WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93125 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Can not load g-mail or goole on any pc in house [Solved]

Started by macdoo , Feb 16 2012 06:19 AM

This topic is locked

128 replies to this topic

#106 macdoo

Authentic Member

Authentic Member
70 posts

Posted 01 March 2012 - 08:48 PM

ComboFix 12-03-01.02 - Ted 03/01/2012 21:18:15.1.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1788.979 [GMT -5:00] Running from: c:\users\Ted\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\FunWebProducts c:\program files (x86)\FunWebProducts\Installr\1.bin\F3EZSETP.DLL c:\program files (x86)\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL c:\program files (x86)\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL c:\program files (x86)\FunWebProducts\Installr\8.bin\F3EZSETP.DLL c:\program files (x86)\FunWebProducts\Installr\8.bin\F3PLUGIN.DLL c:\program files (x86)\FunWebProducts\Installr\8.bin\NPFUNWEB.DLL c:\program files (x86)\MyWebSearch c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat c:\program files (x86)\Search Toolbar c:\program files (x86)\Search Toolbar\SearchToolbar.dll c:\users\Ted\AppData\Roaming\Local c:\users\Ted\AppData\Roaming\Local\Temp\DDM\Settings\.ddr c:\users\Ted\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr c:\users\Ted\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2) c:\users\Ted\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp c:\users\Ted\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp c:\users\Ted\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4).ddp c:\users\Ted\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(5).ddp c:\users\Ted\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(6).ddp c:\users\Ted\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(7).ddp c:\users\Ted\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(8).ddp c:\users\Ted\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp c:\users\Ted\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx c:\users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\searchplugins\bing-zugo.xml c:\users\Ted\g2mdlhlpx.exe c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-02-02 to 2012-03-02 ))))))))))))))))))))))))))))))) . . 2012-03-02 02:29 . 2012-03-02 02:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-02 01:18 . 2012-03-02 02:09 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-28 06:01 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{424D5B13-469F-4BF3-9500-5D8BDF69DE9F}\mpengine.dll 2012-02-22 21:27 . 2012-02-22 21:28 -------- d-----w- c:\users\Ted\AppData\Local\Facebook . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-29 10:10 . 2010-05-09 00:50 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480] "Facebook Update"="c:\users\Ted\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-02-22 137536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "dplaysvr"="c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe" [2012-02-19 70656] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "dplaysvr"="c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe" [2012-02-19 70656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-28 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-28 136176] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640] S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-03-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001Core.job - c:\users\Ted\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-22 21:27] . 2012-03-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001UA.job - c:\users\Ted\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-22 21:27] . 2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-28 15:14] . 2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-28 15:14] . 2012-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001Core.job - c:\users\Ted\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-09 20:39] . 2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001UA.job - c:\users\Ted\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-09 20:39] . 2012-02-28 c:\windows\Tasks\HPCeeScheduleForTed.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-31 171520] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://start.facemoods.com/?a=make uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 68.238.112.12 FF - ProfilePath - c:\users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319576&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z022&form=ZGAPHP FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z022&form=ZGAADF&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Freemake Video Converter Plugin: fmconverter@gmail.com - c:\program files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-HPADVISOR - c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe Wow6432Node-HKLM-Run-DivX Download Manager - c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\program files (x86)\Logitech\LWS\LU\LULnchr.exe c:\program files (x86)\Logitech\LWS\LU\LogitechUpdate.exe . ************************************************************************** . Completion time: 2012-03-01 21:48:04 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-02 02:47 . Pre-Run: 163,057,868,800 bytes free Post-Run: 164,163,403,776 bytes free . - - End Of File - - 2DC084AF38EC8105CA745A272B53C456

Advertisements

Register to Remove

#107 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 01 March 2012 - 09:10 PM

Hi macdoo,

Please follow all previous instructions regarding security programs.

Open a new Notepad session

Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.
Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

File::
c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"dplaysvr"=-
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"dplaysvr"=-

In the notepad

Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
Click save

Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Posted Image

Please post back with the combofix log.

how's the computer?

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#108 macdoo

Authentic Member

Authentic Member
70 posts

Posted 01 March 2012 - 09:14 PM

this comp has window 7 so I click start but don't see run. Sorry HELP HA HA got it by adding it to start menu. I feel smart.

Edited by macdoo, 01 March 2012 - 09:20 PM.

#109 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 01 March 2012 - 09:34 PM

Hi macdoo, Good job.

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#110 macdoo

Authentic Member

Authentic Member
70 posts

Posted 01 March 2012 - 09:44 PM

this computer seems ok now but the laptop you just fixed two days ago (right beside this one) is still not doing gmail or google. I know we are not done yet but just thought i'd let ya know. ComboFix 12-03-01.02 - Ted 03/01/2012 22:23:48.2.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1788.896 [GMT -5:00] Running from: c:\users\Ted\Desktop\ComboFix.exe Command switches used :: c:\users\Ted\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe" . . ((((((((((((((((((((((((( Files Created from 2012-02-02 to 2012-03-02 ))))))))))))))))))))))))))))))) . . 2012-03-02 03:30 . 2012-03-02 03:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-02 01:18 . 2012-03-02 02:09 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-28 06:01 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{424D5B13-469F-4BF3-9500-5D8BDF69DE9F}\mpengine.dll 2012-02-22 21:27 . 2012-02-22 21:28 -------- d-----w- c:\users\Ted\AppData\Local\Facebook . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-29 10:10 . 2010-05-09 00:50 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-03-02_02.34.54 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-31 02:06 . 2012-03-02 03:35 51540 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-03-02 02:36 64580 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-05-09 02:56 . 2012-03-02 02:37 21012 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1715033351-2653626177-837647883-1001_UserData.bin + 2010-05-09 00:36 . 2012-03-02 03:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-05-09 00:36 . 2012-03-02 02:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-05-09 00:36 . 2012-03-02 03:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-05-09 00:36 . 2012-03-02 02:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-03-02 02:30 . 2012-03-02 02:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-03-02 03:32 . 2012-03-02 03:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-03-02 02:30 . 2012-03-02 02:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-03-02 03:32 . 2012-03-02 03:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2012-03-02 02:30 310184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-03-02 03:31 310184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480] "Facebook Update"="c:\users\Ted\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-02-22 137536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "dplaysvr"="c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe" [2012-02-19 70656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-28 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-28 136176] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640] S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-03-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001Core.job - c:\users\Ted\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-22 21:27] . 2012-03-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001UA.job - c:\users\Ted\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-22 21:27] . 2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-28 15:14] . 2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-28 15:14] . 2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001Core.job - c:\users\Ted\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-09 20:39] . 2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001UA.job - c:\users\Ted\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-09 20:39] . 2012-02-28 c:\windows\Tasks\HPCeeScheduleForTed.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-31 171520] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048] . ------- Supplementary Scan ------- . uStart Page = hxxp://start.facemoods.com/?a=make uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 68.238.112.12 FF - ProfilePath - c:\users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319576&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z022&form=ZGAPHP FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z022&form=ZGAADF&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Freemake Video Converter Plugin: fmconverter@gmail.com - c:\program files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe c:\windows\SysWOW64\config\systemprofile\AppData\Local\dplaysvr.exe c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Completion time: 2012-03-01 22:39:21 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-02 03:39 ComboFix2.txt 2012-03-02 02:48 . Pre-Run: 164,209,045,504 bytes free Post-Run: 164,154,695,680 bytes free . - - End Of File - - B057677304CF1C21157658DF2FDB89EF

#111 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 01 March 2012 - 10:06 PM

Hi macdoo,

Ok, I was about to ask about it. We'll have another look at the laptop later.

Back to this one.

Let's take another look with OTL.

Rerun OTL. Check the box beside "scan all users" and click the quick scan button. Post the log. I'm off to work so I'll have a look at the log when I return.

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#112 macdoo

Authentic Member

Authentic Member
70 posts

Posted 01 March 2012 - 10:13 PM

Goog timing. I'm off to bed. Might not have to work tomorrow so hopefully we can knock this out. Here's log

OTL logfile created on: 3/1/2012 11:08:28 PM - Run 4
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Ted\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 48.15% Memory free
3.49 Gb Paging File | 2.02 Gb Available in Paging File | 57.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.37 Gb Total Space | 152.95 Gb Free Space | 70.04% Space Free | Partition Type: NTFS
Drive D: | 14.22 Gb Total Space | 2.35 Gb Free Space | 16.51% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 95.71 Mb Free Space | 96.50% Space Free | Partition Type: FAT32
Drive F: | 7.64 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: TED-PC | User Name: Ted | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ted\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Ted\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\SDL.dll ()
MOD - C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (LVUVC64) Logitech HD Webcam C270(UVC) -- C:\Windows\SysNative\drivers\LVUVC64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D6C1EDDB-D7C6-4FF0-A3FF-579F83D96E45}
IE:64bit: - HKLM\..\SearchScopes\{7793487D-1681-4769-97EE-D9AED5FAB8E8}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE:64bit: - HKLM\..\SearchScopes\{D6C1EDDB-D7C6-4FF0-A3FF-579F83D96E45}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {D6C1EDDB-D7C6-4FF0-A3FF-579F83D96E45}
IE - HKLM\..\SearchScopes\{7793487D-1681-4769-97EE-D9AED5FAB8E8}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKLM\..\SearchScopes\{D6C1EDDB-D7C6-4FF0-A3FF-579F83D96E45}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1715033351-2653626177-837647883-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=make
IE - HKU\..\SearchScopes,DefaultScope = {D6C1EDDB-D7C6-4FF0-A3FF-579F83D96E45}
IE - HKU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...{...hTerms}&f=4
IE - HKU\..\SearchScopes\{2005ACD9-727B-38B0-19F6-BE95434160E8}: "URL" = http://www.bing.com/...amp;form=ZGAIDF
IE - HKU\..\SearchScopes\{7793487D-1681-4769-97EE-D9AED5FAB8E8}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKU\..\SearchScopes\{D6C1EDDB-D7C6-4FF0-A3FF-579F83D96E45}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\..\SearchScopes\{F6066676-1EEB-BD50-8DCD-39409136EB4C}: "URL" = http://www.bing.com/...amp;form=ZGAIDF
IE - HKU\S-1-5-21-1715033351-2653626177-837647883-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Free TV Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/...22&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: fmconverter@gmail.com:1.0.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ted\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ted\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ted\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ted\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ted\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/01/25 04:59:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/26 14:50:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/18 05:57:58 | 000,000,000 | ---D | M]

