| dir=in \| app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe \| "{89EAE45E-3B8F-4720-A643-683B9A6E40B5}" = protocol=6 \| dir=in \| app=c:\program files (x86)\veetle\player\veetlenet.exe \| "{A5F5AC50-CC9E-4D68-BFF1-5D0D66C7CB39}" = protocol=17 \| dir=in \| app=c:\program files (x86)\microsoft office\office14\groove.exe \| "{BAEFC55C-EBF5-4ADD-874E-20B5C64BA6CD}" = dir=in \| app=c:\program files (x86)\itunes\itunes.exe \| "{C7630909-05BC-47F5-AB28-98A33CC1AA32}" = protocol=17 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| "{D248192B-F7ED-4C55-BA52-D9BA0B57C7F4}" = protocol=17 \| dir=in \| app=c:\program files (x86)\microsoft office\office14\onenote.exe \| "{D79FE367-E811-478A-838C-90E8EB8E0FB8}" = protocol=17 \| dir=in \| app=%programfiles(x86)%\windows media player\wmplayer.exe \| "{DB1C36CB-16DA-4E0F-B893-CC1539F5BB6B}" = protocol=6 \| dir=in \| app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe \| "{E5683856-A877-4E62-8BEB-A4B808843B69}" = protocol=6 \| dir=in \| app=c:\program files (x86)\utorrent\utorrent.exe \| "{F49F390F-F7B7-4400-89BC-A2E7C1F557B9}" = protocol=17 \| dir=out \| app=%programfiles(x86)%\windows media player\wmplayer.exe \| "{FCD88C7E-3881-4DF0-9254-FC391630C53C}" = dir=in \| app=c:\program files (x86)\fingerprint\fingerprintservice.exe \| "TCP Query User{23BC6E3F-52CD-40C5-A132-2FE89037444A}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 \| dir=in \| app=c:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe \| "TCP Query User{382FA3C3-7DEF-4737-A06C-E453E04D37E8}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 \| dir=in \| app=c:\program files (x86)\logitech\vid hd\vid.exe \| "TCP Query User{52FB6471-9BDE-4452-AF3A-A0114F14D18B}C:\program files (x86)\inkline global\pcshowbuzz 2\pcshowbuzz.exe" = protocol=6 \| dir=in \| app=c:\program files (x86)\inkline global\pcshowbuzz 2\pcshowbuzz.exe \| "TCP Query User{71CA41DB-56B1-4723-93F4-A609FCDFB025}C:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 \| dir=in \| app=c:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe \| "TCP Query User{9D6A6987-12EC-4121-A649-753356F928B7}C:\users\rick\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 \| dir=in \| app=c:\users\rick\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe \| "TCP Query User{B5AF82D6-EA4D-47DD-9ACA-C3290E12F534}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 \| dir=in \| app=c:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe \| "TCP Query User{B756AD13-1A92-48CF-9864-F348EA31E0F6}C:\windows\syswow64\java.exe" = protocol=6 \| dir=in \| app=c:\windows\syswow64\java.exe \| "TCP Query User{BA56E356-A8FE-4F29-A558-A72BE75B34E6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 \| dir=in \| app=c:\program files (x86)\internet explorer\iexplore.exe \| "TCP Query User{BC7BDD97-5A65-4887-9656-6DBF391123B6}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 \| dir=in \| app=c:\program files (x86)\logitech\vid hd\vid.exe \| "TCP Query User{DFC75694-7B0B-460E-B082-2F2C33C514DC}C:\program files (x86)\1stworks\hotcommcl\bin\hotcomm.exe" = protocol=6 \| dir=in \| app=c:\program files (x86)\1stworks\hotcommcl\bin\hotcomm.exe \| "TCP Query User{F3B6544C-0FCE-40E2-BA88-6A0F6D76E4B2}C:\pinnacle\wget.exe" = protocol=6 \| dir=in \| app=c:\pinnacle\wget.exe \| "UDP Query User{058E1C95-6759-4142-A11A-A3B6D5DEC35F}C:\program files (x86)\1stworks\hotcommcl\bin\hotcomm.exe" = protocol=17 \| dir=in \| app=c:\program files (x86)\1stworks\hotcommcl\bin\hotcomm.exe \| "UDP Query User{23CBCD23-D09C-4EDA-9D35-F913D99DFCA2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 \| dir=in \| app=c:\program files (x86)\internet explorer\iexplore.exe \| "UDP Query User{66DDCDB3-32E6-4887-8719-5670944E72BC}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 \| dir=in \| app=c:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe \| "UDP Query User{6994BAD5-E947-4C50-97A4-7ACE2CA8FB3C}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 \| dir=in \| app=c:\program files (x86)\logitech\vid hd\vid.exe \| "UDP Query User{87F12DFA-98DD-4DF6-913D-EF777A44AE6C}C:\pinnacle\wget.exe" = protocol=17 \| dir=in \| app=c:\pinnacle\wget.exe \| "UDP Query User{90118F31-8481-4276-B381-FDBA9DBB12C1}C:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 \| dir=in \| app=c:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe \| "UDP Query User{999309BC-58FC-4A09-8B8C-C5ED739C5AB3}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 \| dir=in \| app=c:\program files (x86)\logitech\vid hd\vid.exe \| "UDP Query User{AA80C3ED-659D-4392-9BAB-04FD15EC5268}C:\users\rick\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 \| dir=in \| app=c:\users\rick\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe \| "UDP Query User{DF6DDD3E-C904-4752-837A-F26F545D5F0E}C:\windows\syswow64\java.exe" = protocol=17 \| dir=in \| app=c:\windows\syswow64\java.exe \| "UDP Query User{DFC8024E-4AB9-4439-A169-347D1962C84D}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 \| dir=in \| app=c:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe \| "UDP Query User{F51A0E2C-CF87-4955-AA01-A17FC2F78725}C:\program files (x86)\inkline global\pcshowbuzz 2\pcshowbuzz.exe" = protocol=17 \| dir=in \| app=c:\program files (x86)\inkline global\pcshowbuzz 2\pcshowbuzz.exe \| ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64) "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool "{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 "{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64) "{239A8D60-270B-42e8-82D3-60D70A2942E0}" = Canon MF4100 Series "{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}" = Microsoft SQL Server 2008 Native Client "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program "{302A1E2E-DD58-4673-BC99-9CC10EC2637A}" = WinPatrol "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files "{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Driver "{6292D514-17A4-403F-98F9-E150F10C043D}" = Microsoft SQL Server 2008 Setup Support Files "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64 "{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) "{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{9D00A8DA-650F-21C6-E787-78756733F15F}" = ATI Catalyst Install Manager "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU "{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) "{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1 "{E5A509B4-D9B1-4FD9-B3EF-EDB216AA8651}" = ccc-utility64 "{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64) "{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "EPSON Printer and Utilities" = EPSON Printer Software "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1 "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit) "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit) "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK "{07EF3970-F8E5-4A27-A5A3-230484D35026}" = Microsoft Expression Encoder 4 "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4 "{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service "{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup "{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools "{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1 "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition "{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation "{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4 "{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR} "{1EABDDCB-B788-4FD2-BA76-23472D8DD1D6}" = EPSON Easy Photo Print "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}" = QuickBooks Pro 2012 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK "{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31 "{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder "{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86 "{325045C9-F040-3D98-892D-53D5E840266C}" = Google Talk Plugin "{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All "{34A153FE-6926-4C14-B48A-B71E68C672A8}_is1" = MiniTool Partition Wizard Home Edition 7.1 "{36897E00-FF24-4271-BA0F-E542250A81DC}" = QuickBooks Company File Diagnostic Tool "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = OANDA - MetaTrader 4.00 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish "{40356BFC-EB2F-1A68-1A47-4547BE7DD0D2}" = Xtend "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools "{44F7BA74-C11A-49FC-B2FC-1B827C491F74}" = Microsoft Expression Studio 3 "{45666376-FBDF-4D40-945C-316F1C051AF4}_is1" = Excel Tool VBA Password Recovery 10.6.1 "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4 "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{558358E5-E4F3-4374-BA1D-26FF39EF87D9}" = Microsoft Silverlight 4 Tools for Visual Studio 2010 "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1 "{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 "{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1) "{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4 "{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common "{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup "{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light "{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf11 "{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3 "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings "{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{72ACB836-A759-4311-959C-B0F5F3B74B8E}_is1" = PCShowBuzz 2 "{75C3C9C0-6CE6-42FA-A0E9-658E8F539124}" = PCMark 7 "{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project "{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3 "{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch "{7CA5C4DF-8327-4035-AE2B-CA76336A04FD}" = Snagit 11 "{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3 "{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese "{81F1814D-8658-72CC-D370-A08E1014EF03}" = Pandora "{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime "{85D5BFBB-8BC4-467B-BADA-D574A3CDC139}_is1" = FingerPrint 1.2.0.278 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BC8FA12-40F1-4752-9EFF-535C77608E7A}" = PowerArchiver 2011 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9239AD4F-85B1-40EB-9BF6-16D05F807231}" = Cloudmark DesktopOne "{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy "{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German "{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}" = Microsoft Expression Studio 4 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A4FA40F1-B88C-4BDF-B291-ED34982CB48F}" = Microsoft Expression Blend 3 "{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2) "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4 "{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek "{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3 "{B948B39D-214F-486E-BCD9-8AB691F8762A}" = TradeStation 9.1 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full "{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework "{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3 "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec "{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7 "{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3 "{C644FAAE-42FD-4FEC-B170-AB40B128B9AF}" = Custom UI Editor for Microsoft Office "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3 "{CE93C501-8C33-4F0F-9590-0C006F03C823}" = Screencast.com Desktop Uploader "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD "{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium "{D2095DFD-9022-4995-9A7A-CC9212837D29}" = calibre "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU "{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1 "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static "{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{EED1EFD7-2703-4f7e-9820-EAA3C4723EA3}" = Watchtower Library 2011 - English "{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian "{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2 "{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean "{FBDCDFA2-6950-46A1-B31E-B1B3DF08242B}" = Miro Video Converter "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "Adobe Acrobat 8 Professional" = Adobe Acrobat 8.3.1 Professional "Adobe Acrobat 8 Professional_831" = Adobe Acrobat 8.3.1 - CPSID_83708 "Adobe AIR" = Adobe AIR "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2 "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings "Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium "AI RoboForm" = RoboForm 7-7-7-1 (All Users) "Any Video Converter_is1" = Any Video Converter 3.3.7 "Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10 v.10.0.15 "avast" = avast! Free Antivirus "BackRex Outlook Backup" = BackRex Outlook Backup "Blend_3.0.1927.0" = Microsoft Expression Blend 3 "Blend_4.0.20525.0" = Microsoft Expression Blend 4 "com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1" = Pandora "CyberSky 4" = CyberSky 4 "Design_7.0.20516.0" = Microsoft Expression Design 4 "DT6" = Dynamic Traders Group, Inc. DT6 2 "DVDFab 8 Qt_is1" = DVDFab 8.1.6.3 (11/02/2012) Qt "EaseUS Todo Backup Free 3.0_is1" = EaseUS Todo Backup Free 3.0 "EasyBCD" = EasyBCD 2.1.2 "Encoder_4.0.1639.0" = Microsoft Expression Encoder 4 "ExpressionStudio_3.0.1061.0" = Microsoft Expression Studio 3 "ExpressionStudio_4.0.20525.0" = Microsoft Expression Studio 4 "Fences" = Fences "ffdshow_is1" = ffdshow [rev 1972] [2008-05-24] "FileZilla Client" = FileZilla Client 3.5.3 "fmtkit60" = FM Labs Toolkit 6.0 "ForexDiversity" = ForexDiversity "FormMailDecoder_is1" = FormMailDecoder 2.03 "HandBrake" = HandBrake 0.9.5 "hotComm® CL" = hotComm® CL "HQuote" = HQuote "IconEasel 98 / EasyIcons 98 v6.2" = IconEasel 98 / EasyIcons 98 v6.2 "Infragistics UltraToolBars 5.00" = Infragistics UltraToolBars 5.00 "Inno Setup 5_is1" = Inno Setup version 5.3.6 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "KLiteCodecPack_is1" = K-Lite Codec Pack 7.9.0 (Basic) "Logitech Vid" = Logitech Vid HD "Magic Bullet Looks Studio" = Magic Bullet Looks Studio "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Marvell Miniport Driver" = Marvell Miniport Driver "Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1 "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools "Miro" = Miro "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US) "MSDN Library - October 2001" = MSDN Library - October 2001 "MurreyMath EOD_is1" = MurreyMath EOD 2012 Version 23.7 "Notepad++" = Notepad++ "OANDA - MetaTrader" = OANDA - MetaTrader "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Perceptual Profits Software" = Perceptual Profits Software "Picasa 3" = Picasa 3 "PowerArchiver 2011" = PowerArchiver 2011 "Revo Uninstaller" = Revo Uninstaller 1.92 "Secunia PSI" = Secunia PSI (2.0.0.4003) "SetFileDate_is1" = SetFileDate 2.0 "SoftwarePassport v6.0.0.600" = SoftwarePassport "SSC Service Utility_is1" = SSC Service Utility v4.30 "STMediaSuite" = SoundTaxi Media Suite 4.0.2 "StockChartX" = StockChartX 5.9.0 "StockChartX Pro" = StockChartX Pro 5.9 "TeamViewer 7" = TeamViewer 7 "The Ultimate Troubleshooter" = The Ultimate Troubleshooter "TomTom HOME" = TomTom HOME 2.8.3.2499 "uTorrent" = µTorrent "uTorrentBar Toolbar" = uTorrentBar Toolbar "Veetle TV" = Veetle TV "Visual Studio 6.0 Professional Edition" = Microsoft Visual Studio 6.0 Professional Edition "VLC media player" = VideoLAN VLC media player 0.8.6f "Volcone Analyzer Pro 2.0_is1" = Volcone Analyzer Pro 2.0 "Web_4.0.1303.0" = Microsoft Expression Web 4 "WebPost" = Microsoft Web Publishing Wizard 1.53 "WinPcapInst" = WinPcap 4.0.2 "winscp3_is1" = WinSCP 4.3.6 "Wondershare AllMyTube_is1" = Wondershare AllMyTube(Build 2.2.1.2) "Wondershare Streaming Audio Recorder_is1" = Wondershare Streaming Audio Recorder(Build 2.0.2.3) "Wondershare Video Editor_is1" = Wondershare Video Editor(Build 3.0.1) "XNote Stopwatch" = XNote Stopwatch 1.40 "Xtend2.71305F52FFD36D9BDDE00284EF6181AE6688276A.1" = Xtend ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1380197145-2163725741-2770577485-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}" = HHD Software Free Hex Editor Neo 4.97 "55929B5715B74A898D83469EB1FB68E492752BA7" = Cloudmark DesktopOne Outlook 2010 Add-in "ActiveTouchMeetingClient" = Cisco WebEx Meetings "b690125abf2c5f23" = TradeStation Futures "Dropbox" = Dropbox "Google Chrome" = Google Chrome "GoToMeeting" = GoToMeeting 5.1.0.880 "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player "SugarSync" = SugarSync Manager "WinDirStat" = WinDirStat 1.1.2 ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Running aswMBR.exe now and will post when completed.

Rixtertrader View Member Profile	Jun 1 2012, 06:16 PM Post #4
New Member Group: Authentic Member Posts: 19 Joined: 1-June 12 Member No.: 100,456 Operating System: Windows 7 Ultimate	Here are the logs from the aswMBR.exe program. aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-06-01 18:54:00 ----------------------------- 18:54:00.266 OS Version: Windows x64 6.1.7601 Service Pack 1 18:54:00.266 Number of processors: 2 586 0xF06 18:54:00.267 ComputerName: DOLPHIN UserName: Rick 18:54:01.963 Initialize success 18:54:02.852 AVAST engine defs: 12060100 18:54:31.299 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 18:54:31.300 Disk 0 Vendor: WDC_WD5002AALX-00J37A0 15.01H15 Size: 476940MB BusType: 3 18:54:31.309 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-5 18:54:31.311 Disk 1 Vendor: SAMSUNG_HD753LJ 1AA01113 Size: 715404MB BusType: 3 18:54:31.333 Disk 0 MBR read successfully 18:54:31.336 Disk 0 MBR scan 18:54:31.339 Disk 0 Windows 7 default MBR code 18:54:31.342 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 250700 MB offset 2048 18:54:31.345 Disk 0 Partition - 00 0F Extended LBA 226235 MB offset 513437400 18:54:31.365 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 226235 MB offset 513437463 18:54:31.387 Disk 0 scanning C:\Windows\system32\drivers 18:54:41.452 Service scanning 18:54:55.320 Modules scanning 18:54:55.330 Disk 0 trace - called modules: 18:54:55.348 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 18:54:55.352 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80036aa530] 18:54:55.356 3 CLASSPNP.SYS[fffff88001b7f43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa8003088060] 18:54:55.870 AVAST engine scan C:\Windows 18:54:57.970 AVAST engine scan C:\Windows\system32 18:58:12.931 AVAST engine scan C:\Windows\system32\drivers 18:58:22.956 AVAST engine scan C:\Users\Rick 19:11:39.105 AVAST engine scan C:\ProgramData 19:12:57.313 Disk 0 MBR has been saved successfully to "C:\Users\Rick\Desktop\MBR.dat" 19:12:57.332 The log file has been saved successfully to "C:\Users\Rick\Desktop\aswMBR.txt" Attached File(s) MBR.zip ( 559bytes ) Number of downloads: 66

CatByte View Member Profile	Jun 1 2012, 06:52 PM Post #5
Classroom Administrator Group: Classroom Admin Posts: 19,743 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: XP, Vista, Win7	Hi, Please do the following: Run OTL.exe Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL CODE :OTL FF - prefs.js..browser.search.defaultenginename: "Blekko" FF - prefs.js..browser.search.order.1: "Blekko" O2:64bit: - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. [2012/05/30 22:35:46 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\blekko toolbars [2012/05/30 22:34:38 \| 000,000,000 \| ---D \| C] -- C:\Users\Rick\AppData\Local\blekkotb_031 [2011/06/14 17:55:25 \| 000,001,265 \| ---- \| C] () -- C:\ProgramData\1222318736 [2011/06/14 17:55:09 \| 000,000,144 \| -HS- \| C] () -- C:\ProgramData\1760637372 [2011/06/20 21:21:41 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\F4E08758-D3C3-428C-8464-2C8236038025 :Files ipconfig /flushdns /c :Commands [resethosts] [purity] [emptytemp] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Then post the OTL log NEXT Refer to the ComboFix User's Guide Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Place ComboFix.exe on your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. You can get help on disabling your protection programs here Double click on ComboFix.exe & follow the prompts. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Ensure your AntiVirus and AntiSpyware applications are re-enabled. --------------------------------------------------------------------------------------------- NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Rixtertrader View Member Profile	Jun 2 2012, 11:30 AM Post #6
New Member Group: Authentic Member Posts: 19 Joined: 1-June 12 Member No.: 100,456 Operating System: Windows 7 Ultimate	Hello. I just completed your instructions to run OTL again. Here is the log that came up upon reboot. ============= All processes killed ========== OTL ========== Prefs.js: "Blekko" removed from browser.search.defaultenginename Prefs.js: "Blekko" removed from browser.search.order.1 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00C6482D-C502-44C8-8409-FCE54AD9C208}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}\ not found. C:\ProgramData\blekko toolbars folder moved successfully. C:\Users\Rick\AppData\Local\blekkotb_031\data folder moved successfully. C:\Users\Rick\AppData\Local\blekkotb_031 folder moved successfully. C:\ProgramData\1222318736 moved successfully. C:\ProgramData\1760637372 moved successfully. C:\Users\Rick\AppData\Roaming\F4E08758-D3C3-428C-8464-2C8236038025 folder moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Rick\Downloads\cmd.bat deleted successfully. C:\Users\Rick\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Rick ->Temp folder emptied: 2293126 bytes ->Temporary Internet Files folder emptied: 36046649 bytes ->Java cache emptied: 29564326 bytes ->FireFox cache emptied: 67777634 bytes ->Google Chrome cache emptied: 351983638 bytes ->Flash cache emptied: 1637521 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 852531 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 118683 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 468.00 mb OTL by OldTimer - Version 3.2.45.0 log created on 06022012_122144 Files\Folders moved on Reboot... C:\Users\Rick\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Rick\AppData\Local\Temp\FXSTIFFDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... I'm now proceeding to the rest of your instructions. :-) Thanks.