[2010/05/08 20:11:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ted\AppData\Roaming\Mozilla\Extensions
[2012/02/29 21:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions
[2011/03/26 09:24:07 | 000,000,000 | ---D | M] (ShopToWin2) -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}
[2011/03/26 09:23:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\engine@conduit.com
[2011/03/26 09:24:05 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\piclens@cooliris.com
[2011/03/26 09:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\extensionManager
[2012/02/29 18:46:33 | 000,001,393 | ---- | M] () -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\searchplugins\ajaxwhois-domain-search.xml
[2012/02/29 21:33:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/08 23:19:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/10 13:49:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/06/21 10:22:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/01/25 04:59:04 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/25 04:59:38 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

========== Chrome ==========

CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = http://start.facemoo...{...hTerms}&f=4
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Ted\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Ted\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Freemake Video Converter = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: Gmail = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2012/03/01 22:34:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1715033351-2653626177-837647883-1001..\Run: [Facebook Update] C:\Users\Ted\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1715033351-2653626177-837647883-1001..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1715033351-2653626177-837647883-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1715033351-2653626177-837647883-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715033351-2653626177-837647883-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.112.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62E99ED4-21AE-4C60-BF80-905DEF8BAF1D}: DhcpNameServer = 192.168.1.1 68.238.112.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/16 01:52:08 | 000,000,073 | R--- | M] () - F:\AUTORUN.INF -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/01 22:39:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/01 21:16:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/01 21:16:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/01 21:16:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/01 21:16:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/01 21:16:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/01 21:15:24 | 004,424,671 | R--- | C] (Swearware) -- C:\Users\Ted\Desktop\ComboFix.exe
[2012/03/01 20:18:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/01 20:16:07 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ted\Desktop\tdsskiller.exe
[2012/03/01 18:02:14 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Ted\Desktop\OTL.exe
[2012/03/01 17:48:47 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Ted\Desktop\aswMBR.exe
[2012/02/22 16:27:53 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\Facebook
[2012/02/16 15:50:27 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\{780E1EAB-4F24-4977-B006-5F550A1077C4}
[2012/02/16 15:50:05 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\{99712C03-8F46-4B4F-80B1-FC040550C60F}
[2012/02/16 15:46:51 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\{020A6D07-6CD8-439F-9A84-BCC2F7E4C2D0}
[2012/02/16 15:46:41 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\{BCBF0D45-80DE-4975-AA65-03A248DEA8C5}
[2012/02/03 20:07:08 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\{0AF6D657-A8D4-4EC1-87BF-8831D761178F}

========== Files - Modified Within 30 Days ==========

[2012/03/01 23:09:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/01 23:00:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001UA.job
[2012/03/01 22:42:02 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/01 22:42:02 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/01 22:34:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/01 22:34:25 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/01 22:33:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001UA.job
[2012/03/01 22:32:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/01 22:32:24 | 1406,296,064 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/01 22:00:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001Core.job
[2012/03/01 21:15:48 | 004,424,671 | R--- | M] (Swearware) -- C:\Users\Ted\Desktop\ComboFix.exe
[2012/03/01 20:57:25 | 000,000,529 | ---- | M] () -- C:\Users\Ted\Desktop\MBR (2).zip
[2012/03/01 20:57:00 | 000,000,512 | ---- | M] () -- C:\Users\Ted\Desktop\MBR.dat
[2012/03/01 20:26:20 | 000,001,075 | ---- | M] () -- C:\Users\Ted\Desktop\TDSSKiller.2.7.17.0_01.03.2012_20.17.14_log - Shortcut.lnk
[2012/03/01 20:16:22 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ted\Desktop\tdsskiller.exe
[2012/03/01 18:02:22 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Ted\Desktop\OTL.exe
[2012/03/01 18:01:51 | 000,000,580 | ---- | M] () -- C:\Users\Ted\Desktop\MBR.zip
[2012/03/01 17:49:12 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Ted\Desktop\aswMBR.exe
[2012/03/01 16:33:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001Core.job
[2012/03/01 06:58:45 | 029,606,317 | ---- | M] () -- C:\Users\Ted\Documents\The Illuminati's greatest human enemy. Who is working the machine..mp4
[2012/03/01 06:23:07 | 097,086,188 | ---- | M] () -- C:\Users\Ted\Documents\David Icke-Brilliant Speech.mp4
[2012/02/29 20:17:06 | 1312,231,438 | ---- | M] () -- C:\Users\Ted\Documents\Rammstein- Live aus Berlin-1 link full video-HQ.mp4
[2012/02/29 05:17:51 | 048,442,644 | ---- | M] () -- C:\Users\Ted\Documents\Gun Rights vs. Voting Rights in America.mp4
[2012/02/28 18:21:29 | 566,845,967 | ---- | M] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 4).mp4
[2012/02/28 17:03:22 | 555,600,430 | ---- | M] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 3).mp4
[2012/02/28 14:45:21 | 105,293,618 | ---- | M] () -- C:\Users\Ted\Documents\Movement I DON'T PAY is spreading across Europe (english subs).mp4
[2012/02/28 14:11:02 | 554,484,464 | ---- | M] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 2).mp4
[2012/02/28 08:46:39 | 011,084,510 | ---- | M] () -- C:\Users\Ted\Documents\Ron Paul Speaks To John Stossel About Illegal Immigration and Amnesty.mp4
[2012/02/28 08:12:41 | 024,020,530 | ---- | M] () -- C:\Users\Ted\Documents\US Dollar - Sabotaged by Design.mp4
[2012/02/28 07:53:41 | 027,498,265 | ---- | M] () -- C:\Users\Ted\Documents\Robert Fisk reveals the U.S. dollar's demise!.mp4
[2012/02/28 07:45:48 | 073,211,844 | ---- | M] () -- C:\Users\Ted\Documents\Engdahl- Greek bailout terms remind of Hitler.mp4
[2012/02/27 19:07:10 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTed.job
[2012/02/27 17:44:22 | 559,288,807 | ---- | M] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 1).mp4
[2012/02/27 14:17:05 | 046,251,650 | ---- | M] () -- C:\Users\Ted\Documents\NATO Bombs Peace Conference To Prevent Reconciliation In Libya.mp4
[2012/02/27 07:06:43 | 020,793,801 | ---- | M] () -- C:\Users\Ted\Documents\26.08.2011 Putin Slams NATO- West Has no Legal Right to Execute Gaddafi.mp4
[2012/02/27 06:56:57 | 043,659,600 | ---- | M] () -- C:\Users\Ted\Documents\Putin assassination plan foiled by joint special forces op [27-Feb-12 © RT].mp4
[2012/02/27 06:19:40 | 009,274,180 | ---- | M] () -- C:\Users\Ted\Documents\IRAN US Military Intelligence- Iran To RESPOND But Not Provoke Or Initiate Attack On West.mp4
[2012/02/27 06:13:09 | 042,070,755 | ---- | M] () -- C:\Users\Ted\Documents\Cyber War Threat US to fight enemy it created itself ! [Â© RT].mp4.mp4
[2012/02/26 17:29:37 | 078,429,815 | ---- | M] () -- C:\Users\Ted\Documents\Arming Al-Qaeda- US to pump weapons into Syria warzone..mp4
[2012/02/26 17:12:03 | 034,597,824 | ---- | M] () -- C:\Users\Ted\Documents\RT- Veterans For Ron Paul March On The White House Completely Ignored By MSM.mp4
[2012/02/26 16:55:42 | 029,021,942 | ---- | M] () -- C:\Users\Ted\Documents\Why US drone attacks kill so many civilians in Afghanistan.! - RT 100105.mp4
[2012/02/26 16:43:52 | 026,063,381 | ---- | M] () -- C:\Users\Ted\Documents\Italian military paying Taliban protection fee in Afghanistan - RT 100105.mp4
[2012/02/26 04:46:15 | 125,967,297 | ---- | M] () -- C:\Users\Ted\Documents\Obama's apology isn't enough for Afghans.mp4
[2012/02/22 14:41:48 | 1106,774,016 | ---- | M] () -- C:\Users\Ted\Documents\Eddie Murphy - RAW (Full! 90 min) [STAND UP] {Legendado PT-BR}.mpg
[2012/02/22 07:43:05 | 751,482,880 | ---- | M] () -- C:\Users\Ted\Documents\Eddie Murphy - Delirious Full Movie Comedy Stand up.mpg
[2012/02/20 14:21:07 | 000,000,000 | ---- | M] () -- C:\Users\Ted\Desktop\TSHIRT.bmp
[2012/02/19 12:12:08 | 046,965,148 | ---- | M] () -- C:\Users\Ted\Documents\Joker's greatest joke ever - Joker's best moments from Justice League Wild Cards.mp4
[2012/02/16 23:25:03 | 030,939,136 | ---- | M] () -- C:\Users\Ted\Documents\From My Cold Dead Hands- FIGHT THE UN SMALL ARMS TREATY!.mpg
[2012/02/16 15:50:26 | 000,002,112 | ---- | M] () -- C:\Users\Ted\Documents\My Movie.wlmp
[2012/02/16 12:11:09 | 000,002,300 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/02/16 03:29:07 | 000,349,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/16 03:06:07 | 000,746,568 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/16 03:06:07 | 000,628,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/16 03:06:07 | 000,108,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/16 03:03:28 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/02/14 18:03:04 | 112,444,674 | ---- | M] () -- C:\Users\Ted\Documents\Iran declares Israel bombed its own embassy.mp4
[2012/02/13 18:42:33 | 033,720,263 | ---- | M] () -- C:\Users\Ted\Documents\Judge Napolitano- What if the President secretly wants to decrease the population. .mp4
[2012/02/11 16:17:21 | 000,016,384 | ---- | M] () -- C:\Users\Ted\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/10 18:26:12 | 171,671,552 | ---- | M] () -- C:\Users\Ted\Documents\The Truth About Libya, Gaddafi, and the illuminati -- PART 3.mpg
[2012/02/10 18:15:43 | 084,099,072 | ---- | M] () -- C:\Users\Ted\Documents\The Truth About Libya, Gaddafi, and the illuminati -- PART 2.mpg
[2012/02/10 18:11:13 | 130,314,163 | ---- | M] () -- C:\Users\Ted\Documents\The Truth About Libya, Gaddafi, and the illuminati new world order PT 1.mp4
[2012/02/10 04:12:59 | 092,242,723 | ---- | M] () -- C:\Users\Ted\Documents\'Syria, prelude to full scale war on Iran'.mp4
[2012/02/09 18:06:49 | 009,037,824 | ---- | M] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 4).mpg
[2012/02/09 18:02:49 | 017,676,288 | ---- | M] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 3).mpg
[2012/02/09 17:59:06 | 021,514,240 | ---- | M] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 2).mpg
[2012/02/09 02:24:48 | 013,727,744 | ---- | M] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 1).mpg
[2012/02/09 01:52:24 | 043,536,576 | ---- | M] () -- C:\Users\Ted\Documents\Iran at War with Israel and America..mp4
[2012/02/09 01:42:44 | 002,684,928 | ---- | M] () -- C:\Users\Ted\Documents\Iran attack.mpg
[2012/02/08 17:01:31 | 129,583,104 | ---- | M] () -- C:\Users\Ted\Documents\ECONOMIC COLLAPSE- Million Dollar Homes Badly Vandalised.mpg
[2012/02/08 16:30:45 | 029,382,656 | ---- | M] () -- C:\Users\Ted\Documents\MAKE VIRAL - Potential USS Enterprise False Flag Operation....mpg
[2012/02/08 13:27:56 | 018,335,744 | ---- | M] () -- C:\Users\Ted\Documents\The decline of America.mpg
[2012/02/07 07:10:33 | 061,759,488 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 10.mpg
[2012/02/07 07:09:15 | 084,449,280 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 9.mpg
[2012/02/07 06:54:18 | 083,034,112 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 8.mpg
[2012/02/07 06:52:30 | 075,280,384 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 7.mpg
[2012/02/07 06:50:23 | 094,457,856 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 6.mpg
[2012/02/07 06:46:02 | 091,342,848 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 5.mpg
[2012/02/07 06:42:56 | 081,702,912 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 4.mpg
[2012/02/07 06:39:12 | 056,938,496 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 3.mpg
[2012/02/07 06:37:23 | 075,126,784 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 2.mpg
[2012/02/07 06:33:58 | 075,816,960 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 1.mpg
[2012/02/07 04:58:44 | 1829,611,520 | ---- | M] () -- C:\Users\Ted\Documents\David Icke- The London-Rome Beltane Ritual 2011 (full version).mpg
[2012/02/06 12:53:55 | 064,983,040 | ---- | M] () -- C:\Users\Ted\Documents\Eternal Disgrace- US politicians display gross ignorance [5-Feb-12 © RT].mpg
[2012/02/04 18:17:36 | 000,013,614 | ---- | M] () -- C:\Users\Ted\Documents\y-u-no-guy.jpg