Rixtertrader View Member Profile	Jun 2 2012, 12:36 PM Post #7
New Member Group: Authentic Member Posts: 19 Joined: 1-June 12 Member No.: 100,456 Operating System: Windows 7 Ultimate	I ran the ComboFix. After it was done, it displayed the log. The system itself was virtually useless, as the browsers no longer worked and other programs were inoperative. From the pop-up error boxes, it mentioned registry items queued to be deleted. So I figured I need to reboot. Ah! The reboot was a good thing. All my programs are working again and the system seems to be rid of the nasties! THANK YOU!!! I'm currently in the financial dumps but this service needs to be supported. So I'm donating what I can for now. I want to preserve this system as it is now that it's working. Can you recommend a good backup program for Windows 7 Ultimate that isn't expensive? Thanks again. Here is the LOG REPORT. ============================= ComboFix 12-06-02.02 - Rick 06/02/2012 12:37:54.1.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3199.1777 [GMT -5:00] Running from: c:\users\Rick\Downloads\ComboFix.exe AV: avast! Antivirus Disabled/Updated {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus Disabled/Updated {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender Enabled/Outdated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Mozilla Firefox\searchplugins\search.xml c:\programdata\SysWoW32 c:\programdata\SysWoW32\_u1660631990v0 c:\programdata\SysWoW32\_u1660631990v1 c:\programdata\SysWoW32\_u1660631990v2 c:\programdata\SysWoW32\_u1660631990v3 c:\programdata\SysWoW32\_u1660631990v4 c:\programdata\SysWoW32\_u1660631990v5 c:\programdata\SysWoW32\_u1660631990v6 c:\programdata\SysWoW32\_u1660631990v7 c:\programdata\SysWoW32\_u1660631990v8 c:\programdata\SysWoW32\mu1660631990v12 c:\programdata\SysWoW32\mu1660631990v12.kwd c:\programdata\SysWoW32\mu1660631990v13.kwd c:\programdata\SysWoW32\mu1660631990v14.kwd c:\programdata\SysWoW32\mu1660631990v15 c:\programdata\SysWoW32\mu1660631990v15.kwd c:\programdata\SysWoW32\mu1660631990v4 c:\programdata\SysWoW32\mu1660631990v4.kwd c:\programdata\SysWoW32\mu1660631990v5 c:\programdata\SysWoW32\mu1660631990v5.kwd c:\programdata\SysWoW32\mu1660631990v6 c:\programdata\SysWoW32\mu1660631990v6.kwd c:\programdata\SysWoW32\mu1660631990v7 c:\programdata\SysWoW32\mu1660631990v7.kwd c:\programdata\SysWoW32\wu1660631990v0 c:\programdata\SysWoW32\wu1660631990v0.kwd c:\programdata\SysWoW32\wu1660631990v1 c:\programdata\SysWoW32\wu1660631990v1.kwd c:\programdata\SysWoW32\wu1660631990v10 c:\programdata\SysWoW32\wu1660631990v10.kwd c:\programdata\SysWoW32\wu1660631990v11 c:\programdata\SysWoW32\wu1660631990v11.kwd c:\programdata\SysWoW32\wu1660631990v2 c:\programdata\SysWoW32\wu1660631990v2.kwd c:\programdata\SysWoW32\wu1660631990v3 c:\programdata\SysWoW32\wu1660631990v3.kwd c:\programdata\SysWoW32\wu1660631990v8 c:\programdata\SysWoW32\wu1660631990v8.kwd c:\programdata\SysWoW32\wu1660631990v9 c:\programdata\SysWoW32\wu1660631990v9.kwd c:\users\Rick\AppData\Local\assembly\tmp c:\users\Rick\g2mdlhlpx.exe c:\windows\ST6UNST.000 . . ((((((((((((((((((((((((( Files Created from 2012-05-02 to 2012-06-02 ))))))))))))))))))))))))))))))) . . 2012-06-02 17:50 . 2012-06-02 17:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-02 17:21 . 2012-06-02 17:21 -------- d-----w- C:\_OTL 2012-06-01 19:48 . 2012-01-12 14:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys 2012-05-31 19:28 . 2012-05-31 19:28 -------- d-----w- c:\programdata\MetaQuotes 2012-05-31 03:35 . 2012-05-31 03:35 -------- d-----w- c:\program files (x86)\pazera-software 2012-05-25 21:55 . 2012-05-25 21:55 -------- d-----w- c:\users\Rick\AppData\Local\libimobiledevice 2012-05-19 17:06 . 2012-05-19 17:06 -------- d-----w- c:\programdata\ArcSoft 2012-05-19 17:06 . 2012-06-01 20:30 -------- d-----w- c:\users\Rick\AppData\Local\ArcSoft 2012-05-19 17:05 . 2012-05-19 17:05 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft 2012-05-11 01:23 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEBE683A-CEEB-429A-BBA3-271AB5D82EA2}\mpengine.dll 2012-05-11 01:15 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-11 01:15 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-11 01:15 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 01:15 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-11 01:15 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-11 01:15 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-11 01:15 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-11 01:14 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-11 01:14 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 01:14 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 01:14 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-05-11 01:14 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-11 01:14 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-11 01:11 . 2001-08-18 13:00 8192 ----a-w- c:\windows\SysWow64\TSSOFT32.ACM 2012-05-11 01:11 . 2001-08-18 13:00 15360 ----a-w- c:\windows\SysWow64\TSD32.DLL 2012-05-11 01:11 . 2007-03-12 19:02 947472 ----a-w- c:\windows\SysWow64\msjava.bak 2012-05-11 01:11 . 2012-05-11 01:11 -------- d-----w- c:\programdata\1stWorks 2012-05-11 01:11 . 2012-05-11 01:11 -------- d-----w- c:\program files (x86)\1stWORKS 2012-05-07 02:44 . 2012-05-07 02:44 -------- d-----w- c:\program files (x86)\Pandora . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-25 01:25 . 2011-05-07 19:48 65536 ----a-w- c:\windows\SysWow64\MSDATGRD.oca 2012-05-25 01:25 . 2011-05-07 19:48 166400 ----a-w- c:\windows\SysWow64\mschrt20.oca 2012-05-25 01:25 . 2011-05-07 19:48 135168 ----a-w- c:\windows\SysWow64\MSCOMCT2.oca 2012-05-24 22:01 . 2012-04-05 13:55 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-24 22:01 . 2011-05-13 19:41 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-04-18 18:28 . 2011-05-05 18:13 266752 ----a-w- c:\windows\SysWow64\MSCOMCTL.oca 2012-04-04 20:56 . 2011-05-07 05:15 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-02 15:26 . 2011-05-05 22:05 2379552 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-03-24 01:18 . 2012-03-24 01:18 240128 ----a-w- c:\windows\SysWow64\comctl32.oca 2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr 2012-03-17 03:54 . 2011-12-18 21:50 15672 ----a-w- c:\windows\system32\drivers\SWDUMon.sys 2012-03-07 15:08 . 2011-05-05 07:10 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-03-06 23:15 . 2011-11-03 21:01 41184 ----a-w- c:\windows\avastSS.scr 2012-03-06 23:15 . 2011-11-03 21:01 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-03-06 23:15 . 2011-11-03 21:01 258520 ----a-w- c:\windows\system32\aswBoot.exe 2012-03-06 23:04 . 2011-11-03 21:01 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-03-06 23:04 . 2011-11-03 21:01 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-03-06 23:02 . 2012-03-17 02:40 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-03-06 23:01 . 2011-11-03 21:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-03-06 23:01 . 2011-11-03 21:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-03-06 23:01 . 2011-11-03 21:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{133232D2-DAE3-4B6F-AAC2-17CD87495682}] 2012-03-21 22:16 301928 ----a-w- c:\program files (x86)\Wondershare\AllMyTube\SVRIEPlugin.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTor.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-30 39408] "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-06-02 109336] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512] "Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SSC Service Utility"="c:\program files (x86)\SSC Service Utility\ssc_serv.exe" [2007-10-09 665600] . c:\users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216] My Program.lnk - c:\program files (x86)\FingerPrint\FingerPrint.exe [2012-4-28 924728] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Cloudmark DesktopOne.lnk - c:\program files (x86)\Cloudmark\Desktop\Service\cdswin.exe [2011-5-4 1167096] Snagit 11.lnk - c:\program files (x86)\TechSmith\Snagit 11\Snagit32.exe [2012-1-23 8873376] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-28 136176] R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 EaseUS Agent;EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-08-06 60040] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-28 136176] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [x] R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360] R3 STSService;STSService;c:\program files (x86)\SoundTaxi Media Suite\STSService.exe [2010-05-27 344064] R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464] S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [x] S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [x] S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [x] S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 FingerPrint;FingerPrint Service;c:\program files (x86)\FingerPrint\FingerPrintService.exe [2012-02-05 1299968] S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-12-06 1248256] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 VUSB3HUB;VIA USB 3.0 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys [x] S3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsAudioDevice_383S(1).sys [x] S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] 2010-11-21 03:24 302592 ----a-w- c:\windows\System32\cmd.exe . Contents of the 'Scheduled Tasks' folder . 2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-28 23:27] . 2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-28 23:27] . 2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1380197145-2163725741-2770577485-1000Core.job - c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-05 07:06] . 2012-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1380197145-2163725741-2770577485-1000UA.job - c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-05 07:06] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 97792 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 97792 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 97792 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 97792 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp] @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}] 2011-06-01 20:16 399872 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending] @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}] 2011-06-01 20:16 399872 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot] @="{A759AFF6-5851-457D-A540-F4ECED148351}" [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}] 2011-06-01 20:16 399872 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared] @="{1574C9EF-7D58-488F-B358-8B78C1538F51}" [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}] 2011-06-01 20:16 399872 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 12661352] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2012-03-25 329312] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ig?hl=en&source=mpes mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = .local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll FF - ProfilePath - c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\oojdjm1x.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Rick\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe . ************************************************************************* . Completion time: 2012-06-02 13:03:56 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-02 18:03 . Pre-Run: 157,824,180,224 bytes free Post-Run: 157,667,463,168 bytes free . - - End Of File - - 252F8A052D5E05DF4A1CC642AB6DFBE3