========== Files Created - No Company Name ==========

[2012/03/01 21:16:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/01 21:16:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/01 21:16:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/01 21:16:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/01 21:16:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/01 20:57:25 | 000,000,529 | ---- | C] () -- C:\Users\Ted\Desktop\MBR (2).zip
[2012/03/01 20:57:00 | 000,000,512 | ---- | C] () -- C:\Users\Ted\Desktop\MBR.dat
[2012/03/01 20:26:20 | 000,001,075 | ---- | C] () -- C:\Users\Ted\Desktop\TDSSKiller.2.7.17.0_01.03.2012_20.17.14_log - Shortcut.lnk
[2012/03/01 18:01:51 | 000,000,580 | ---- | C] () -- C:\Users\Ted\Desktop\MBR.zip
[2012/03/01 06:57:33 | 029,606,317 | ---- | C] () -- C:\Users\Ted\Documents\The Illuminati's greatest human enemy. Who is working the machine..mp4
[2012/03/01 06:17:36 | 097,086,188 | ---- | C] () -- C:\Users\Ted\Documents\David Icke-Brilliant Speech.mp4
[2012/02/29 18:28:25 | 1312,231,438 | ---- | C] () -- C:\Users\Ted\Documents\Rammstein- Live aus Berlin-1 link full video-HQ.mp4
[2012/02/29 05:13:14 | 048,442,644 | ---- | C] () -- C:\Users\Ted\Documents\Gun Rights vs. Voting Rights in America.mp4
[2012/02/28 17:36:25 | 566,845,967 | ---- | C] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 4).mp4
[2012/02/28 16:24:04 | 555,600,430 | ---- | C] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 3).mp4
[2012/02/28 14:30:43 | 105,293,618 | ---- | C] () -- C:\Users\Ted\Documents\Movement I DON'T PAY is spreading across Europe (english subs).mp4
[2012/02/28 13:35:03 | 554,484,464 | ---- | C] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 2).mp4
[2012/02/28 08:46:13 | 011,084,510 | ---- | C] () -- C:\Users\Ted\Documents\Ron Paul Speaks To John Stossel About Illegal Immigration and Amnesty.mp4
[2012/02/28 08:11:26 | 024,020,530 | ---- | C] () -- C:\Users\Ted\Documents\US Dollar - Sabotaged by Design.mp4
[2012/02/28 07:52:21 | 027,498,265 | ---- | C] () -- C:\Users\Ted\Documents\Robert Fisk reveals the U.S. dollar's demise!.mp4
[2012/02/28 07:41:19 | 073,211,844 | ---- | C] () -- C:\Users\Ted\Documents\Engdahl- Greek bailout terms remind of Hitler.mp4
[2012/02/27 16:59:39 | 559,288,807 | ---- | C] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 1).mp4
[2012/02/27 14:14:35 | 046,251,650 | ---- | C] () -- C:\Users\Ted\Documents\NATO Bombs Peace Conference To Prevent Reconciliation In Libya.mp4
[2012/02/27 07:05:49 | 020,793,801 | ---- | C] () -- C:\Users\Ted\Documents\26.08.2011 Putin Slams NATO- West Has no Legal Right to Execute Gaddafi.mp4
[2012/02/27 06:53:59 | 043,659,600 | ---- | C] () -- C:\Users\Ted\Documents\Putin assassination plan foiled by joint special forces op [27-Feb-12 © RT].mp4
[2012/02/27 06:19:16 | 009,274,180 | ---- | C] () -- C:\Users\Ted\Documents\IRAN US Military Intelligence- Iran To RESPOND But Not Provoke Or Initiate Attack On West.mp4
[2012/02/27 06:10:51 | 042,070,755 | ---- | C] () -- C:\Users\Ted\Documents\Cyber War Threat US to fight enemy it created itself ! [Â© RT].mp4.mp4
[2012/02/26 17:24:01 | 078,429,815 | ---- | C] () -- C:\Users\Ted\Documents\Arming Al-Qaeda- US to pump weapons into Syria warzone..mp4
[2012/02/26 17:09:53 | 034,597,824 | ---- | C] () -- C:\Users\Ted\Documents\RT- Veterans For Ron Paul March On The White House Completely Ignored By MSM.mp4
[2012/02/26 16:54:29 | 029,021,942 | ---- | C] () -- C:\Users\Ted\Documents\Why US drone attacks kill so many civilians in Afghanistan.! - RT 100105.mp4
[2012/02/26 16:42:28 | 026,063,381 | ---- | C] () -- C:\Users\Ted\Documents\Italian military paying Taliban protection fee in Afghanistan - RT 100105.mp4
[2012/02/26 04:37:45 | 125,967,297 | ---- | C] () -- C:\Users\Ted\Documents\Obama's apology isn't enough for Afghans.mp4
[2012/02/22 16:28:02 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001UA.job
[2012/02/22 16:28:00 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001Core.job
[2012/02/22 14:10:39 | 1106,774,016 | ---- | C] () -- C:\Users\Ted\Documents\Eddie Murphy - RAW (Full! 90 min) [STAND UP] {Legendado PT-BR}.mpg
[2012/02/22 07:26:44 | 751,482,880 | ---- | C] () -- C:\Users\Ted\Documents\Eddie Murphy - Delirious Full Movie Comedy Stand up.mpg
[2012/02/20 14:21:07 | 000,000,000 | ---- | C] () -- C:\Users\Ted\Desktop\TSHIRT.bmp
[2012/02/19 12:09:55 | 046,965,148 | ---- | C] () -- C:\Users\Ted\Documents\Joker's greatest joke ever - Joker's best moments from Justice League Wild Cards.mp4
[2012/02/16 23:24:05 | 030,939,136 | ---- | C] () -- C:\Users\Ted\Documents\From My Cold Dead Hands- FIGHT THE UN SMALL ARMS TREATY!.mpg
[2012/02/16 03:03:28 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/02/14 17:55:11 | 112,444,674 | ---- | C] () -- C:\Users\Ted\Documents\Iran declares Israel bombed its own embassy.mp4
[2012/02/13 18:40:41 | 033,720,263 | ---- | C] () -- C:\Users\Ted\Documents\Judge Napolitano- What if the President secretly wants to decrease the population. .mp4
[2012/02/10 18:17:17 | 171,671,552 | ---- | C] () -- C:\Users\Ted\Documents\The Truth About Libya, Gaddafi, and the illuminati -- PART 3.mpg
[2012/02/10 18:12:55 | 084,099,072 | ---- | C] () -- C:\Users\Ted\Documents\The Truth About Libya, Gaddafi, and the illuminati -- PART 2.mpg
[2012/02/10 18:03:21 | 130,314,163 | ---- | C] () -- C:\Users\Ted\Documents\The Truth About Libya, Gaddafi, and the illuminati new world order PT 1.mp4
[2012/02/10 04:07:13 | 092,242,723 | ---- | C] () -- C:\Users\Ted\Documents\'Syria, prelude to full scale war on Iran'.mp4
[2012/02/09 18:06:31 | 009,037,824 | ---- | C] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 4).mpg
[2012/02/09 18:02:18 | 017,676,288 | ---- | C] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 3).mpg
[2012/02/09 17:58:35 | 021,514,240 | ---- | C] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 2).mpg
[2012/02/09 02:24:32 | 013,727,744 | ---- | C] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 1).mpg
[2012/02/09 01:49:58 | 043,536,576 | ---- | C] () -- C:\Users\Ted\Documents\Iran at War with Israel and America..mp4
[2012/02/09 01:42:40 | 002,684,928 | ---- | C] () -- C:\Users\Ted\Documents\Iran attack.mpg
[2012/02/08 16:55:05 | 129,583,104 | ---- | C] () -- C:\Users\Ted\Documents\ECONOMIC COLLAPSE- Million Dollar Homes Badly Vandalised.mpg
[2012/02/08 16:29:54 | 029,382,656 | ---- | C] () -- C:\Users\Ted\Documents\MAKE VIRAL - Potential USS Enterprise False Flag Operation....mpg
[2012/02/08 13:27:32 | 018,335,744 | ---- | C] () -- C:\Users\Ted\Documents\The decline of America.mpg
[2012/02/07 07:09:53 | 061,759,488 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 10.mpg
[2012/02/07 07:08:13 | 084,449,280 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 9.mpg
[2012/02/07 06:53:22 | 083,034,112 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 8.mpg
[2012/02/07 06:51:18 | 075,280,384 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 7.mpg
[2012/02/07 06:49:24 | 094,457,856 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 6.mpg
[2012/02/07 06:45:03 | 091,342,848 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 5.mpg
[2012/02/07 06:42:02 | 081,702,912 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 4.mpg
[2012/02/07 06:38:11 | 056,938,496 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 3.mpg
[2012/02/07 06:36:03 | 075,126,784 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 2.mpg
[2012/02/07 06:32:51 | 075,816,960 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 1.mpg
[2012/02/07 04:23:25 | 1829,611,520 | ---- | C] () -- C:\Users\Ted\Documents\David Icke- The London-Rome Beltane Ritual 2011 (full version).mpg
[2012/02/06 12:52:25 | 064,983,040 | ---- | C] () -- C:\Users\Ted\Documents\Eternal Disgrace- US politicians display gross ignorance [5-Feb-12 © RT].mpg
[2012/02/04 18:17:20 | 000,013,614 | ---- | C] () -- C:\Users\Ted\Documents\y-u-no-guy.jpg
[2011/06/09 16:33:27 | 000,016,384 | ---- | C] () -- C:\Users\Ted\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/04/01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/04/01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/03/07 18:53:26 | 000,000,183 | ---- | C] () -- C:\Windows\Earthquake3D.ini
[2011/01/21 22:39:55 | 000,001,854 | ---- | C] () -- C:\Users\Ted\AppData\Roaming\GhostObjGAFix.xml
[2010/08/08 21:51:57 | 000,000,017 | ---- | C] () -- C:\Users\Ted\AppData\Local\resmon.resmoncfg
[2010/06/03 18:31:10 | 000,000,000 | ---- | C] () -- C:\Users\Ted\AppData\Roaming\wklnhst.dat
[2010/05/08 20:09:49 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/04/03 03:33:31 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/04/03 03:33:31 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

========== LOP Check ==========

[2011/02/28 21:47:30 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\DriverCure
[2010/08/14 08:25:30 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Gamelab
[2011/03/20 10:44:08 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Leadertech
[2011/04/04 14:35:43 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\SecondLife
[2011/02/28 21:55:08 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Stellarium
[2010/06/03 18:31:10 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Template
[2011/05/22 11:14:48 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Tific
[2010/12/27 09:07:20 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Visan
[2011/02/28 12:11:28 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Windows Live Writer
[2012/03/01 16:33:00 | 000,000,898 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001Core.job
[2012/03/01 22:33:00 | 000,000,920 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001UA.job
[2012/01/09 15:14:00 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:0A8E2C33

< End of report >

#113 macdoo

Authentic Member

Authentic Member
70 posts

Posted 02 March 2012 - 07:12 AM

Hello Satchfan. Oldtimer is doing great. Thanks for your help

#114 Satchfan

SuperHelper

Malware Team
6,813 posts

Interests:LFC, music, more LFC, more music

Posted 02 March 2012 - 07:22 AM

Hi macdoo, I've just popped in to see how things are going.

Oldtimer is doing great.

He always does. You are doing a good job too.

Thanks for your help

You're welcome

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#115 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 02 March 2012 - 12:00 PM

Hi macdoo,

Your java is out of date. Click your start button > Control Panel

Use the drop down menu beside view by and change it to small icons
locate java (32bit) in the list and click on it
when the java console opens click the update tab
Click update now

Next

Do the same thing for java 64bit

Next

Double click on OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :

:Services

:OTL
[2011/03/26 09:24:07 | 000,000,000 | ---D | M] (ShopToWin2) -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"dplaysvr"=-
:Files
c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
:Commands
[purity]
[emptytemp]
[createrestorepoint]

Then click the Run Fix button at the top

Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Reboot your computer

Please post the OTL fix log.

Please post back with

OTL fix log

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

Advertisements

Register to Remove

#116 macdoo

Authentic Member

Authentic Member
70 posts

Posted 02 March 2012 - 01:03 PM

ok. could only find one java in control panel and don't know which it was but i did the update. All processes killed ========== SERVICES/DRIVERS ========== ========== OTL ========== C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\skin folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\locale folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\modules\core\session folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\modules\core folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\modules folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\xul folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\voicebox folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\utils\crypto folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\utils folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\upgrader folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\substitution\settings folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\substitution\config folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\substitution folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\settings folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\session\settings folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\session folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\overlay\config folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\overlay folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\monitoring\events folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\monitoring folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\logging folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\externalJS\utils folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\externalJS\settings folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\externalJS\providers folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\externalJS\parser folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\externalJS\events folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\externalJS\config folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\externalJS folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\extensionManager folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\exceptions folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\dca\utils folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\dca\processors folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\dca\piirules\config folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\dca\piirules folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\dca\eventsending folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\dca\epochtime\config folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\dca\epochtime folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\dca\dispatchers\killswitch folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\dca\dispatchers\deadmen folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\dca\dispatchers folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\dca\dcaservice\config folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\dca\dcaservice folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\dca\cookies folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\dca\clicksending\config folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\dca\clicksending folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\dca\ajax\config folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\dca\ajax folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\dca folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\cookies folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\configs folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\caching\storage folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\caching\providers folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\caching\listeners folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\caching\downloaders folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\caching\dispatchers folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\caching\deprecated folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\caching\config folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\caching folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\bus folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome folder moved successfully. C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749} folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\dplaysvr deleted successfully. ========== FILES ========== c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Ted ->Temp folder emptied: 1097242 bytes ->Temporary Internet Files folder emptied: 5771390 bytes ->Java cache emptied: 25269563 bytes ->FireFox cache emptied: 87499518 bytes ->Google Chrome cache emptied: 368213827 bytes ->Flash cache emptied: 1445035 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 6084 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 467.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.34.0 log created on 03022012_133540 Files\Folders moved on Reboot... C:\Users\Ted\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\Ted\AppData\Local\Temp\~DF21BD8517614EC9B9.TMP not found! File\Folder C:\Users\Ted\AppData\Local\Temp\~DF232A93AA80095CA4.TMP not found! File\Folder C:\Users\Ted\AppData\Local\Temp\~DF4230A8D6F404A7C0.TMP not found! File\Folder C:\Users\Ted\AppData\Local\Temp\~DF44504E65F32DB7E8.TMP not found! File\Folder C:\Users\Ted\AppData\Local\Temp\~DF84953BF287542D18.TMP not found! File\Folder C:\Users\Ted\AppData\Local\Temp\~DF931685341D5666D2.TMP not found! File\Folder C:\Users\Ted\AppData\Local\Temp\~DFC0B7B6A276224FF4.TMP not found! File\Folder C:\Users\Ted\AppData\Local\Temp\~DFEE45DD549A8617E8.TMP not found! C:\Users\Ted\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N30C0L2Q\iframe[3].htm moved successfully. C:\Users\Ted\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6O2V412G\index[1].htm moved successfully. C:\Users\Ted\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. Registry entries deleted on Reboot...

#117 macdoo

Authentic Member

Authentic Member
70 posts

Posted 02 March 2012 - 01:07 PM

other computers working now too

#118 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 02 March 2012 - 02:29 PM

Hi macdoo,

other computers working now too

Did you need to do anything?

Download and save to your desktop Malwarebytes Anti-Malware

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.

Do not use this instance of your browser for anything besides doing this scan
When the scan is complete and the results saved, close that instance of your browser
Open a new one the usual way and post the results in this topic.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

Go here to run an online scannner from
ESET

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply

Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.