CatByte View Member Profile	Jun 2 2012, 02:44 PM Post #8
Classroom Administrator Group: Classroom Admin Posts: 19,743 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: XP, Vista, Win7	QUOTE Can you recommend a good backup program for Windows 7 Ultimate that isn't expensive? just use the onboard back-up function that comes with Win7 http://windows.microsoft.com/en-CA/windows...kup-and-restore http://www.pcworld.com/article/186997/wind...tin_backup.html Please do the following: Please open your MalwareBytes AntiMalware Program Click the Update Tab and search for updates If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish, so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. <-- very important When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. NEXT Go here to run an online scanner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activeX control to install Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked. Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked. Click Scan Wait for the scan to finish When the scan completes, press the LIST OF THREATS FOUND button Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop Include the contents of this report in your next reply. Press the BACK button. Press Finish

Rixtertrader View Member Profile	Jun 2 2012, 07:41 PM Post #9
New Member Group: Authentic Member Posts: 19 Joined: 1-June 12 Member No.: 100,456 Operating System: Windows 7 Ultimate	Okay, this is really weird. After all these steps including running MBAM, the BLEKKO virus had gone away. But then, running ESET and finding some threats has brought the BLEKKO back again! The bloody BLEKKO is showing up in my Google Chrome as an extra tab as what it was doing before we started troubleshooting it. However, it does not appear when I click on HTM shortcuts on my desktop that open the default browser (which is Chrome). Here is the MBAM log. The ESET has been running for two hours and is only 22% done. It has found 10 infected files so far. I will post it when it is done. ====================== Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.02.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Rick :: DOLPHIN [administrator] 06/02/2012 6:25:27 PM mbam-log-2012-06-02 (18-25-27).txt Scan type: Quick scan Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 209205 Time elapsed: 3 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Rick\AppData\Local\Temp\~nsu.tmp\Au_.exe (PUP.FunMoods) -> Quarantined and deleted successfully. (end) ====================== I don't understand how it could have returned. This thing is resilient! BTW, the threats found so far are: a variant of Win32/Kryptik. DG trojan OXW trojan

Rixtertrader View Member Profile	Jun 3 2012, 06:08 AM Post #10
New Member Group: Authentic Member Posts: 19 Joined: 1-June 12 Member No.: 100,456 Operating System: Windows 7 Ultimate	ESETSCAN C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\mu1660631990v15.vir Exploit.MOV.QuickTime.B virus C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\wu1660631990v1.vir a variant of Win32/Kryptik.OXW trojan C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\wu1660631990v10.vir a variant of Win32/Kryptik.OXW trojan C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\wu1660631990v11.vir a variant of Win32/Kryptik.OXW trojan C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\wu1660631990v2.vir a variant of Win32/Kryptik.OXW trojan C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\wu1660631990v3.vir a variant of Win32/Kryptik.DG trojan C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\wu1660631990v9.vir a variant of Win32/Kryptik.OXW trojan C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\_u1660631990v1.vir a variant of Win32/Kryptik.OXW trojan C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\_u1660631990v2.vir a variant of Win32/Kryptik.OXW trojan C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\_u1660631990v3.vir a variant of Win32/Kryptik.DG trojan C:\Users\Rick\Downloads\avc-free.exe Win32/OpenCandy application C:\Users\Rick\Downloads\cnet2_Pazera_Free_FLV_to_AVI_Converter_exe.exe a variant of Win32/InstallCore.D application D:\AAA-STORAGE\Maintenance Tools\Advance Process Terminate\apt.exe Win32/APT application D:\AAA-STORAGE\Maintenance Tools\eBlaster\eb60setup.exe a variant of Win32/EBlaster application D:\AAA-STORAGE\Maintenance Tools\System Information for Windows\siw-setup.exe Win32/OpenCandy application D:\AAA-STORAGE\Maintenance Tools\Uniblue Powersuite\ps1_5_2_0080_129.exe a variant of Win32/UbSpyEraser application D:\AAA-STORAGE\Video Graphics Multimedia\AUDIO\Koyote Converter\Setup_FreeConverter.exe Win32/Toolbar.Widgi application D:\AAA-STORAGE\Video Graphics Multimedia\DVD_Editing Tools\NeroUltra7\Nero-7.5.9.0A_eng.exe Win32/Toolbar.AskSBar application D:\AAA-STORAGE\Video Graphics Multimedia\FreeRip MP3\freeripmp3.exe multiple threats D:\AAA-STORAGE\Video Graphics Multimedia\Media Info\MediaInfo_GUI_0.7.42_Windows_i386.exe Win32/OpenCandy application D:\AAA-STORAGE\Video Graphics Multimedia\Miro Video Player\Miro_Installer.exe Win32/Toolbar.Zugo application D:\AAA-STORAGE\Video Graphics Multimedia\VLC Player\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application D:\WEBSITES\FDates Forum\videos\newmembers\ffdshow.zip probably a variant of Win32/InstallIQ application

CatByte View Member Profile	Jun 3 2012, 08:01 AM Post #11
Classroom Administrator Group: Classroom Admin Posts: 19,743 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: XP, Vista, Win7	Hi, You can delete those installer files if you don't need them, the rest of the items are in quarantine already, which we will clean up when ComboFix is uninstalled: Take a look in Chrome for any signs of Blekko 1. Click on the wrench icon to the right of the address bar. 2. A pop-up will appear. Scroll down and click on “Options” or “Settings.” 3. Click on the “Settings” tab on the left hand side. 4. The section marked “On startup” determines what page is shown when you open your browser. Make sure the radio button is checked for “Open a specific page or set of pages:” and click on “set pages.” (if you want New Tab page or to open your last session instead, click one of those radio buttons and skip to step 6) 5. Click on the X mark to the right of http://blekko.com to delete that. Then enter the URL of the homepage you’d like to use in the “Add a new page” section. Some common homepages are Google: http://www.google.com, Comcast: http://xfinity.comcast.net/, MSN: http://www.msn.com/, Yahoo!: http://www.yahoo.com/, AOL: http://www.aol.com. Hit “OK” to close the pop-up. 6. Close your browser. 7. Re-open your browser. To change your default search engine: 1. Click on the wrench in the right hand side. 2. Click on “Options” or “Settings.” Make sure you are in the “Settings” tab. 3. In the Search part of the page, choose the search engine from the drop down that you would like to use. 4. Searching in the address bar should use the search engine you chose now. Let me know if that resolves the blekko issue please post a fresh OTL log

Rixtertrader View Member Profile	Jun 3 2012, 10:26 AM Post #12
New Member Group: Authentic Member Posts: 19 Joined: 1-June 12 Member No.: 100,456 Operating System: Windows 7 Ultimate	I went ahead and deleted those listed installation as some I've not used in quite some time. However, I'm not convinced they all actually had viruses. I've written code in VB6 or VS2010 that some virus software thinks is a virus. I wouldn't know how to write a virus if the instructions were written step-by-step. I'm surprised that my AVAST never signaled these. Is there a protocol for being able to determine whether a file has a virus BEFORE actually downloading it? The BLEKKO problem appears to be gone. THANK YOU! Here is the OTL log you requested. ================= OTL logfile created on: 06/03/2012 11:11:07 AM - Run 2 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\Rick\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: MM/dd/yyyy 3.12 Gb Total Physical Memory \| 1.64 Gb Available Physical Memory \| 52.55% Memory free 6.25 Gb Paging File \| 4.26 Gb Available in Paging File \| 68.26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 244.83 Gb Total Space \| 147.05 Gb Free Space \| 60.06% Space Free \| Partition Type: NTFS Drive D: \| 220.93 Gb Total Space \| 152.35 Gb Free Space \| 68.96% Space Free \| Partition Type: NTFS Drive E: \| 698.63 Gb Total Space \| 630.47 Gb Free Space \| 90.24% Space Free \| Partition Type: NTFS Drive G: \| 85.77 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: CDFS Drive J: \| 298.09 Gb Total Space \| 64.80 Gb Free Space \| 21.74% Space Free \| Partition Type: NTFS Computer Name: DOLPHIN \| User Name: Rick \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Quick Scan \| Include 64bit Scans Company Name Whitelist: On \| Skip Microsoft Files: On \| No Company Name Whitelist: On \| File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/03 11:09:55 \| 000,595,968 \| ---- \| M] (OldTimer Tools) -- C:\Users\Rick\Downloads\OTL.exe PRC - [2012/06/01 19:46:11 \| 000,109,336 \| ---- \| M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe PRC - [2012/03/14 10:19:46 \| 000,045,056 \| ---- \| M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe PRC - [2012/03/06 18:15:17 \| 004,241,512 \| ---- \| M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/03/06 18:15:14 \| 000,044,768 \| ---- \| M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012/02/14 18:03:14 \| 024,246,216 \| ---- \| M] (Dropbox, Inc.) -- C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012/02/05 12:07:58 \| 000,924,728 \| ---- \| M] (Collobos Software) -- C:\Program Files (x86)\FingerPrint\FingerPrint.exe PRC - [2012/02/05 12:07:10 \| 001,299,968 \| ---- \| M] (Collobos