After the ESET scan re run OTL

Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
check the box beside scan all users
In the Extra Registry section change it to All
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.

Please post back with

MBAM log
ESET log if there was one
both OTL log?

Any issues?

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#119 macdoo

Authentic Member

Authentic Member
70 posts

Posted 02 March 2012 - 05:15 PM

No I didn't have to do anything to the other computers. Just been checking them as we go along.

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.02.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Ted :: TED-PC [administrator]

Protection: Enabled

3/2/2012 4:48:59 PM
mbam-log-2012-03-02 (16-48-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191636
Time elapsed: 3 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

C:\Qoobox\Quarantine\C\Program Files (x86)\FunWebProducts\Installr\1.bin\F3EZSETP.DLL.vir a variant of Win32/FunWeb.AA application
C:\Qoobox\Quarantine\C\Program Files (x86)\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\FunWebProducts\Installr\8.bin\F3EZSETP.DLL.vir Win32/Toolbar.MyWebSearch.M application
C:\Qoobox\Quarantine\C\Program Files (x86)\FunWebProducts\Installr\8.bin\F3PLUGIN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\FunWebProducts\Installr\8.bin\NPFUNWEB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application
C:\TDSSKiller_Quarantine\01.03.2012_20.17.14\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\01.03.2012_20.17.14\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\01.03.2012_20.17.14\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.IC trojan
C:\TDSSKiller_Quarantine\01.03.2012_20.17.14\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AC trojan
C:\TDSSKiller_Quarantine\01.03.2012_20.17.14\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\01.03.2012_20.17.14\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.Z trojan
C:\TDSSKiller_Quarantine\01.03.2012_21.08.39\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\01.03.2012_21.08.39\tdlfs0000\tsk0004.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\01.03.2012_21.08.39\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.IC trojan
C:\TDSSKiller_Quarantine\01.03.2012_21.08.39\tdlfs0000\tsk0006.dta Win64/Olmarik.AC trojan
C:\TDSSKiller_Quarantine\01.03.2012_21.08.39\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\01.03.2012_21.08.39\tdlfs0000\tsk0008.dta Win64/Olmarik.Z trojan
C:\Users\Ted\Documents\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application
C:\Users\Ted\Music\PopularScreenSavers.exe Win32/AdInstaller application
C:\Windows\System32\config\systemprofile\AppData\Local\dplayx.dll a variant of Win32/Kryptik.ABBO trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\dplayx.dll a variant of Win32/Kryptik.ABBO trojan
C:\_OTL\MovedFiles\03022012_133540\c_windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe a variant of Win32/Kryptik.ABBO trojan

OTL logfile created on: 3/2/2012 6:07:16 PM - Run 5
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Ted\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 55.48% Memory free
3.49 Gb Paging File | 1.75 Gb Available in Paging File | 50.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.37 Gb Total Space | 155.46 Gb Free Space | 71.19% Space Free | Partition Type: NTFS
Drive D: | 14.22 Gb Total Space | 2.35 Gb Free Space | 16.51% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 95.71 Mb Free Space | 96.50% Space Free | Partition Type: FAT32
Drive F: | 7.64 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: TED-PC | User Name: Ted | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ted\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\SDL.dll ()
MOD - C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (LVUVC64) Logitech HD Webcam C270(UVC) -- C:\Windows\SysNative\drivers\LVUVC64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D6C1EDDB-D7C6-4FF0-A3FF-579F83D96E45}
IE:64bit: - HKLM\..\SearchScopes\{7793487D-1681-4769-97EE-D9AED5FAB8E8}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE:64bit: - HKLM\..\SearchScopes\{D6C1EDDB-D7C6-4FF0-A3FF-579F83D96E45}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {D6C1EDDB-D7C6-4FF0-A3FF-579F83D96E45}
IE - HKLM\..\SearchScopes\{7793487D-1681-4769-97EE-D9AED5FAB8E8}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKLM\..\SearchScopes\{D6C1EDDB-D7C6-4FF0-A3FF-579F83D96E45}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1715033351-2653626177-837647883-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=make
IE - HKU\..\SearchScopes,DefaultScope = {D6C1EDDB-D7C6-4FF0-A3FF-579F83D96E45}
IE - HKU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...{...hTerms}&f=4
IE - HKU\..\SearchScopes\{2005ACD9-727B-38B0-19F6-BE95434160E8}: "URL" = http://www.bing.com/...amp;form=ZGAIDF
IE - HKU\..\SearchScopes\{7793487D-1681-4769-97EE-D9AED5FAB8E8}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKU\..\SearchScopes\{D6C1EDDB-D7C6-4FF0-A3FF-579F83D96E45}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\..\SearchScopes\{F6066676-1EEB-BD50-8DCD-39409136EB4C}: "URL" = http://www.bing.com/...amp;form=ZGAIDF
IE - HKU\S-1-5-21-1715033351-2653626177-837647883-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Free TV Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/...22&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: fmconverter@gmail.com:1.0.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ted\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ted\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ted\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ted\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ted\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/01/25 04:59:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/26 14:50:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/18 05:57:58 | 000,000,000 | ---D | M]

[2010/05/08 20:11:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ted\AppData\Roaming\Mozilla\Extensions
[2012/03/02 13:35:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions
[2011/03/26 09:23:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\engine@conduit.com
[2011/03/26 09:24:05 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\piclens@cooliris.com
[2012/02/29 18:46:33 | 000,001,393 | ---- | M] () -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\searchplugins\ajaxwhois-domain-search.xml
[2012/03/02 13:32:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/08 23:19:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/10 13:49:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012/03/02 13:32:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/01/25 04:59:04 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/03/02 13:32:20 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/25 04:59:38 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

========== Chrome ==========

CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = http://start.facemoo...{...hTerms}&f=4
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Ted\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Ted\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Freemake Video Converter = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: Gmail = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2012/03/01 22:34:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1715033351-2653626177-837647883-1001..\Run: [Facebook Update] C:\Users\Ted\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1715033351-2653626177-837647883-1001..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1715033351-2653626177-837647883-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1715033351-2653626177-837647883-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715033351-2653626177-837647883-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.112.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62E99ED4-21AE-4C60-BF80-905DEF8BAF1D}: DhcpNameServer = 192.168.1.1 68.238.112.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/16 01:52:08 | 000,000,073 | R--- | M] () - F:\AUTORUN.INF -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/02 16:57:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/03/02 16:48:20 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Roaming\Malwarebytes
[2012/03/02 16:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/02 16:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/02 16:48:10 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/02 16:48:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/02 16:46:19 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ted\Desktop\mbam-setup-1.60.1.1000.exe
[2012/03/02 13:37:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/02 13:35:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/02 13:32:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/02 13:32:31 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/02 13:32:31 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/02 13:32:31 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/01 22:39:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/01 21:16:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/01 21:16:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/01 21:16:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/01 21:16:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/01 21:16:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/01 21:15:24 | 004,424,671 | R--- | C] (Swearware) -- C:\Users\Ted\Desktop\ComboFix.exe
[2012/03/01 20:18:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/01 20:16:07 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ted\Desktop\tdsskiller.exe
[2012/03/01 18:02:14 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Ted\Desktop\OTL.exe
[2012/03/01 17:48:47 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Ted\Desktop\aswMBR.exe
[2012/02/22 16:27:53 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\Facebook
[2012/02/16 15:50:27 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\{780E1EAB-4F24-4977-B006-5F550A1077C4}
[2012/02/16 15:50:05 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\{99712C03-8F46-4B4F-80B1-FC040550C60F}
[2012/02/16 15:46:51 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\{020A6D07-6CD8-439F-9A84-BCC2F7E4C2D0}
[2012/02/16 15:46:41 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\{BCBF0D45-80DE-4975-AA65-03A248DEA8C5}
[2012/02/16 01:00:38 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/16 01:00:37 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/16 01:00:36 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/16 01:00:29 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/16 01:00:16 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/16 01:00:15 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/16 01:00:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/16 01:00:14 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/16 01:00:14 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/16 01:00:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/16 01:00:13 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/03 20:07:08 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\{0AF6D657-A8D4-4EC1-87BF-8831D761178F}

========== Files - Modified Within 30 Days ==========

[2012/03/02 18:09:03 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/02 18:00:07 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001UA.job
[2012/03/02 17:01:25 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/02 17:01:25 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/02 16:54:25 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/02 16:54:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/02 16:54:02 | 1406,296,064 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/02 16:48:11 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/02 16:46:29 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Ted\Desktop\mbam-setup-1.60.1.1000.exe
[2012/03/02 16:33:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001UA.job
[2012/03/02 16:33:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001Core.job
[2012/03/02 13:32:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/03/02 13:32:20 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/02 13:32:20 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/02 13:32:20 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/01 22:34:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/01 22:00:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001Core.job
[2012/03/01 21:15:48 | 004,424,671 | R--- | M] (Swearware) -- C:\Users\Ted\Desktop\ComboFix.exe
[2012/03/01 20:57:25 | 000,000,529 | ---- | M] () -- C:\Users\Ted\Desktop\MBR (2).zip
[2012/03/01 20:57:00 | 000,000,512 | ---- | M] () -- C:\Users\Ted\Desktop\MBR.dat
[2012/03/01 20:26:20 | 000,001,075 | ---- | M] () -- C:\Users\Ted\Desktop\TDSSKiller.2.7.17.0_01.03.2012_20.17.14_log - Shortcut.lnk
[2012/03/01 20:16:22 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ted\Desktop\tdsskiller.exe
[2012/03/01 18:02:22 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Ted\Desktop\OTL.exe
[2012/03/01 18:01:51 | 000,000,580 | ---- | M] () -- C:\Users\Ted\Desktop\MBR.zip
[2012/03/01 17:49:12 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Ted\Desktop\aswMBR.exe
[2012/03/01 06:58:45 | 029,606,317 | ---- | M] () -- C:\Users\Ted\Documents\The Illuminati's greatest human enemy. Who is working the machine..mp4
[2012/03/01 06:23:07 | 097,086,188 | ---- | M] () -- C:\Users\Ted\Documents\David Icke-Brilliant Speech.mp4
[2012/02/29 20:17:06 | 1312,231,438 | ---- | M] () -- C:\Users\Ted\Documents\Rammstein- Live aus Berlin-1 link full video-HQ.mp4
[2012/02/29 05:17:51 | 048,442,644 | ---- | M] () -- C:\Users\Ted\Documents\Gun Rights vs. Voting Rights in America.mp4
[2012/02/28 18:21:29 | 566,845,967 | ---- | M] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 4).mp4
[2012/02/28 17:03:22 | 555,600,430 | ---- | M] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 3).mp4
[2012/02/28 14:45:21 | 105,293,618 | ---- | M] () -- C:\Users\Ted\Documents\Movement I DON'T PAY is spreading across Europe (english subs).mp4
[2012/02/28 14:11:02 | 554,484,464 | ---- | M] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 2).mp4
[2012/02/28 08:46:39 | 011,084,510 | ---- | M] () -- C:\Users\Ted\Documents\Ron Paul Speaks To John Stossel About Illegal Immigration and Amnesty.mp4
[2012/02/28 08:12:41 | 024,020,530 | ---- | M] () -- C:\Users\Ted\Documents\US Dollar - Sabotaged by Design.mp4
[2012/02/28 07:53:41 | 027,498,265 | ---- | M] () -- C:\Users\Ted\Documents\Robert Fisk reveals the U.S. dollar's demise!.mp4
[2012/02/28 07:45:48 | 073,211,844 | ---- | M] () -- C:\Users\Ted\Documents\Engdahl- Greek bailout terms remind of Hitler.mp4
[2012/02/27 19:07:10 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTed.job
[2012/02/27 17:44:22 | 559,288,807 | ---- | M] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 1).mp4
[2012/02/27 14:17:05 | 046,251,650 | ---- | M] () -- C:\Users\Ted\Documents\NATO Bombs Peace Conference To Prevent Reconciliation In Libya.mp4
[2012/02/27 07:06:43 | 020,793,801 | ---- | M] () -- C:\Users\Ted\Documents\26.08.2011 Putin Slams NATO- West Has no Legal Right to Execute Gaddafi.mp4
[2012/02/27 06:56:57 | 043,659,600 | ---- | M] () -- C:\Users\Ted\Documents\Putin assassination plan foiled by joint special forces op [27-Feb-12 © RT].mp4
[2012/02/27 06:19:40 | 009,274,180 | ---- | M] () -- C:\Users\Ted\Documents\IRAN US Military Intelligence- Iran To RESPOND But Not Provoke Or Initiate Attack On West.mp4
[2012/02/27 06:13:09 | 042,070,755 | ---- | M] () -- C:\Users\Ted\Documents\Cyber War Threat US to fight enemy it created itself ! [Â© RT].mp4.mp4
[2012/02/26 17:29:37 | 078,429,815 | ---- | M] () -- C:\Users\Ted\Documents\Arming Al-Qaeda- US to pump weapons into Syria warzone..mp4
[2012/02/26 17:12:03 | 034,597,824 | ---- | M] () -- C:\Users\Ted\Documents\RT- Veterans For Ron Paul March On The White House Completely Ignored By MSM.mp4
[2012/02/26 16:55:42 | 029,021,942 | ---- | M] () -- C:\Users\Ted\Documents\Why US drone attacks kill so many civilians in Afghanistan.! - RT 100105.mp4
[2012/02/26 16:43:52 | 026,063,381 | ---- | M] () -- C:\Users\Ted\Documents\Italian military paying Taliban protection fee in Afghanistan - RT 100105.mp4
[2012/02/26 04:46:15 | 125,967,297 | ---- | M] () -- C:\Users\Ted\Documents\Obama's apology isn't enough for Afghans.mp4
[2012/02/22 14:41:48 | 1106,774,016 | ---- | M] () -- C:\Users\Ted\Documents\Eddie Murphy - RAW (Full! 90 min) [STAND UP] {Legendado PT-BR}.mpg
[2012/02/22 07:43:05 | 751,482,880 | ---- | M] () -- C:\Users\Ted\Documents\Eddie Murphy - Delirious Full Movie Comedy Stand up.mpg
[2012/02/20 14:21:07 | 000,000,000 | ---- | M] () -- C:\Users\Ted\Desktop\TSHIRT.bmp
[2012/02/19 12:12:08 | 046,965,148 | ---- | M] () -- C:\Users\Ted\Documents\Joker's greatest joke ever - Joker's best moments from Justice League Wild Cards.mp4
[2012/02/16 23:25:03 | 030,939,136 | ---- | M] () -- C:\Users\Ted\Documents\From My Cold Dead Hands- FIGHT THE UN SMALL ARMS TREATY!.mpg
[2012/02/16 15:50:26 | 000,002,112 | ---- | M] () -- C:\Users\Ted\Documents\My Movie.wlmp
[2012/02/16 12:11:09 | 000,002,300 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/02/16 03:29:07 | 000,349,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/16 03:06:07 | 000,746,568 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/16 03:06:07 | 000,628,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/16 03:06:07 | 000,108,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/16 03:03:28 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/02/14 18:03:04 | 112,444,674 | ---- | M] () -- C:\Users\Ted\Documents\Iran declares Israel bombed its own embassy.mp4
[2012/02/13 18:42:33 | 033,720,263 | ---- | M] () -- C:\Users\Ted\Documents\Judge Napolitano- What if the President secretly wants to decrease the population. .mp4
[2012/02/11 16:17:21 | 000,016,384 | ---- | M] () -- C:\Users\Ted\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/10 18:26:12 | 171,671,552 | ---- | M] () -- C:\Users\Ted\Documents\The Truth About Libya, Gaddafi, and the illuminati -- PART 3.mpg
[2012/02/10 18:15:43 | 084,099,072 | ---- | M] () -- C:\Users\Ted\Documents\The Truth About Libya, Gaddafi, and the illuminati -- PART 2.mpg
[2012/02/10 18:11:13 | 130,314,163 | ---- | M] () -- C:\Users\Ted\Documents\The Truth About Libya, Gaddafi, and the illuminati new world order PT 1.mp4
[2012/02/10 04:12:59 | 092,242,723 | ---- | M] () -- C:\Users\Ted\Documents\'Syria, prelude to full scale war on Iran'.mp4
[2012/02/09 18:06:49 | 009,037,824 | ---- | M] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 4).mpg
[2012/02/09 18:02:49 | 017,676,288 | ---- | M] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 3).mpg
[2012/02/09 17:59:06 | 021,514,240 | ---- | M] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 2).mpg
[2012/02/09 02:24:48 | 013,727,744 | ---- | M] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 1).mpg
[2012/02/09 01:52:24 | 043,536,576 | ---- | M] () -- C:\Users\Ted\Documents\Iran at War with Israel and America..mp4
[2012/02/09 01:42:44 | 002,684,928 | ---- | M] () -- C:\Users\Ted\Documents\Iran attack.mpg
[2012/02/08 17:01:31 | 129,583,104 | ---- | M] () -- C:\Users\Ted\Documents\ECONOMIC COLLAPSE- Million Dollar Homes Badly Vandalised.mpg
[2012/02/08 16:30:45 | 029,382,656 | ---- | M] () -- C:\Users\Ted\Documents\MAKE VIRAL - Potential USS Enterprise False Flag Operation....mpg
[2012/02/08 13:27:56 | 018,335,744 | ---- | M] () -- C:\Users\Ted\Documents\The decline of America.mpg
[2012/02/07 07:10:33 | 061,759,488 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 10.mpg
[2012/02/07 07:09:15 | 084,449,280 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 9.mpg
[2012/02/07 06:54:18 | 083,034,112 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 8.mpg
[2012/02/07 06:52:30 | 075,280,384 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 7.mpg
[2012/02/07 06:50:23 | 094,457,856 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 6.mpg
[2012/02/07 06:46:02 | 091,342,848 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 5.mpg
[2012/02/07 06:42:56 | 081,702,912 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 4.mpg
[2012/02/07 06:39:12 | 056,938,496 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 3.mpg
[2012/02/07 06:37:23 | 075,126,784 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 2.mpg
[2012/02/07 06:33:58 | 075,816,960 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 1.mpg
[2012/02/07 04:58:44 | 1829,611,520 | ---- | M] () -- C:\Users\Ted\Documents\David Icke- The London-Rome Beltane Ritual 2011 (full version).mpg
[2012/02/06 12:53:55 | 064,983,040 | ---- | M] () -- C:\Users\Ted\Documents\Eternal Disgrace- US politicians display gross ignorance [5-Feb-12 © RT].mpg
[2012/02/04 18:17:36 | 000,013,614 | ---- | M] () -- C:\Users\Ted\Documents\y-u-no-guy.jpg