Software) -- C:\Program Files (x86)\FingerPrint\FingerPrintService.exe PRC - [2012/01/23 15:25:14 \| 000,097,696 \| ---- \| M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe PRC - [2012/01/23 15:24:56 \| 008,119,200 \| ---- \| M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\SnagitEditor.exe PRC - [2012/01/23 15:24:48 \| 008,873,376 \| ---- \| M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe PRC - [2012/01/23 14:59:04 \| 000,046,080 \| ---- \| M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe PRC - [2012/01/18 07:44:52 \| 000,450,848 \| ---- \| M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2012/01/03 08:10:42 \| 000,063,928 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/12/06 06:40:30 \| 001,248,256 \| ---- \| M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe PRC - [2011/08/30 14:24:59 \| 000,624,056 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe PRC - [2011/08/12 12:19:40 \| 000,680,984 \| ---- \| M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe PRC - [2011/08/12 12:18:42 \| 000,205,336 \| ---- \| M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011/08/12 12:18:30 \| 000,265,240 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe PRC - [2011/05/05 19:40:02 \| 000,654,848 \| ---- \| M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2011/05/04 09:15:16 \| 001,167,096 \| ---- \| M] (Cloudmark, Inc.) -- C:\Program Files (x86)\Cloudmark\Desktop\Service\cdswin.exe PRC - [2007/10/09 12:55:58 \| 000,665,600 \| ---- \| M] (SSC Localization Group) -- C:\Program Files (x86)\SSC Service Utility\ssc_serv.exe ========== Modules (No Company Name) ========== MOD - [2012/06/01 16:41:52 \| 000,095,232 \| ---- \| M] () -- C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\odoegbfnimkkocjoeoelkonmlfpbhlnc\2.2.0_0\FlashHook.dll MOD - [2012/05/11 15:41:32 \| 001,782,272 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll MOD - [2012/05/11 09:03:43 \| 000,628,224 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll MOD - [2012/05/11 09:03:42 \| 000,627,200 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll MOD - [2012/05/11 09:03:41 \| 006,611,456 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll MOD - [2012/05/11 09:03:07 \| 012,433,408 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll MOD - [2012/05/11 09:02:59 \| 001,590,784 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll MOD - [2012/05/11 09:02:33 \| 000,680,448 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll MOD - [2012/05/11 09:02:26 \| 005,452,800 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/11 09:02:20 \| 000,971,264 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/11 09:02:18 \| 007,967,232 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/11 09:01:51 \| 011,492,864 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/05/10 20:32:15 \| 018,000,896 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\041b1bcf6ae9ab58925791d8198c37e2\PresentationFramework.ni.dll MOD - [2012/05/10 20:32:03 \| 011,451,904 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a1de74c8d0dfd15e3246e5dd394013bf\PresentationCore.ni.dll MOD - [2012/05/10 20:31:54 \| 003,858,432 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\4b7adff986a085bb562222d0c5fdf5aa\WindowsBase.ni.dll MOD - [2012/05/10 20:31:52 \| 000,595,968 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll MOD - [2012/05/10 20:29:12 \| 013,197,312 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll MOD - [2012/05/10 20:29:02 \| 001,665,536 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll MOD - [2012/05/10 20:28:52 \| 007,069,184 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll MOD - [2012/05/10 20:28:44 \| 009,091,584 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll MOD - [2012/05/10 20:28:39 \| 014,412,800 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll MOD - [2011/08/22 15:47:44 \| 000,336,408 \| ---- \| M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll MOD - [2011/08/12 12:19:40 \| 000,680,984 \| ---- \| M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe MOD - [2011/08/12 12:18:30 \| 000,265,240 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe MOD - [2011/05/04 09:15:10 \| 000,910,072 \| ---- \| M] () -- C:\Program Files (x86)\Cloudmark\Desktop\Service\System.Data.SQLite.DLL MOD - [2011/05/04 09:15:00 \| 000,058,616 \| ---- \| M] () -- C:\Program Files (x86)\Cloudmark\Desktop\Service\cdswin.XmlSerializers.dll MOD - [2011/05/04 09:14:56 \| 000,050,424 \| ---- \| M] () -- C:\Program Files (x86)\Cloudmark\Desktop\Service\cdspop.XmlSerializers.dll MOD - [2011/05/04 09:14:52 \| 000,054,520 \| ---- \| M] () -- C:\Program Files (x86)\Cloudmark\Desktop\Service\cdsimap.XmlSerializers.dll MOD - [2011/03/17 00:11:16 \| 004,297,568 \| ---- \| M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2011/03/01 23:15:28 \| 000,126,808 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll MOD - [2011/03/01 23:15:28 \| 000,027,480 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll MOD - [2011/03/01 23:15:04 \| 000,340,824 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll MOD - [2011/03/01 23:14:42 \| 007,954,776 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll MOD - [2011/03/01 23:14:30 \| 002,143,576 \| ---- \| M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll MOD - [2010/11/20 22:24:08 \| 002,927,616 \| ---- \| M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/10/20 15:45:26 \| 008,801,120 \| ---- \| M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2009/06/10 16:23:19 \| 000,261,632 \| ---- \| M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/03/06 18:15:14 \| 000,044,768 \| ---- \| M] (AVAST Software) [Auto \| Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2011/09/22 22:06:04 \| 000,431,464 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) SRV:64bit: - [2011/05/04 00:19:28 \| 000,591,872 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\SysNative\SearchIndexer.exe -- (WSearch) SRV:64bit: - [2010/11/20 22:24:42 \| 000,084,992 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc) SRV:64bit: - [2009/07/22 03:17:44 \| 000,061,976 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV:64bit: - [2009/07/13 20:41:55 \| 000,119,808 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\SysNative\trkwks.dll -- (TrkWks) SRV:64bit: - [2009/07/13 20:41:27 \| 001,011,712 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 20:41:27 \| 000,097,792 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV:64bit: - [2009/07/13 20:40:01 \| 000,193,536 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/05/03 08:31:10 \| 000,158,856 \| R--- \| M] (Skype Technologies) [Auto \| Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/03/14 10:19:46 \| 000,045,056 \| ---- \| M] (Intuit) [Auto \| Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService) SRV - [2012/02/05 12:07:10 \| 001,299,968 \| ---- \| M] (Collobos Software) [Auto \| Running] -- C:\Program Files (x86)\FingerPrint\FingerPrintService.exe -- (FingerPrint) SRV - [2012/01/18 07:44:52 \| 000,450,848 \| ---- \| M] (Logitech Inc.) [Auto \| Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2012/01/03 08:10:42 \| 000,063,928 \| ---- \| M] (Adobe Systems Incorporated) [Auto \| Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/12/06 06:40:30 \| 001,248,256 \| ---- \| M] (Intuit Inc.) [Auto \| Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS) SRV - [2011/12/06 06:40:08 \| 000,061,440 \| ---- \| M] (Intuit Inc.) [On_Demand \| Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService) SRV - [2011/10/14 01:01:50 \| 000,994,360 \| ---- \| M] (Secunia) [On_Demand \| Stopped] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2011/09/22 17:17:26 \| 000,255,336 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2011/05/05 19:40:02 \| 000,654,848 \| ---- \| M] (Macrovision Europe Ltd.) [On_Demand \| Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011/05/03 23:28:31 \| 000,427,520 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\SysWow64\SearchIndexer.exe -- (WSearch) SRV - [2011/03/01 18:29:58 \| 000,130,976 \| ---- \| M] (Futuremark Corporation) [On_Demand \| Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2010/05/27 03:36:48 \| 000,344,064 \| ---- \| M] () [On_Demand \| Stopped] -- C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe -- (STSService) SRV - [2010/03/18 13:16:28 \| 000,130,384 \| ---- \| M] (Microsoft Corporation) [Auto \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/07/13 20:15:41 \| 000,075,264 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2009/06/10 16:23:09 \| 000,066,384 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/10 15:39:58 \| 000,089,920 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2007/03/20 16:41:24 \| 000,153,792 \| ---- \| M] (Adobe Systems Incorporated) [On_Demand \| Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/16 22:54:43 \| 000,015,672 \| ---- \| M] () [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon) DRV:64bit: - [2012/03/06 18:04:06 \| 000,819,032 \| ---- \| M] (AVAST Software) [File_System \| System \| Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012/03/06 18:04:04 \| 000,337,240 \| ---- \| M] (AVAST Software) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012/03/06 18:02:20 \| 000,053,080 \| ---- \| M] (AVAST Software) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012/03/06 18:01:57 \| 000,059,224 \| ---- \| M] (AVAST Software) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012/03/06 18:01:52 \| 000,069,976 \| ---- \| M] (AVAST Software) [File_System \| Auto \| Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012/03/06 18:01:32 \| 000,024,408 \| ---- \| M] (AVAST Software) [File_System \| Auto \| Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012/03/01 01:46:16 \| 000,023,408 \| ---- \| M] (Microsoft Corporation) [Recognizer \| Boot \| Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 11:01:50 \| 000,052,736 \| ---- \| M] (Apple, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/01/18 16:56:08 \| 000,019,936 \| ---- \| M] () [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio) DRV:64bit: - [2012/01/18 16:56:06 \| 000,013,280 \| ---- \| M] () [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio) DRV:64bit: - [2012/01/18 07:44:36 \| 004,865,568 \| ---- \| M] (Logitech Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam Pro 9000(UVC) DRV:64bit: - [2012/01/18 07:44:28 \| 000,351,136 \| ---- \| M] (Logitech Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2012/01/12 09:28:48 \| 000,057,976 \| R--- \| M] (GFI Software) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE) DRV:64bit: - [2011/09/22 21:01:54 \| 000,311,144 \| ---- \| M] (Microsoft Corporation) [File_System \| Disabled \| Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105) DRV:64bit: - [2011/03/11 01:41:12 \| 000,107,904 \| ---- \| M] (Advanced Micro Devices) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 01:41:12 \| 000,027,008 \| ---- \| M] (Advanced Micro Devices) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/04 10:53:52 \| 000,075,776 \| R--- \| M] (VIA Technologies, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB) DRV:64bit: - [2011/01/04 10:53:46 \| 000,167,936 \| R--- \| M] (VIA Technologies, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\xhcdrv.sys -- (xhcdrv) DRV:64bit: - [2010/12/24 11:43:40 \| 000,029,288 \| ---- \| M] (Wondershare) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys -- (WsAudioDevice_383S(1)) WsAudioDevice_383S(1) DRV:64bit: - [2010/12/10 13:50:36 \| 000,181,248 \| ---- \| M] (Renesas Electronics Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/12/10 13:50:36 \| 000,080,384 \| ---- \| M] (Renesas Electronics Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010/11/20 22:24:43 \| 000,020,992 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/11/20 22:24:33 \| 000,059,392 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 22:23:55 \| 000,328,192 \| ---- \| M] (Microsoft Corporation) [File_System \| Disabled \| Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs) DRV:64bit: - [2010/11/20 22:23:48 \| 000,117,248 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010/11/20 22:23:48 \| 000,088,960 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010/11/20 22:23:48 \| 000,071,168 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/20 22:23:48 \| 000,034,816 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010/11/20 22:23:47 \| 000,078,720 \| ---- \| M] (Hewlett-Packard Company) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 22:23:47 \| 000,031,232 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/09/01 03:30:58 \| 000,017,976 \| ---- \| M] (Secunia) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2010/06/23 10:47:26 \| 000,402,720 \| ---- \| M] (Marvell) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2010/05/31 13:44:50 \| 000,116,848 \| ---- \| M] (JMicron Technology Corp.) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010/01/07 03:20:22 \| 000,448,512 \| ---- \| M] (Realtek Semiconductor Corporation ) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\RTL8187.sys -- (RTL8187) DRV:64bit: - [2009/07/16 11:38:40 \| 000,015,416 \| ---- \| M] () [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009/07/13 20:52:20 \| 000,194,128 \| ---- \| M] (AMD Technologies Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 \| 000,065,600 \| ---- \| M] (LSI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:47:48 \| 000,024,144 \| ---- \| M] (Microsoft Corporation) [Kernel \| Disabled \| Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk) DRV:64bit: - [2009/07/13 20:45:55 \| 000,024,656 \| ---- \| M] (Promise Technology) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 16:59:33 \| 005,020,672 \| ---- \| M] (ATI Technologies Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/06/10 15:34:33 \| 003,286,016 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 \| 000,468,480 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 \| 000,270,848 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 \| 000,031,232 \| ---- \| M] (Hauppauge Computer Works, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 \| 000,034,152 \| ---- \| M] (GEAR Software Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/05/08 16:08:00 \| 000,020,520 \| ---- \| M] (GARMIN Corp.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb) DRV:64bit: - [2007/11/06 15:23:14 \| 000,040,464 \| ---- \| M] (CACE Technologies) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2005/09/23 23:18:34 \| 000,261,120 \| ---- \| M] (Pinnacle Systems GmbH) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus) DRV - [2009/07/13 20:19:10 \| 000,019,008 \| ---- \| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [1998/05/07 00:00:00 \| 000,000,111 \| ---- \| M] () [Adapter \| On_Demand \| Unknown] -- C:\Windows\SysWow64\WINSOCK.SRG -- (Winsock) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerm...mp;sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerm...mp;sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?...;ctid=CT2786678 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en&source=mpes IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}...amp;FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerm...;rlz=1I7ADRA_en IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?...;ctid=CT2786678 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1 FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2 FF - user.js - File not found FF:64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Rick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Rick\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rick\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rick\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) [2012/01/26 01:28:51 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\Rick\AppData\Roaming\Mozilla\Extensions [2012/01/26 01:28:51 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\Rick\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com [2012/03/03 20:10:19 \| 000,000,000 \| ---D \| M] (Map status indicator) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{googl e:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chro me&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client =chrome&hl={language}&q={searchTerms}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Rick\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rick\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rick\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Wondershare Chrome Plugin (Enabled) = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\odoegbfnimkkocjoeoelkonmlfpbhlnc\2.2.0_0\npSVRChromePlugin.dll CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Rick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Rick\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - Extension: Ancient History Encyclopedia = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahggffalhoajbhlaogbplamaaghnncle\3_0\ CHR - Extension: Angry Birds = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: YouTube = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Ratchet & Clank Future 2 = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn\3_0\ CHR - Extension: avast! WebRep = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\ CHR - Extension: 60 Minutes = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\imjhdahelgojehmfmkmdfjcpfbglbfmj\0.60_0\ CHR - Extension: Skype Click to Call = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\ CHR - Extension: Google Play Books = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.3_0\ CHR - Extension: Wondershare YouTube Downloader = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\odoegbfnimkkocjoeoelkonmlfpbhlnc\2.2.0_0\ CHR - Extension: Wondershare YouTube Downloader = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\odoegbfnimkkocjoeoelkonmlfpbhlnc\2.2.0_0\.svn\text-base\.svn-base CHR - Extension: Gmail = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/06/02 12:53:42 \| 000,000,027 \| ---- \| M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Wondershare YouTube Downloader) - {133232D2-DAE3-4B6F-AAC2-17CD87495682} - C:\Program Files (x86)\Wondershare\AllMyTube\SVRIEPlugin.dll (Wondershare Software Co., Ltd.) O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [SSC Service Utility] C:\Program Files (x86)\SSC Service Utility\ssc_serv.exe (SSC Localization Group) O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare) O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems) O4 - Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\My Program.lnk = C:\Program Files (x86)\FingerPrint\FingerPrint.exe (Collobos Software) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html () O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html () O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.) O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.) O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.) O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.) O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.) O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.) O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1304800472071 (MUCatalogWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab (DLC Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBC6F3D2-75C5-4943-AD76-8E42EEED8E2F}: DhcpNameServer = 208.67.222.222 208.67.220.220 O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\qbwc - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/11/27 23:14:58 \| 000,002,132 \| R--- \| M] () - G:\autorun.dat -- [ CDFS ] O32 - AutoRun File - [2004/02/29 11:08:54 \| 000,262,656 \| R--- \| M] (RJL Software, Inc.) - G:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2006/11/27 23:14:59 \| 000,000,082 \| R--- \| M] () - G:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk ) O35:64bit:* - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/06/02 18:40:26 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\ESET [2012/06/02 18:34:51 \| 000,000,000 \| ---D \| C] -- C:\Users\Rick\AppData\Local\Adobe [2012/06/02 12:53:48 \| 000,000,000 \| ---D \| C] -- C:\$RECYCLE.BIN [2012/06/02 12:50:42 \| 000,000,000 \| ---D \| C] -- C:\Windows\temp [2012/06/02 12:35:56 \| 000,518,144 \| ---- \| C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/06/02 12:35:56 \| 000,406,528 \| ---- \| C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/06/02 12:35:56 \| 000,060,416 \| ---- \| C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/06/02 12:35:50 \| 000,000,000 \| ---D \| C] -- C:\Windows\ERDNT [2012/06/02 12:35:46 \| 000,000,000 \| ---D \| C] -- C:\Qoobox [2012/06/01 16:41:38 \| 000,000,000 \| ---D \| C] -- C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012/06/01 14:48:43 \| 000,057,976 \| R--- \| C] (GFI Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2012/05/31 14:28:35 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\MetaQuotes [2012/05/30 22:35:09 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\pazera-software [2012/05/25 16:55:45 \| 000,000,000 \| ---D \| C] -- C:\Users\Rick\AppData\Local\libimobiledevice [2012/05/19 12:06:00 \| 000,000,000 \| ---D \| C] -- C:\Users\Rick\AppData\Local\ArcSoft [2012/05/19 12:05:59 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\ArcSoft [2012/05/15 16:32:04 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/05/10 20:11:38 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1stWORKS Corporation [2012/05/10 20:11:34 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\1stWorks [2012/05/10 20:11:34 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\1stWORKS [2012/05/06 21:44:19 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Pandora [1 C:\Users\Rick\.tmp files -> C:\Users\Rick\.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/03 10:58:24 \| 000,021,872 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/03 10:58:24 \| 000,021,872 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/03 10:49:51 \| 000,000,000 \| ---- \| M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2012/06/03 10:49:48 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2012/06/03 10:49:37 \| 2515,886,080 \| -HS- \| M] () -- C:\hiberfil.sys [2012/06/02 21:46:26 \| 000,000,600 \| ---- \| M] () -- C:\Users\Rick\AppData\Roaming\winscp.rnd [2012/06/02 18:26:27 \| 000,876,830 \| ---- \| M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/06/02 18:26:27 \| 000,729,322 \| ---- \| M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/02 18:26:27 \| 000,147,280 \| ---- \| M] () -- C:\Windows\SysNative\perfc009.dat [2012/06/02 14:07:28 \| 000,000,082 \| ---- \| M] () -- C:\Users\Rick\Desktop\BLEKKO - How to Remove It-.url [2012/06/02 13:55:02 \| 000,031,470 \| ---- \| M] () -- C:\Users\Rick\AppData\Local\funmoods.crx [2012/06/02 13:26:09 \| 000,000,043 \| ---- \| M] () -- C:\Windows\WALLSTRT.INI [2012/06/02 12:53:42 \| 000,000,027 \| ---- \| M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/06/02 11:05:53 \| 000,000,081 \| ---- \| M] () -- C:\Users\Rick\Desktop\APOGEE.url [2012/06/01 16:34:04 \| 000,001,445 \| ---- \| M] () -- C:\Users\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/06/01 15:20:34 \| 000,001,196 \| ---- \| M] () -- C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/06/01 15:17:35 \| 000,001,072 \| ---- \| M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg [2012/06/01 14:30:55 \| 000,009,216 \| ---- \| M] () -- C:\Users\Rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/05/31 14:28:42 \| 000,001,983 \| ---- \| M] () -- C:\Users\Public\Desktop\OANDA - MetaTrader.lnk [2012/05/25 21:08:12 \| 000,000,975 \| ---- \| M] () -- C:\Users\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2012/05/24 20:25:15 \| 000,166,400 \| ---- \| M] () -- C:\Windows\SysWow64\mschrt20.oca [2012/05/24 20:25:15 \| 000,065,536 \| ---- \| M] () -- C:\Windows\SysWow64\MSDATGRD.oca [2012/05/24 20:25:13 \| 000,135,168 \| ---- \| M] () -- C:\Windows\SysWow64\MSCOMCT2.oca [2012/05/21 16:38:36 \| 000,000,077 \| ---- \| M] () -- C:\Users\Rick\Desktop\craigslist - manage posting.url [2012/05/18 22:57:48 \| 000,000,048 \| ---- \| M] () -- C:\Users\Rick\Desktop\MyP2P - Free Live Sports on your PC..url [2012/05/11 08:55:03 \| 002,424,320 \| ---- \| M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/05/10 20:11:42 \| 000,002,167 \| ---- \| M] () -- C:\Users\Public\Desktop\hotCommCL.lnk [2012/05/06 21:44:19 \| 000,000,861 \| ---- \| M] () -- C:\Users\Public\Desktop\Pandora.lnk [2012/05/06 15:39:30 \| 000,000,079 \| ---- \| M] () -- C:\Users\Rick\Desktop\Top 148 Free iPhone Apps » 148Apps » iPhone and iPod Touch Application Reviews and News.url [1 C:\Users\Rick\.tmp files -> C:\Users\Rick\.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/02 13:55:05 \| 000,031,470 \| ---- \| C] () -- C:\Users\Rick\AppData\Local\funmoods.crx [2012/06/02 12:35:56 \| 000,256,000 \| ---- \| C] () -- C:\Windows\PEV.exe [2012/06/02 12:35:56 \| 000,208,896 \| ---- \| C] () -- C:\Windows\MBR.exe [2012/06/02 12:35:56 \| 000,098,816 \| ---- \| C] () -- C:\Windows\sed.exe [2012/06/02 12:35:56 \| 000,080,412 \| ---- \| C] () -- C:\Windows\grep.exe [2012/06/02 12:35:56 \| 000,068,096 \| ---- \| C] () -- C:\Windows\zip.exe [2012/06/02 11:05:53 \| 000,000,081 \| ---- \| C] () -- C:\Users\Rick\Desktop\APOGEE.url [2012/06/01 16:34:04 \| 000,001,451 \| ---- \| C] () -- C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012/06/01 16:24:48 \| 000,000,082 \| ---- \| C] () -- C:\Users\Rick\Desktop\BLEKKO - How to Remove It-.url [2012/06/01 15:15:18 \| 000,001,072 \| ---- \| C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg [2012/05/25 21:08:12 \| 000,000,975 \| ---- \| C] () -- C:\Users\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2012/05/21 16:38:36 \| 000,000,077 \| ---- \| C] () -- C:\Users\Rick\Desktop\craigslist - manage posting.url [2012/05/18 22:57:48 \| 000,000,048 \| ---- \| C] () -- C:\Users\Rick\Desktop\MyP2P - Free Live Sports on your PC..url [2012/05/10 20:11:41 \| 000,015,360 \| ---- \| C] () -- C:\Windows\SysWow64\TSD32.DLL [2012/05/10 20:11:38 \| 000,002,167 \| ---- \| C] () -- C:\Users\Public\Desktop\hotCommCL.lnk [2012/05/06 15:39:30 \| 000,000,079 \| ---- \| C] () -- C:\Users\Rick\Desktop\Top 148 Free iPhone Apps » 148Apps » iPhone and iPod Touch Application Reviews and News.url [2012/03/10 02:20:53 \| 000,000,320 \| ---- \| C] () -- C:\Users\Rick\AppData\Roaming\SEC563431.trad [2012/03/10 02:20:39 \| 000,000,043 \| ---- \| C] () -- C:\Windows\WALLSTRT.INI [2012/03/02 22:09:52 \| 000,000,070 \| ---- \| C] () -- C:\Windows\ArticleAnnouncer.ini [2012/03/02 22:09:01 \| 000,000,754 \| ---- \| C] () -- C:\Windows\aainst.ini [2012/01/30 01:10:13 \| 000,000,600 \| ---- \| C] () -- C:\Users\Rick\AppData\Roaming\winscp.rnd [2012/01/28 16:41:47 \| 000,238,944 \| -H-- \| C] () -- C:\Windows\SysWow64\mlfcache.dat [2012/01/18 07:44:00 \| 010,920,984 \| ---- \| C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012/01/18 07:44:00 \| 000,336,408 \| ---- \| C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012/01/18 07:44:00 \| 000,104,472 \| ---- \| C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011/12/22 17:13:59 \| 000,000,384 \| ---- \| C] () -- C:\Users\Rick\AppData\Roaming\Xtend2_state.xml [2011/11/02 12:36:36 \| 000,175,616 \| ---- \| C] () -- C:\Windows\SysWow64\unrar.dll [2011/11/02 12:36:35 \| 000,000,038 \| ---- \| C] () -- C:\Windows\avisplitter.ini [2011/11/02 12:36:04 \| 000,007,680 \| ---- \| C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011/08/28 13:44:43 \| 000,000,358 \| RHS- \| C] () -- C:\ProgramData\ntuser.pol [2011/07/26 16:16:22 \| 000,000,017 \| ---- \| C] () -- C:\Windows\MovingPicture.ini [2011/07/26 15:23:34 \| 000,237,568 \| R--- \| C] () -- C:\Windows\SysWow64\qtmlClient.dll [2011/07/26 15:23:34 \| 000,000,000 \| ---- \| C] () -- C:\Windows\Graffiti5.2Pin.ini [2011/06/08 17:38:51 \| 000,139,264 \| ---- \| C] () -- C:\Windows\ShareBarData.dll [2011/06/03 18:15:36 \| 000,007,626 \| ---- \| C] () -- C:\Users\Rick\AppData\Local\Resmon.ResmonCfg [2011/05/26 18:38:27 \| 000,000,069 \| ---- \| C] () -- C:\Windows\easyicon.ini [2011/05/26 18:38:27 \| 000,000,030 \| ---- \| C] () -- C:\Windows\iconeasl.ini [2011/05/23 11:21:05 \| 000,000,056 \| -H-- \| C] () -- C:\ProgramData\ezsidmv.dat [2011/05/16 11:01:42 \| 000,009,216 \| ---- \| C] () -- C:\Users\Rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/05/05 19:44:55 \| 002,463,976 \| ---- \| C] () -- C:\Windows\SysWow64\NPSWF32.dll [2011/05/05 12:53:47 \| 000,000,535 \| ---- \| C] () -- C:\Windows\ODBCINST.INI [2011/05/05 12:53:47 \| 000,000,288 \| ---- \| C] () -- C:\Windows\ODBC.INI [2011/05/05 12:49:07 \| 000,006,550 \| ---- \| C] () -- C:\Windows\jautoexp.dat [2011/05/05 12:00:47 \| 000,000,090 \| ---- \| C] () -- C:\Windows\QBChanUtil_Trigger.ini [2011/05/05 01:00:30 \| 000,870,490 \| ---- \| C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/05/04 22:03:50 \| 000,000,000 \| ---- \| C] () -- C:\Windows\ativpsrm.bin [2010/07/05 07:37:06 \| 000,033,792 \| ---- \| C] () -- C:\Windows\SysWow64\dokan.dll ========== LOP Check ========== [2011/10/09 00:17:12 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\833D9DFA-BCCC-4C01-A878-17A88F2BB30F [2011/07/05 19:05:01 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\A5B37800-55DE-45B6-8B34-98CE44D7D618 [2011/06/21 09:54:51 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Acronis [2012/04/14 15:04:04 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\AnvSoft [2011/06/09 02:14:16 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Ashampoo [2011/11/30 23:22:17 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\calibre [2011/06/07 18:39:17 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Canon [2012/03/07 21:22:47 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\ChemTable Software [2011/05/07 11:30:34 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Cloudmark [2011/05/08 22:52:19 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1 [2012/02/29 18:11:39 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\DisplayFusion [2012/06/03 10:52:37 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Dropbox [2011/09/15 13:10:43 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\EPSON [2012/05/24 15:27:10 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\FileZilla [2012/04/14 14:03:11 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\gtk-2.0 [2012/04/14 13:51:48 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Gui4Cli [2012/01/29 23:36:40 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\HandBrake [2011/06/27 17:53:07 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\ISTool [2011/05/07 17:58:14 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Leadertech [2012/04/14 14:39:49 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Leawo [2011/06/14 18:17:47 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\LimeWire [2011/05/07 12:39:39 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Notepad++ [2011/12/16 17:26:10 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Participatory Culture Foundation [2012/05/30 22:40:33 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\PCF-VLC [2011/07/26 17:36:43 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\proDAD [2012/01/28 17:11:16 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\redsn0w [2011/05/26 15:35:21 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\ShellFolderFix [2011/05/05 02:19:53 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Stardock [2011/12/28 19:45:33 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\TeamViewer [2012/01/19 14:50:10 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\TechSmith [2011/11/15 20:12:10 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\TeraCopy [2012/04/14 14:40:52 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\tiger-k [2012/01/26 01:28:50 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\TomTom [2011/12/20 13:57:09 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\TradeMiner [2012/01/04 18:49:19 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\TradeMiner2 [2011/05/13 13:37:03 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\TradeStation Technologies [2012/05/30 00:45:38 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\uTorrent [2012/01/05 15:50:48 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Volcone Analyzer Pro [2011/05/15 14:21:12 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Watchtower [2012/04/20 09:00:15 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\webex [2011/06/20 21:23:37 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\WinPatrol [2012/04/09 10:37:18 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Wondershare [2012/06/02 21:12:07 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Xtend2.71305F52FFD36D9BDDE00284EF6181AE6688276A.1 [2011/08/28 13:46:55 \| 000,000,000 \| ---D \| M] -- C:\Users\Rick\AppData\Roaming\Zeon [2012/03/10 13:05:08 \| 000,032,640 \| ---- \| M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\.exe > < MD5 for: EXPLORER.EXE > [2011/02/26 00:19:21 \| 002,616,320 \| ---- \| M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011/02/25 01:19:30 \| 002,871,808 \| ---- \| M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe [2011/02/25 01:19:30 \| 002,871,808 \| ---- \| M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/02/25 01:19:30 \| 002,871,808 \| ---- \| M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 01:14:34 \| 002,871,808 \| ---- \| M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 22:24:25 \| 002,616,320 \| ---- \| M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011/02/25 00:30:54 \| 002,616,320 \| ---- \| M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/02/25 00:30:54 \| 002,616,320 \| ---- \| M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010/11/20 22:24:11 \| 002,872,320 \| ---- \| M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: SVCHOST.EXE > [2012/04/04 15:56:38 \| 000,199,240 \| ---- \| M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [2009/07/13 20:14:41 \| 000,020,992 \| ---- \| M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe [2009/07/13 20:14:41 \| 000,020,992 \| ---- \| M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009/07/13 20:14:41 \| 000,020,992 \| ---- \| M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2009/07/13 20:39:46 \| 000,027,136 \| ---- \| M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe [2009/07/13 20:39:46 \| 000,027,136 \| ---- \| M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe [2009/07/13 20:39:46 \| 000,027,136 \| ---- \| M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe < MD5 for: USERINIT.EXE > [2010/11/20 22:23:55 \| 000,026,624 \| ---- \| M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe [2010/11/20 22:23:55 \| 000,026,624 \| ---- \| M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 22:23:55 \| 000,026,624 \| ---- \| M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010/11/20 22:24:28 \| 000,030,720 \| ---- \| M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe [2010/11/20 22:24:28 \| 000,030,720 \| ---- \| M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/20 22:24:28 \| 000,030,720 \| ---- \| M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2012/04/04 15:56:38 \| 000,199,240 \| ---- \| M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010/11/20 22:24:29 \| 000,390,656 \| ---- \| M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe [2010/11/20 22:24:29 \| 000,390,656 \| ---- \| M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/20 22:24:29 \| 000,390,656 \| ---- \| M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < %systemroot%\. /rp /s > ========== Drive Information ========== Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media Interface type: IDE Media Type: Fixed hard disk media Model: WDC WD5002AALX-00J37A0 ATA Device Partitions: 2 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media Interface type: IDE Media Type: Fixed hard disk media Model: SAMSUNG HD753LJ ATA Device Partitions: 1 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE2 - External hard disk media Interface type: USB Media Type: External hard disk media Model: USB 3.0 MassStorage USB Device Partitions: 1 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE3 - Interface type: USB Media Type: Model: EPSON Stylus Storage USB Device Partitions: 0 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 245.00GB Starting Offset: 1048576 Hidden sectors: 0 DeviceID: Disk #0, Partition #1 PartitionType: Extended w/Extended Int 13 Bootable: False BootPartition: False PrimaryPartition: False Size: 221.00GB Starting Offset: 262879948800 Hidden sectors: 0 DeviceID: Disk #1, Partition #0 PartitionType: Extended w/Extended Int 13 Bootable: False BootPartition: False PrimaryPartition: False Size: 699.00GB Starting Offset: 28672 Hidden sectors: 0 DeviceID: Disk #2, Partition #0 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 298.00GB Starting Offset: 32256 Hidden sectors: 0 ========== Alternate Data Streams ========== @Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:9FBE2A28 @Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:F0A9F8B2 @Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:85FB0BBF @Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:F580541F @Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:D2F2F703 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:68FB068F @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:2B05BED0 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7D298E29 < End of report >

CatByte View Member Profile	Jun 3 2012, 11:32 AM Post #13
Classroom Administrator Group: Classroom Admin Posts: 19,743 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: XP, Vista, Win7	Hi, Those installers aren't really threats Eset is flagging the entry because of the way it bundles your download with other programs/toolbars that you need to opt out of in order to install the software you originally wanted from them. You've already installed the software, so you can go ahead and delete that executable from your desktop. It poses no active threat. Many installers are bundled with unwanted adware. we just need to do some housekeeping now P2P - I see you have P2P software µTorrent and the uTorrentBar Toolbar installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation. This page will give you further information. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. Please see this topic for more information: Perils of P2P File Sharing. I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Programs and Features. While you are in Programs and Features > remove the Java program from your system, then download and install the latest version Java 7 update 4 from here: http://java.com/en/download/index.jsp NEXT You can delete the DDS and aswMBR logs and programs from your desktop. NEXT Follow these steps to uninstall Combofix Make sure your security programs are totally disabled. Click START then RUN Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there. NEXT Clean up with OTL: Double-click OTL.exe to start the program. Close all other programs apart from OTL as this step will require a reboot On the OTL main screen, press the CLEANUP button Say Yes to the prompt and then allow the program to reboot your computer. If there are any logs/tools remaining on your desktop > right click and delete them. NEXT Below I have included a number of recommendations for how to protect your computer against malware infections. It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords. Keep Windows updated by regularly checking their website at : http://windowsupdate.microsoft.com/ This will ensure your computer has always the latest security updates available installed on your computer. Make Internet Explorer more secure Click Start > Run Type Inetcpl.cpl & click OK Click on the Security tab Click Reset all zones to default level Make sure the Internet Zone is selected & Click Custom level In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Next Click OK, then Apply button and then OK to exit the Internet Properties page. Download TFC to your desktop Close any open windows. Double click the TFC icon to run the program TFC will close all open programs itself in order to run, Click the Start button to begin the process. Allow TFC to run uninterrupted. The program should not take long to finish it's job Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean It's normal after running TFC cleaner that the PC will be slower to boot the first time. WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites: Green to go Yellow for caution Red to stop WOT has an addon available for both Firefox and IE Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article: PC Safety and Security--What Do I Need?. Thank you for your patience, and performing all of the procedures requested. Please respond one last time so we can consider the thread resolved and close it, thank-you.

Rixtertrader View Member Profile	Jun 3 2012, 05:27 PM Post #14
New Member Group: Authentic Member Posts: 19 Joined: 1-June 12 Member No.: 100,456 Operating System: Windows 7 Ultimate	Greetings! I know you are not passing judgement and I appreciate that. But I should at least let you know about my Utorrent. Utorrent did not have anything to do with my current situation because the only thing I use it for is my video membership. They are TV shows in AVI format that are shown on public TV and can be viewed on HULU and other sites like this. No movies. No software. Nothing like that. We're really strict around here about that. Okay, on to the housekeeping stuff. As soon as I get that completed I'll post the results. Thanks! Rixter

CatByte View Member Profile	Jun 3 2012, 05:38 PM Post #15
Classroom Administrator Group: Classroom Admin Posts: 19,743 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: XP, Vista, Win7	QUOTE No movies. No software. Nothing like that. We're really strict around here about that.

« Next Oldest · Virus, Spyware & Malware Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
Virus, Spyware & Malware Removal Help Remove Locators.com	6	sarah	2,413	31st January 2004 - 12:20 PM Last post by: cnm
Virus, Spyware & Malware Removal Remove What ? Please....	4	richard hagen	1,919	10th February 2004 - 03:57 PM Last post by: Daemon
Virus, Spyware & Malware Removal How To Remove This Tq!	0	tobarret	4,621	23rd August 2007 - 09:46 PM Last post by: tobarret
Virus, Spyware & Malware Removal Help Me Remove Spyware!	10	joeoas1	2,191	30th March 2004 - 12:24 AM Last post by: Daemon
Virus, Spyware & Malware Removal Help Me Remove Porn Popups From My Boss' Computer	7	DCguy	3,412	8th June 2004 - 12:32 PM Last post by: k3dc