========== Files Created - No Company Name ==========

[2012/03/02 16:48:11 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/01 21:16:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/01 21:16:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/01 21:16:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/01 21:16:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/01 21:16:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/01 20:57:25 | 000,000,529 | ---- | C] () -- C:\Users\Ted\Desktop\MBR (2).zip
[2012/03/01 20:57:00 | 000,000,512 | ---- | C] () -- C:\Users\Ted\Desktop\MBR.dat
[2012/03/01 20:26:20 | 000,001,075 | ---- | C] () -- C:\Users\Ted\Desktop\TDSSKiller.2.7.17.0_01.03.2012_20.17.14_log - Shortcut.lnk
[2012/03/01 18:01:51 | 000,000,580 | ---- | C] () -- C:\Users\Ted\Desktop\MBR.zip
[2012/03/01 06:57:33 | 029,606,317 | ---- | C] () -- C:\Users\Ted\Documents\The Illuminati's greatest human enemy. Who is working the machine..mp4
[2012/03/01 06:17:36 | 097,086,188 | ---- | C] () -- C:\Users\Ted\Documents\David Icke-Brilliant Speech.mp4
[2012/02/29 18:28:25 | 1312,231,438 | ---- | C] () -- C:\Users\Ted\Documents\Rammstein- Live aus Berlin-1 link full video-HQ.mp4
[2012/02/29 05:13:14 | 048,442,644 | ---- | C] () -- C:\Users\Ted\Documents\Gun Rights vs. Voting Rights in America.mp4
[2012/02/28 17:36:25 | 566,845,967 | ---- | C] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 4).mp4
[2012/02/28 16:24:04 | 555,600,430 | ---- | C] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 3).mp4
[2012/02/28 14:30:43 | 105,293,618 | ---- | C] () -- C:\Users\Ted\Documents\Movement I DON'T PAY is spreading across Europe (english subs).mp4
[2012/02/28 13:35:03 | 554,484,464 | ---- | C] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 2).mp4
[2012/02/28 08:46:13 | 011,084,510 | ---- | C] () -- C:\Users\Ted\Documents\Ron Paul Speaks To John Stossel About Illegal Immigration and Amnesty.mp4
[2012/02/28 08:11:26 | 024,020,530 | ---- | C] () -- C:\Users\Ted\Documents\US Dollar - Sabotaged by Design.mp4
[2012/02/28 07:52:21 | 027,498,265 | ---- | C] () -- C:\Users\Ted\Documents\Robert Fisk reveals the U.S. dollar's demise!.mp4
[2012/02/28 07:41:19 | 073,211,844 | ---- | C] () -- C:\Users\Ted\Documents\Engdahl- Greek bailout terms remind of Hitler.mp4
[2012/02/27 16:59:39 | 559,288,807 | ---- | C] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 1).mp4
[2012/02/27 14:14:35 | 046,251,650 | ---- | C] () -- C:\Users\Ted\Documents\NATO Bombs Peace Conference To Prevent Reconciliation In Libya.mp4
[2012/02/27 07:05:49 | 020,793,801 | ---- | C] () -- C:\Users\Ted\Documents\26.08.2011 Putin Slams NATO- West Has no Legal Right to Execute Gaddafi.mp4
[2012/02/27 06:53:59 | 043,659,600 | ---- | C] () -- C:\Users\Ted\Documents\Putin assassination plan foiled by joint special forces op [27-Feb-12 © RT].mp4
[2012/02/27 06:19:16 | 009,274,180 | ---- | C] () -- C:\Users\Ted\Documents\IRAN US Military Intelligence- Iran To RESPOND But Not Provoke Or Initiate Attack On West.mp4
[2012/02/27 06:10:51 | 042,070,755 | ---- | C] () -- C:\Users\Ted\Documents\Cyber War Threat US to fight enemy it created itself ! [Â© RT].mp4.mp4
[2012/02/26 17:24:01 | 078,429,815 | ---- | C] () -- C:\Users\Ted\Documents\Arming Al-Qaeda- US to pump weapons into Syria warzone..mp4
[2012/02/26 17:09:53 | 034,597,824 | ---- | C] () -- C:\Users\Ted\Documents\RT- Veterans For Ron Paul March On The White House Completely Ignored By MSM.mp4
[2012/02/26 16:54:29 | 029,021,942 | ---- | C] () -- C:\Users\Ted\Documents\Why US drone attacks kill so many civilians in Afghanistan.! - RT 100105.mp4
[2012/02/26 16:42:28 | 026,063,381 | ---- | C] () -- C:\Users\Ted\Documents\Italian military paying Taliban protection fee in Afghanistan - RT 100105.mp4
[2012/02/26 04:37:45 | 125,967,297 | ---- | C] () -- C:\Users\Ted\Documents\Obama's apology isn't enough for Afghans.mp4
[2012/02/22 16:28:02 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001UA.job
[2012/02/22 16:28:00 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001Core.job
[2012/02/22 14:10:39 | 1106,774,016 | ---- | C] () -- C:\Users\Ted\Documents\Eddie Murphy - RAW (Full! 90 min) [STAND UP] {Legendado PT-BR}.mpg
[2012/02/22 07:26:44 | 751,482,880 | ---- | C] () -- C:\Users\Ted\Documents\Eddie Murphy - Delirious Full Movie Comedy Stand up.mpg
[2012/02/20 14:21:07 | 000,000,000 | ---- | C] () -- C:\Users\Ted\Desktop\TSHIRT.bmp
[2012/02/19 12:09:55 | 046,965,148 | ---- | C] () -- C:\Users\Ted\Documents\Joker's greatest joke ever - Joker's best moments from Justice League Wild Cards.mp4
[2012/02/16 23:24:05 | 030,939,136 | ---- | C] () -- C:\Users\Ted\Documents\From My Cold Dead Hands- FIGHT THE UN SMALL ARMS TREATY!.mpg
[2012/02/16 03:03:28 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/02/14 17:55:11 | 112,444,674 | ---- | C] () -- C:\Users\Ted\Documents\Iran declares Israel bombed its own embassy.mp4
[2012/02/13 18:40:41 | 033,720,263 | ---- | C] () -- C:\Users\Ted\Documents\Judge Napolitano- What if the President secretly wants to decrease the population. .mp4
[2012/02/10 18:17:17 | 171,671,552 | ---- | C] () -- C:\Users\Ted\Documents\The Truth About Libya, Gaddafi, and the illuminati -- PART 3.mpg
[2012/02/10 18:12:55 | 084,099,072 | ---- | C] () -- C:\Users\Ted\Documents\The Truth About Libya, Gaddafi, and the illuminati -- PART 2.mpg
[2012/02/10 18:03:21 | 130,314,163 | ---- | C] () -- C:\Users\Ted\Documents\The Truth About Libya, Gaddafi, and the illuminati new world order PT 1.mp4
[2012/02/10 04:07:13 | 092,242,723 | ---- | C] () -- C:\Users\Ted\Documents\'Syria, prelude to full scale war on Iran'.mp4
[2012/02/09 18:06:31 | 009,037,824 | ---- | C] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 4).mpg
[2012/02/09 18:02:18 | 017,676,288 | ---- | C] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 3).mpg
[2012/02/09 17:58:35 | 021,514,240 | ---- | C] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 2).mpg
[2012/02/09 02:24:32 | 013,727,744 | ---- | C] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 1).mpg
[2012/02/09 01:49:58 | 043,536,576 | ---- | C] () -- C:\Users\Ted\Documents\Iran at War with Israel and America..mp4
[2012/02/09 01:42:40 | 002,684,928 | ---- | C] () -- C:\Users\Ted\Documents\Iran attack.mpg
[2012/02/08 16:55:05 | 129,583,104 | ---- | C] () -- C:\Users\Ted\Documents\ECONOMIC COLLAPSE- Million Dollar Homes Badly Vandalised.mpg
[2012/02/08 16:29:54 | 029,382,656 | ---- | C] () -- C:\Users\Ted\Documents\MAKE VIRAL - Potential USS Enterprise False Flag Operation....mpg
[2012/02/08 13:27:32 | 018,335,744 | ---- | C] () -- C:\Users\Ted\Documents\The decline of America.mpg
[2012/02/07 07:09:53 | 061,759,488 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 10.mpg
[2012/02/07 07:08:13 | 084,449,280 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 9.mpg
[2012/02/07 06:53:22 | 083,034,112 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 8.mpg
[2012/02/07 06:51:18 | 075,280,384 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 7.mpg
[2012/02/07 06:49:24 | 094,457,856 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 6.mpg
[2012/02/07 06:45:03 | 091,342,848 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 5.mpg
[2012/02/07 06:42:02 | 081,702,912 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 4.mpg
[2012/02/07 06:38:11 | 056,938,496 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 3.mpg
[2012/02/07 06:36:03 | 075,126,784 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 2.mpg
[2012/02/07 06:32:51 | 075,816,960 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 1.mpg
[2012/02/07 04:23:25 | 1829,611,520 | ---- | C] () -- C:\Users\Ted\Documents\David Icke- The London-Rome Beltane Ritual 2011 (full version).mpg
[2012/02/06 12:52:25 | 064,983,040 | ---- | C] () -- C:\Users\Ted\Documents\Eternal Disgrace- US politicians display gross ignorance [5-Feb-12 © RT].mpg
[2012/02/04 18:17:20 | 000,013,614 | ---- | C] () -- C:\Users\Ted\Documents\y-u-no-guy.jpg
[2011/06/09 16:33:27 | 000,016,384 | ---- | C] () -- C:\Users\Ted\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/04/01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/04/01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/03/07 18:53:26 | 000,000,183 | ---- | C] () -- C:\Windows\Earthquake3D.ini
[2011/01/21 22:39:55 | 000,001,854 | ---- | C] () -- C:\Users\Ted\AppData\Roaming\GhostObjGAFix.xml
[2010/08/08 21:51:57 | 000,000,017 | ---- | C] () -- C:\Users\Ted\AppData\Local\resmon.resmoncfg
[2010/06/03 18:31:10 | 000,000,000 | ---- | C] () -- C:\Users\Ted\AppData\Roaming\wklnhst.dat
[2010/05/08 20:09:49 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/04/03 03:33:31 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/04/03 03:33:31 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

========== LOP Check ==========

[2011/02/28 21:47:30 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\DriverCure
[2010/08/14 08:25:30 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Gamelab
[2011/03/20 10:44:08 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Leadertech
[2011/04/04 14:35:43 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\SecondLife
[2011/02/28 21:55:08 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Stellarium
[2010/06/03 18:31:10 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Template
[2011/05/22 11:14:48 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Tific
[2010/12/27 09:07:20 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Visan
[2011/02/28 12:11:28 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Windows Live Writer
[2012/03/02 16:33:00 | 000,000,898 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001Core.job
[2012/03/02 16:33:01 | 000,000,920 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001UA.job
[2012/01/09 15:14:00 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:0A8E2C33

< End of report >

OTL Extras logfile created on: 3/2/2012 6:07:16 PM - Run 5
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Ted\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 55.48% Memory free
3.49 Gb Paging File | 1.75 Gb Available in Paging File | 50.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.37 Gb Total Space | 155.46 Gb Free Space | 71.19% Space Free | Partition Type: NTFS
Drive D: | 14.22 Gb Total Space | 2.35 Gb Free Space | 16.51% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 95.71 Mb Free Space | 96.50% Space Free | Partition Type: FAT32
Drive F: | 7.64 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: TED-PC | User Name: Ted | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1715033351-2653626177-837647883-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java™ 6 Update 15 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java™ SE Development Kit 6 Update 15 (64-bit)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}" = ATI Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BB94D541-A747-4A5D-B0ED-72FA5C158EA5}" = HP Deskjet 1050 J410 series Basic Device Software
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E787AC54-0E56-A6DF-7BDB-AAC360813B6C}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0868BCEA-C983-1450-3ACB-79411138ACB0}" = Catalyst Control Center Core Implementation
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FA359BD-666B-5135-B712-852F21504E96}" = Catalyst Control Center Graphics Previews Vista
"{152C18DA-4270-FAF2-DE48-8A7286BD1FB1}" = CCC Help Japanese
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21B5704D-788D-F083-A5E0-94B0390889F5}" = Catalyst Control Center InstallProxy
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2FC32740-5BF8-F11E-1257-80A41497B9F1}" = Catalyst Control Center Graphics Light
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337E0592-9B00-AF1D-B10C-16225B981C96}" = CCC Help Thai
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36214841-EA3C-DA47-7F29-E6A16231702E}" = CCC Help Dutch
"{3BC080DE-CF23-E18E-0678-47CA2E70C1CD}" = Catalyst Control Center Graphics Full New
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{47365A91-7A32-5C08-927C-17F27D9F0E50}" = Catalyst Control Center Graphics Previews Common
"{47BD6184-519F-C649-6A5C-58234406B62C}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B57F6F3-5577-7158-A8F7-9E71547F8B7C}" = CCC Help Finnish
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{5708788D-EC95-7D4A-C0D8-CB393C9E90AC}" = CCC Help Hungarian
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{675ABEBC-DBA1-FF26-52BF-697FF5012CA1}" = CCC Help Spanish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68910580-F9FF-91E0-8AFE-86D49DD07AE4}" = CCC Help Russian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B57CF04-5182-9DED-CCD4-84DAC76784D4}" = CCC Help Swedish
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71B7E1DE-4913-5E2E-2B83-B90C3BB308BA}" = ccc-core-static
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DA2FB1E-31A5-54A6-91AC-9EDCA6258F40}" = CCC Help French
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DF8417C-07F9-22AA-019E-7F761437BFAC}" = CCC Help Polish
"{90E03F32-42EC-A16D-8146-A4E2F0FC9588}" = CCC Help English
"{91B36C7F-0796-5A98-D1BA-C29C8D24396F}" = CCC Help Portuguese
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0A47CD2-749A-97BD-C4AE-862EFA38CAC1}" = CCC Help Danish
"{A44CD09A-6D0F-08EC-8B80-6FD5EF62598B}" = CCC Help Czech
"{A5786D80-1FAE-577A-C448-9C61274E9F7B}" = CCC Help Turkish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF6B5CC8-55F5-55BC-2E2A-2B192EA79E16}" = CCC Help Greek
"{C2AFB298-CD06-BCF0-16CD-FB506E07B262}" = CCC Help Norwegian
"{C2FFBCE8-3A0D-154C-EE84-47B189E79D60}" = CCC Help German
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB71B7E6-3156-2DB6-3800-6B853D5D6EF6}" = Catalyst Control Center Graphics Full Existing
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8029B62-C3D6-E02D-A98E-07AFEA8CDF79}" = Catalyst Control Center Localization All
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC1F6690-DE55-4B9E-C556-EE1558EAB7A5}" = CCC Help Chinese Standard
"{EC83C809-3943-830A-ED5C-C569267E4804}" = CCC Help Korean
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F696BBD9-A383-4F54-155B-451A15482C89}" = CCC Help Chinese Traditional
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ESET Online Scanner" = ESET Online Scanner v3
"Freemake Video Converter_is1" = Freemake Video Converter version 3.0.1
"Freemake Video Downloader_is1" = Freemake Video Downloader
"Google Chrome" = Google Chrome
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mozilla Firefox (3.6.27)" = Mozilla Firefox (3.6.27)
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1715033351-2653626177-837647883-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/2/2011 6:53:54 AM | Computer Name = Ted-PC | Source = Bonjour Service | ID = 100
Description =

Error - 5/2/2011 6:53:55 AM | Computer Name = Ted-PC | Source = Bonjour Service | ID = 100
Description =

Error - 5/2/2011 6:53:55 AM | Computer Name = Ted-PC | Source = Bonjour Service | ID = 100
Description =

Error - 5/2/2011 6:53:55 AM | Computer Name = Ted-PC | Source = Bonjour Service | ID = 100
Description =

Error - 5/2/2011 9:55:04 AM | Computer Name = Ted-PC | Source = Bonjour Service | ID = 100
Description =

Error - 5/2/2011 9:55:04 AM | Computer Name = Ted-PC | Source = Bonjour Service | ID = 100
Description =

Error - 5/2/2011 9:55:04 AM | Computer Name = Ted-PC | Source = Bonjour Service | ID = 100
Description =

Error - 5/2/2011 10:25:40 AM | Computer Name = Ted-PC | Source = Bonjour Service | ID = 100
Description =

Error - 5/2/2011 10:25:40 AM | Computer Name = Ted-PC | Source = Bonjour Service | ID = 100
Description =

Error - 5/2/2011 10:25:40 AM | Computer Name = Ted-PC | Source = Bonjour Service | ID = 100
Description =

[ Hewlett-Packard Events ]
Error - 6/11/2010 3:28:07 AM | Computer Name = Ted-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. Configurator

at Configurator.ConfiguratorClass.loadXML() at Configurator.ConfiguratorClass..ctor(Boolean
loadxml) at HPSFConfigReader.ConfigHelper..ctor() at HPAssistant.csSettings.loadApplicationResources(Boolean
isOnAppLoad)

Error - 12/18/2010 7:09:00 PM | Computer Name = Ted-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error - 1/21/2011 11:39:53 PM | Computer Name = Ted-PC | Source = Hewlett-Packard | ID = 0
Description =

Error - 2/18/2011 10:22:37 PM | Computer Name = Ted-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021118092219.xml
File not created by asset agent

[ System Events ]
Error - 3/2/2012 2:35:40 PM | Computer Name = Ted-PC | Source = Service Control Manager | ID = 7034
Description = The UMVPFSrv service terminated unexpectedly. It has done this 1
time(s).

Error - 3/2/2012 3:00:02 PM | Computer Name = Ted-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 3/2/2012 3:00:02 PM | Computer Name = Ted-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 3/2/2012 3:02:17 PM | Computer Name = Ted-PC | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
error: %%2

Error - 3/2/2012 5:53:17 PM | Computer Name = Ted-PC | Source = DCOM | ID = 10005
Description =

Error - 3/2/2012 5:53:17 PM | Computer Name = Ted-PC | Source = Service Control Manager | ID = 7038
Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%1352 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 3/2/2012 5:53:17 PM | Computer Name = Ted-PC | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following
error: %%1069

Error - 3/2/2012 5:54:07 PM | Computer Name = Ted-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 3/2/2012 5:54:07 PM | Computer Name = Ted-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 3/2/2012 5:56:16 PM | Computer Name = Ted-PC | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
error: %%2

< End of report >

#120 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 02 March 2012 - 05:54 PM

Hi

It was the 32bit version that you installed. you can get the 64bit version HERE

Click on Windows Offline (64-bit)

Once you have downloaded jre-6u31windows-x64-.exe and saved it to the desktop:

Click Start > Control Panel . Under Programs click uninstall a program and uninstall

Java™ 6 Update 15 (64-bit)
Java™ SE Development Kit 6 Update 15 (64-bit)

Next

Double click the file you downloaded to install the java. Pass on any 3rd party add ons you may be offered.

Next

Double click on OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :

:Services

:Files
C:\Users\Ted\Documents\vlcmediaplayer-setup.exe
C:\Users\Ted\Music\PopularScreenSavers.exe
C:\Windows\System32\config\systemprofile\AppData\Local\dplayx.dll
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\dplayx.dl
C:\TDSSKiller_Quarantine

:Commands
[purity]
[emptytemp]
[createrestorepoint]

Then click the Run Fix button at the top

Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Reboot your computer

Please post the OTL fix log.

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

Body Background

skin color theme

Can not load g-mail or goole on any pc in house [Solved]

#106 macdoo

Advertisements

Register to Remove

#107 oldman960

#108 macdoo

#109 oldman960

#110 macdoo

#111 oldman960

#112 macdoo

#113 macdoo

#114 Satchfan

#115 oldman960

Advertisements

Register to Remove

#116 macdoo

#117 macdoo

#118 oldman960

#119 macdoo

#120 oldman960

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

Can not load g-mail or goole on any pc in house [Solved]

#106 macdoo

Advertisements Register to Remove

#107 oldman960

#108 macdoo

#109 oldman960

#110 macdoo

#111 oldman960

#112 macdoo

#113 macdoo

#114 Satchfan

#115 oldman960

Advertisements Register to Remove

#116 macdoo

#117 macdoo

#118 oldman960

#119 macdoo

#120 oldman960

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove