Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
heartburn after Smart Hdd
Message
<blockquote data-quote="lplp" data-source="post: 48711" data-attributes="member: 1395"><p>Hi, thanks for helping me with this, I really appreciate it!</p><p></p><p>I followed your instructions, but did have a minor blip. OLT ran the instructions fine, and I have the log from the followup quick scan. </p><p></p><p>Next I disabled the antispyware (teatimer) and antivirus (MS Security Essentials). Downloaded Combofix and put it on the desktop and started Combofix, but got prompted that MSSE is still running. The MSSE dialog box showed it was stopped. I then uninstalled MSSE to ensure that it was indeed not running. I clicked the continue button for the combofix warning, again it said that MSSE antivirus was still running? I clicked OK, and Combofix then completed it's scan. </p><p></p><p>Logs of OTL and combofix attached.</p><p></p><p>The computer still has the same issues.</p><p></p><p>thanks!</p><p></p><p></p><p>OTL logfile created on: 4/13/2012 9:01:47 PM - Run 2</p><p>OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\steve\Desktop</p><p>64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation</p><p>Internet Explorer (Version = 9.0.8112.16421)</p><p>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</p><p> </p><p>15.99 Gb Total Physical Memory | 13.79 Gb Available Physical Memory | 86.24% Memory free</p><p>31.98 Gb Paging File | 29.64 Gb Available in Paging File | 92.66% Paging File free</p><p>Paging file location(s): ?:\pagefile.sys [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)</p><p>Drive C: | 457.76 Gb Total Space | 218.84 Gb Free Space | 47.81% Space Free | Partition Type: NTFS</p><p> </p><p>Computer Name: I5-PC | User Name: steve | Logged in as Administrator.</p><p>Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans</p><p>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p><span style="color: #E56717">========== Processes (SafeList) ==========</span></p><p> </p><p>PRC - C:\Users\steve\Desktop\OTL.exe (OldTimer Tools)</p><p>PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()</p><p>PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()</p><p>PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)</p><p>PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)</p><p>PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)</p><p>PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</p><p>PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)</p><p>PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)</p><p>PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)</p><p>PRC - C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))</p><p>PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)</p><p>PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)</p><p>PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)</p><p>PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)</p><p>PRC - C:\Users\steve\AppData\Roaming\QiGO\QiGODiscoveryAgent\QiGODiscoveryAgent.exe (QiGO)</p><p>PRC - C:\Windows\SysWOW64\XSrvSetup.exe ()</p><p>PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)</p><p>PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)</p><p> </p><p> </p><p><span style="color: #E56717">========== Modules (No Company Name) ==========</span></p><p> </p><p>MOD - C:\Program Files (x86)\Origin\imageformats\qtiff4.dll ()</p><p>MOD - C:\Program Files (x86)\Origin\QtWebKit4.dll ()</p><p>MOD - C:\Program Files (x86)\Origin\QtXmlPatterns4.dll ()</p><p>MOD - C:\Program Files (x86)\Origin\QtXml4.dll ()</p><p>MOD - C:\Program Files (x86)\Origin\imageformats\qmng4.dll ()</p><p>MOD - C:\Program Files (x86)\Origin\imageformats\qjpeg4.dll ()</p><p>MOD - C:\Program Files (x86)\Origin\imageformats\qico4.dll ()</p><p>MOD - C:\Program Files (x86)\Origin\imageformats\qgif4.dll ()</p><p>MOD - C:\Program Files (x86)\Origin\QtGui4.dll ()</p><p>MOD - C:\Program Files (x86)\Origin\QtCore4.dll ()</p><p>MOD - C:\Program Files (x86)\Origin\QtNetwork4.dll ()</p><p>MOD - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll ()</p><p>MOD - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\pdf.dll ()</p><p>MOD - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\avutil-51.dll ()</p><p>MOD - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\avformat-53.dll ()</p><p>MOD - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll ()</p><p>MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()</p><p>MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()</p><p>MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()</p><p> </p><p> </p><p><span style="color: #E56717">========== Win32 Services (SafeList) ==========</span></p><p> </p><p>SRV:<strong>64bit:</strong> - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)</p><p>SRV:<strong>64bit:</strong> - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)</p><p>SRV:<strong>64bit:</strong> - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)</p><p>SRV:<strong>64bit:</strong> - (LVPrcS64) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)</p><p>SRV:<strong>64bit:</strong> - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)</p><p>SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)</p><p>SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()</p><p>SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()</p><p>SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</p><p>SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)</p><p>SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)</p><p>SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)</p><p>SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)</p><p>SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)</p><p>SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)</p><p>SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)</p><p>SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe ()</p><p>SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)</p><p>SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)</p><p> </p><p> </p><p><span style="color: #E56717">========== Driver Services (SafeList) ==========</span></p><p> </p><p>DRV:<strong>64bit:</strong> - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)</p><p>DRV:<strong>64bit:</strong> - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)</p><p>DRV:<strong>64bit:</strong> - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)</p><p>DRV:<strong>64bit:</strong> - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)</p><p>DRV:<strong>64bit:</strong> - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.)</p><p>DRV:<strong>64bit:</strong> - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)</p><p>DRV:<strong>64bit:</strong> - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)</p><p>DRV:<strong>64bit:</strong> - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)</p><p>DRV:<strong>64bit:</strong> - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)</p><p>DRV:<strong>64bit:</strong> - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech)</p><p>DRV:<strong>64bit:</strong> - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech)</p><p>DRV:<strong>64bit:</strong> - (LVUVC64) Logitech Webcam Pro 9000(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)</p><p>DRV:<strong>64bit:</strong> - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)</p><p>DRV:<strong>64bit:</strong> - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()</p><p>DRV:<strong>64bit:</strong> - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()</p><p>DRV:<strong>64bit:</strong> - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)</p><p>DRV:<strong>64bit:</strong> - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)</p><p>DRV:<strong>64bit:</strong> - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)</p><p>DRV:<strong>64bit:</strong> - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)</p><p>DRV:<strong>64bit:</strong> - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)</p><p>DRV:<strong>64bit:</strong> - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)</p><p>DRV:<strong>64bit:</strong> - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )</p><p>DRV:<strong>64bit:</strong> - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)</p><p>DRV:<strong>64bit:</strong> - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)</p><p>DRV:<strong>64bit:</strong> - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)</p><p>DRV:<strong>64bit:</strong> - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)</p><p>DRV:<strong>64bit:</strong> - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)</p><p>DRV:<strong>64bit:</strong> - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)</p><p>DRV:<strong>64bit:</strong> - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows (R) Codename Longhorn DDK provider)</p><p>DRV:<strong>64bit:</strong> - (asusgsb) -- C:\Windows\SysNative\drivers\asusgsb.sys (ASUSTeK Computer Inc.)</p><p>DRV:<strong>64bit:</strong> - (EIO_XP) -- C:\Windows\SysNative\drivers\EIO64_XP.sys (ASUSTeK Computer Inc.)</p><p>DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)</p><p>DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)</p><p>DRV - (SASENUM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)</p><p>DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()</p><p>DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)</p><p>DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)</p><p>DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)</p><p>DRV - (AODDriver) -- C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys ()</p><p> </p><p> </p><p><span style="color: #E56717">========== Standard Registry (SafeList) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Internet Explorer ==========</span></p><p> </p><p>IE:<strong>64bit:</strong> - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}</p><p>IE:<strong>64bit:</strong> - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm</p><p>IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}</p><p>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC</p><p> </p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = </p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = </p><p>IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}</p><p>IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC</p><p>IE - HKCU\..\SearchScopes\{19C5A942-F1C7-45BE-A1EB-9EAD485170E1}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}</p><p>IE - HKCU\..\SearchScopes\{9B0FE47C-BED4-44E4-8C07-D7F906B08B5A}: "URL" = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=1690&l=dir</p><p>IE - HKCU\..\SearchScopes\{BF0212BE-AB43-4D91-BDE1-0C74CEF5B145}: "URL" = http://search.avg.com/route/?d=4ceb1f24&v=6.11.25.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us</p><p>IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=MP3R3</p><p>IE - HKCU\..\SearchScopes\{F9FAE696-9B1B-44A2-A503-83CBBFE4D10C}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local</p><p> </p><p><span style="color: #E56717">========== FireFox ==========</span></p><p> </p><p>FF - prefs.js..browser.search.defaultenginename: ""</p><p>FF - prefs.js..browser.search.order.1: ""</p><p>FF - prefs.js..browser.search.selectedEngine: ""</p><p>FF - prefs.js..browser.startup.homepage: ""</p><p>FF - user.js - File not found</p><p> </p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found</p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)</p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found</p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found</p><p>FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)</p><p>FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found</p><p>FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)</p><p>FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)</p><p>FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found</p><p>FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p> </p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/23 19:59:13 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/12 18:04:37 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/06 16:29:03 | 000,000,000 | ---D | M]</p><p>FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/23 19:59:13 | 000,000,000 | ---D | M]</p><p> </p><p>[2009/10/24 23:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steve\AppData\Roaming\Mozilla\Extensions</p><p>[2011/10/02 18:31:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\bak\w5083rzp.profile 2\extensions</p><p>[2011/10/02 18:31:45 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\bak\w5083rzp.profile 2\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}</p><p>[2011/10/02 18:31:45 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\bak\w5083rzp.profile 2\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}</p><p>[2011/10/02 18:31:48 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\bak\w5083rzp.profile 2\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}</p><p>[2011/10/02 18:31:40 | 000,000,000 | ---D | M] (KidZui) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\bak\w5083rzp.profile 2\extensions\firefox@kidzui.com</p><p>[2011/10/02 18:31:44 | 000,000,000 | ---D | M] (FlashCatch) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\bak\w5083rzp.profile 2\extensions\flashcatch-amo@flashcatch.com</p><p>[2011/10/02 18:31:44 | 000,000,000 | ---D | M] (Flash Video Resources Downloader) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\bak\w5083rzp.profile 2\extensions\max@subfighter.com</p><p>[2011/12/09 22:33:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\nejbf5ls.new\extensions</p><p>[2011/11/12 11:17:02 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\nejbf5ls.new\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}</p><p>[2011/10/08 18:54:27 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\nejbf5ls.new\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}</p><p>[2011/10/08 18:54:27 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\nejbf5ls.new\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}</p><p>[2011/10/08 18:54:27 | 000,000,000 | ---D | M] (KidZui) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\nejbf5ls.new\extensions\firefox@kidzui.com</p><p>[2011/12/09 22:33:21 | 000,000,000 | ---D | M] (FlashCatch) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\nejbf5ls.new\extensions\flashcatch-amo@flashcatch.com</p><p>[2011/10/08 18:54:27 | 000,000,000 | ---D | M] (Flash Video Resources Downloader) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\nejbf5ls.new\extensions\max@subfighter.com</p><p>[2012/03/30 06:05:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\s859sw5f.default\extensions</p><p>[2012/03/30 06:05:22 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\s859sw5f.default\extensions\crossriderapp2258@crossrider.com</p><p>[2012/02/11 22:58:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions</p><p>[2012/02/11 22:58:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com</p><p>[2012/04/12 18:04:36 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll</p><p>[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll</p><p>[2012/02/11 22:58:54 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml</p><p>[2012/04/12 18:04:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml</p><p>[2012/04/12 18:04:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml</p><p> </p><p><span style="color: #E56717">========== Chrome ==========</span></p><p> </p><p>CHR - default_search_provider: Google (Enabled)</p><p>CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite117" alt=":eek:" title="Eek! :eek:" loading="lazy" data-shortname=":eek:" />riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}</p><p>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}</p><p>CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer</p><p>CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll</p><p>CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\pdf.dll</p><p>CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\gcswf32.dll</p><p>CHR - plugin: Shockwave Flash (Disabled) = C:\Users\steve\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll</p><p>CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll</p><p>CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll</p><p>CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll</p><p>CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll</p><p>CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL</p><p>CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL</p><p>CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll</p><p>CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll</p><p>CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll</p><p>CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll</p><p>CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll</p><p>CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll</p><p>CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll</p><p>CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll</p><p>CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll</p><p>CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll</p><p>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll</p><p>CHR - Extension: CacheList = C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\amhhdbdhoghppijbjfdkiaconkmfbbpa\2.3.6_0\</p><p>CHR - Extension: YouTube = C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\</p><p>CHR - Extension: Google Search = C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\</p><p>CHR - Extension: Apple Shooter = C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingecjekeggadjbbklelffkgeppklgnm\2.1_0\</p><p>CHR - Extension: Image Properties Context Menu = C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon\0.7.5_0\</p><p>CHR - Extension: Google Maps = C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.3_0\</p><p>CHR - Extension: Plants vs Zombies = C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\</p><p>CHR - Extension: Gmail = C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\</p><p> </p><p>O1 HOSTS File: ([2012/04/13 20:53:16 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts</p><p>O1 - Hosts: 127.0.0.1 localhost</p><p>O1 - Hosts: ::1 localhost</p><p>O2:<strong>64bit:</strong> - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll File not found</p><p>O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)</p><p>O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll File not found</p><p>O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)</p><p>O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll File not found</p><p>O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)</p><p>O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll File not found</p><p>O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll File not found</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)</p><p>O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)</p><p>O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)</p><p>O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))</p><p>O4 - HKCU..\Run: [conhost] C:\Users\steve\AppData\Roaming\Microsoft\conhost.exe File not found</p><p>O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)</p><p>O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)</p><p>O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)</p><p>O4 - Startup: C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NuvaTime.lnk.disabled ()</p><p>O4 - Startup: C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk.disabled ()</p><p>O4 - Startup: C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QiGO Discovery Agent.lnk = C:\Users\steve\AppData\Roaming\Microsoft\Installer\{38739316-8A0C-4E60-8675-B5F6281B01FD}\_DD752229196EA0E7BC2D3D.exe ()</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3</p><p>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1</p><p>O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)</p><p>O10:<strong>64bit:</strong> - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)</p><p>O13<strong>64bit:</strong> - gopher Prefix: missing</p><p>O13 - gopher Prefix: missing</p><p>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)</p><p>O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)</p><p>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)</p><p>O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)</p><p>O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)</p><p>O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)</p><p>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)</p><p>O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_17)</p><p>O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)</p><p>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D8BAD41-EF15-4C7A-834C-7F42EB7A7822}: DhcpNameServer = 192.168.1.1 71.252.0.12</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\avgsecuritytoolbar - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll File not found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\ms-help - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\skype4com - No CLSID value found</p><p>O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll File not found</p><p>O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll File not found</p><p>O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)</p><p>O20:<strong>64bit:</strong> - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)</p><p>O20:<strong>64bit:</strong> - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)</p><p>O20:<strong>64bit:</strong> - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)</p><p>O20:<strong>64bit:</strong> - HKLM Winlogon: VMApplet - (/pagefile) - File not found</p><p>O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found</p><p>O20:<strong>64bit:</strong> - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)</p><p>O20 - Winlogon\Notify\LBTWlgn: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found</p><p>O21:<strong>64bit:</strong> - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</p><p>O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</p><p>O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O34 - HKLM BootExecute: (autocheck autochk *)</p><p>O35:<strong>64bit:</strong> - HKLM\..comfile [open] -- "%1" %*</p><p>O35:<strong>64bit:</strong> - HKLM\..exefile [open] -- "%1" %*</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37:<strong>64bit:</strong> - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37:<strong>64bit:</strong> - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O37 - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>[2012/04/13 20:53:14 | 000,000,000 | ---D | C] -- C:\_OTL</p><p>[2012/04/12 23:32:04 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\steve\Desktop\OTL.exe</p><p>[2012/04/12 22:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation</p><p>[2012/04/12 22:42:50 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll</p><p>[2012/04/12 22:42:50 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll</p><p>[2012/04/12 22:13:14 | 000,000,000 | ---D | C] -- C:\Users\steve\AppData\Local\Origin</p><p>[2012/04/12 22:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin</p><p>[2012/04/12 22:12:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin</p><p>[2012/04/12 19:13:38 | 000,000,000 | ---D | C] -- C:\Users\steve\Documents\Battlefield 3</p><p>[2012/04/12 08:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3</p><p>[2012/04/09 20:57:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared</p><p>[2012/04/09 20:54:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64</p><p>[2012/04/09 20:54:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C</p><p>[2012/04/09 20:04:09 | 002,071,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\iexplorer_1.exe</p><p>[2012/04/09 08:22:40 | 000,000,000 | ---D | C] -- C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD</p><p>[2012/03/31 09:06:44 | 000,000,000 | ---D | C] -- C:\Users\steve\AppData\Roaming\AdobeLensProfileDownloader</p><p>[2012/03/31 09:06:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Lens Profile Downloader</p><p>[2012/03/30 18:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe</p><p>[2012/03/30 18:27:10 | 000,000,000 | ---D | C] -- C:\Users\steve\Desktop\Adobe</p><p>[2012/03/29 21:56:04 | 000,000,000 | ---D | C] -- C:\Users\steve\Documents\BioWare</p><p>[2012/03/17 10:00:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes</p><p>[2012/03/17 10:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod</p><p>[2012/03/17 10:00:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes</p><p>[2012/03/17 10:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes</p><p>[2012/03/16 19:55:55 | 000,000,000 | ---D | C] -- C:\Users\steve\Documents\Adobe</p><p>[2 C:\Users\steve\Documents\*.tmp files -> C:\Users\steve\Documents\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>[2012/04/13 21:06:35 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>[2012/04/13 21:06:35 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>[2012/04/13 20:58:58 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job</p><p>[2012/04/13 20:58:30 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job</p><p>[2012/04/13 20:58:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat</p><p>[2012/04/13 20:58:20 | 4288,274,430 | -HS- | M] () -- C:\hiberfil.sys</p><p>[2012/04/13 20:53:16 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts</p><p>[2012/04/13 20:27:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job</p><p>[2012/04/13 15:55:23 | 000,002,348 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk</p><p>[2012/04/13 00:07:01 | 000,796,580 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI</p><p>[2012/04/13 00:07:01 | 000,662,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat</p><p>[2012/04/13 00:07:01 | 000,122,236 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat</p><p>[2012/04/12 23:30:57 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\steve\Desktop\OTL.exe</p><p>[2012/04/12 22:22:54 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe</p><p>[2012/04/12 22:22:43 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0</p><p>[2012/04/12 22:22:43 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe</p><p>[2012/04/12 22:12:26 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk</p><p>[2012/04/12 18:04:38 | 000,002,052 | ---- | M] () -- C:\Users\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk</p><p>[2012/04/12 08:18:05 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk</p><p>[2012/04/10 07:49:59 | 000,001,087 | ---- | M] () -- C:\Users\steve\Desktop\SpywareBlaster.lnk</p><p>[2012/04/09 22:00:17 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2012/04/09 20:57:29 | 002,018,317 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\Cat.DB</p><p>[2012/04/09 20:04:09 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\iexplorer_1.exe</p><p>[2012/04/09 08:22:40 | 000,000,675 | ---- | M] () -- C:\Users\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk</p><p>[2012/04/09 08:22:40 | 000,000,651 | ---- | M] () -- C:\Users\steve\Desktop\SMART_HDD.lnk</p><p>[2012/04/08 23:36:32 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr</p><p>[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys</p><p>[2012/03/31 09:06:29 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Lens Profile Downloader.lnk</p><p>[2012/03/30 18:35:01 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 4 64-bit.lnk</p><p>[2012/03/17 10:02:34 | 000,002,515 | ---- | M] () -- C:\Users\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk</p><p>[2012/03/17 10:02:34 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk</p><p>[2012/03/17 10:00:39 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk</p><p>[2 C:\Users\steve\Documents\*.tmp files -> C:\Users\steve\Documents\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2012/04/13 07:37:59 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job</p><p>[2012/04/12 22:12:26 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk</p><p>[2012/04/12 08:18:05 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk</p><p>[2012/04/11 23:01:53 | 002,515,790 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin</p><p>[2012/04/09 21:25:44 | 000,002,741 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk</p><p>[2012/04/09 21:25:44 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk</p><p>[2012/04/09 21:25:44 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk</p><p>[2012/04/09 21:25:44 | 000,002,348 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk</p><p>[2012/04/09 21:25:44 | 000,002,346 | ---- | C] () -- C:\Users\Public\Desktop\Media Impression.lnk</p><p>[2012/04/09 21:25:44 | 000,002,225 | ---- | C] () -- C:\Users\Public\Desktop\Need For Speed World.lnk</p><p>[2012/04/09 21:25:44 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk</p><p>[2012/04/09 21:25:44 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\PHOTOfunSTUDIO 6.0 BD Edition.lnk</p><p>[2012/04/09 21:25:44 | 000,002,171 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk</p><p>[2012/04/09 21:25:44 | 000,002,140 | ---- | C] () -- C:\Users\Public\Desktop\SILKYPIX Developer Studio 3.1 SE.lnk</p><p>[2012/04/09 21:25:44 | 000,002,139 | ---- | C] () -- C:\Users\Public\Desktop\Panorama Maker 4.lnk</p><p>[2012/04/09 21:25:44 | 000,002,041 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk</p><p>[2012/04/09 21:25:44 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 4 64-bit.lnk</p><p>[2012/04/09 21:25:44 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\ET6.lnk</p><p>[2012/04/09 21:25:44 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk</p><p>[2012/04/09 21:25:44 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk</p><p>[2012/04/09 21:25:44 | 000,001,837 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk</p><p>[2012/04/09 21:25:44 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk</p><p>[2012/04/09 21:25:44 | 000,001,628 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk</p><p>[2012/04/09 21:25:44 | 000,001,319 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk</p><p>[2012/04/09 21:25:44 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk</p><p>[2012/04/09 21:25:44 | 000,001,165 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk</p><p>[2012/04/09 21:25:44 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk</p><p>[2012/04/09 21:25:44 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2012/04/09 21:25:44 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster.lnk</p><p>[2012/04/09 21:25:44 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\Content Transfer.lnk</p><p>[2012/04/09 21:25:44 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk</p><p>[2012/04/09 21:25:44 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\Easy Media Player.lnk</p><p>[2012/04/09 21:25:44 | 000,000,187 | ---- | C] () -- C:\Users\Public\Desktop\Photo & Video Editor Super LoiLoScope Download.url</p><p>[2012/04/09 21:25:43 | 000,002,484 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.0 BD Edition.lnk.disabled</p><p>[2012/04/09 21:25:43 | 000,002,417 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk</p><p>[2012/04/09 21:25:43 | 000,002,103 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk</p><p>[2012/04/09 21:25:43 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk</p><p>[2012/04/09 21:25:43 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk.disabled</p><p>[2012/04/09 21:25:43 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk</p><p>[2012/04/09 21:25:43 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk</p><p>[2012/04/09 21:25:43 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk</p><p>[2012/04/09 21:25:43 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk</p><p>[2012/04/09 21:25:43 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk</p><p>[2012/04/09 21:25:43 | 000,001,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 5.lnk</p><p>[2012/04/09 21:25:43 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Lens Profile Downloader.lnk</p><p>[2012/04/09 21:25:42 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk</p><p>[2012/04/09 21:25:42 | 000,001,849 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk</p><p>[2012/04/09 21:25:42 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk</p><p>[2012/04/09 21:25:41 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk</p><p>[2012/04/09 21:25:41 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk</p><p>[2012/04/09 21:25:40 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk</p><p>[2012/04/09 21:25:40 | 000,001,058 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk</p><p>[2012/04/09 21:25:38 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk</p><p>[2012/04/09 21:25:38 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk</p><p>[2012/04/09 21:25:38 | 000,002,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4 64-bit.lnk</p><p>[2012/04/09 21:25:38 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lens Profile Downloader.lnk</p><p>[2012/04/09 20:57:19 | 002,018,317 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\Cat.DB</p><p>[2012/04/09 08:22:40 | 000,000,675 | ---- | C] () -- C:\Users\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk</p><p>[2012/04/09 08:22:40 | 000,000,651 | ---- | C] () -- C:\Users\steve\Desktop\SMART_HDD.lnk</p><p>[2012/01/10 01:42:23 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat</p><p>[2012/01/10 01:42:23 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat</p><p>[2012/01/10 01:42:23 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat</p><p>[2012/01/10 01:42:23 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat</p><p>[2012/01/10 01:42:23 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat</p><p>[2012/01/10 01:42:23 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat</p><p>[2012/01/10 01:42:23 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat</p><p>[2012/01/10 01:42:23 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat</p><p>[2012/01/10 01:42:23 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat</p><p>[2012/01/10 01:42:23 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat</p><p>[2012/01/10 01:42:23 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat</p><p>[2012/01/10 01:42:23 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat</p><p>[2012/01/10 01:42:23 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat</p><p>[2012/01/10 01:42:23 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat</p><p>[2012/01/10 01:42:23 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat</p><p>[2012/01/10 01:42:23 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat</p><p>[2012/01/10 01:42:23 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat</p><p>[2012/01/10 01:42:23 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat</p><p>[2012/01/10 01:42:23 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini</p><p>[2011/12/23 19:56:40 | 000,221,312 | ---- | C] () -- C:\Windows\hpoins19.dat</p><p>[2011/12/23 19:56:40 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat</p><p>[2011/12/21 08:53:14 | 000,000,000 | ---- | C] () -- C:\Users\steve\AppData\Local\{092E70C7-0F85-432B-8EA1-99778C692ABF}</p><p>[2011/12/20 13:18:10 | 000,195,732 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat</p><p>[2011/10/17 05:10:50 | 000,000,000 | ---- | C] () -- C:\Users\steve\AppData\Local\{71BAC429-A9BB-45F7-9D77-6439834FC593}</p><p>[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe</p><p>[2011/09/27 21:14:53 | 000,013,444 | ---- | C] () -- C:\Users\steve\AppData\Roaming\SJEE47.668SJ</p><p>[2011/03/23 17:38:33 | 000,000,644 | ---- | C] () -- C:\Windows\EReg515.dat</p><p>[2011/03/23 17:38:17 | 000,000,460 | ---- | C] () -- C:\Windows\Disney.ini</p><p>[2011/02/24 20:02:31 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat</p><p>[2011/01/12 22:43:29 | 000,776,426 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI</p><p>[2011/01/12 21:02:17 | 000,000,272 | ---- | C] () -- C:\Windows\wininit.ini</p><p>[2010/12/16 22:21:30 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe</p><p>[2010/10/03 19:04:57 | 000,003,584 | ---- | C] () -- C:\Users\steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>[2010/06/09 20:38:16 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini</p><p>[2010/05/14 17:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll</p><p>[2010/05/14 17:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe</p><p>[2010/05/14 17:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll</p><p> </p><p><span style="color: #E56717">========== LOP Check ==========</span></p><p> </p><p>[2009/12/19 20:45:32 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\Amazon</p><p>[2010/11/22 21:56:38 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\AVG10</p><p>[2011/11/05 01:12:21 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\BF3CC</p><p>[2011/05/28 15:14:19 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\BFBC2CC</p><p>[2011/12/17 11:03:25 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\COWON</p><p>[2011/01/20 23:20:05 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\FileZilla</p><p>[2010/09/27 00:08:20 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\FireShot</p><p>[2011/03/23 21:10:15 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\GARMIN</p><p>[2010/11/22 22:14:03 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\IObit</p><p>[2010/12/25 12:22:31 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\Leadertech</p><p>[2011/12/01 23:09:09 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\mp3rocket</p><p>[2011/02/12 23:10:08 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\Need for Speed World</p><p>[2011/06/12 16:13:31 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\nuvaring.nuvatime.325004F4631BB8A43CC5A9432BA18C87B2BD812C.1</p><p>[2009/11/03 11:42:30 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\OpenOffice.org</p><p>[2011/06/26 23:42:26 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\Opera</p><p>[2011/10/21 12:29:19 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\Origin</p><p>[2011/06/30 20:14:37 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\Picturenaut</p><p>[2011/07/14 18:36:44 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\QiGO</p><p>[2011/03/09 22:48:15 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\SanDisk</p><p>[2010/03/13 04:24:24 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\TeamViewer</p><p>[2011/01/12 10:57:16 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\Tific</p><p>[2012/02/29 20:34:16 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\TreeCardGames</p><p>[2012/03/09 11:15:57 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\TS3Client</p><p>[2009/12/18 20:12:41 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\updatetool</p><p>[2011/12/16 01:38:33 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\uTorrent</p><p>[2012/03/15 23:55:08 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT</p><p> </p><p><span style="color: #E56717">========== Purity Check ==========</span></p><p> </p><p> </p><p> </p><p><span style="color: #E56717">========== Alternate Data Streams ==========</span></p><p> </p><p>@Alternate Data Stream - 3437 bytes -> C:\Users\steve\Documents\JanuaryGardenSproutNewsletter.eml:OECustomProperty</p><p></p><p>< End of report ></p><p></p><p></p><p></p><p></p><p></p><p></p><p>combofix log:</p><p>ComboFix 12-04-13.01 - steve 04/13/2012 21:18:31.1.4 - x64</p><p>Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16375.13980 [GMT -4:00]</p><p>Running from: c:\users\steve\Desktop\ComboFix.exe</p><p>AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}</p><p>SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}</p><p>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>c:\users\steve\Documents\~WRL1776.tmp</p><p>c:\users\steve\Documents\~WRL2539.tmp</p><p>.</p><p>.</p><p>((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>2012-04-14 01:25 . 2012-04-14 01:25 -------- d-----w- c:\users\Default\AppData\Local\temp</p><p>2012-04-14 00:53 . 2012-04-14 00:53 -------- d-----w- C:\_OTL</p><p>2012-04-13 12:14 . 2012-04-13 12:14 8767136 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe</p><p>2012-04-13 11:37 . 2012-04-13 12:14 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe</p><p>2012-04-13 04:04 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe</p><p>2012-04-13 04:04 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe</p><p>2012-04-13 04:04 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe</p><p>2012-04-13 04:03 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys</p><p>2012-04-13 04:03 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll</p><p>2012-04-13 04:03 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll</p><p>2012-04-13 04:03 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll</p><p>2012-04-13 04:03 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll</p><p>2012-04-13 04:03 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll</p><p>2012-04-13 04:03 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll</p><p>2012-04-13 02:43 . 2011-10-15 08:53 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll</p><p>2012-04-13 02:13 . 2012-04-13 02:13 -------- d-----w- c:\users\steve\AppData\Local\Origin</p><p>2012-04-13 02:12 . 2012-04-13 02:13 -------- d-----w- c:\program files (x86)\Origin</p><p>2012-04-12 22:04 . 2012-04-12 22:04 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll</p><p>2012-04-12 22:04 . 2012-04-12 22:04 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll</p><p>2012-04-12 03:02 . 2012-04-13 02:44 -------- d-----w- c:\users\UpdatusUser</p><p>2012-04-12 03:01 . 2012-02-29 20:59 2515790 ----a-w- c:\windows\system32\nvcoproc.bin</p><p>2012-04-12 03:00 . 2012-03-01 00:02 962368 ----a-w- c:\windows\system32\nvumdshimx.dll</p><p>2012-04-12 03:00 . 2012-03-01 00:02 812352 ----a-w- c:\windows\SysWow64\nvumdshim.dll</p><p>2012-04-12 03:00 . 2012-03-01 00:02 364352 ----a-w- c:\windows\system32\nvdecodemft.dll</p><p>2012-04-12 03:00 . 2012-03-01 00:02 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll</p><p>2012-04-12 03:00 . 2012-03-01 00:02 260416 ----a-w- c:\windows\system32\nvinitx.dll</p><p>2012-04-12 03:00 . 2012-03-01 00:02 215360 ----a-w- c:\windows\SysWow64\nvinit.dll</p><p>2012-04-12 03:00 . 2012-01-17 12:45 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll</p><p>2012-04-12 03:00 . 2011-10-15 08:53 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll</p><p>2012-04-10 00:57 . 2012-04-10 01:27 -------- d-----w- c:\program files\Common Files\Symantec Shared</p><p>2012-04-10 00:54 . 2012-04-10 00:54 -------- d-----w- c:\windows\system32\drivers\NISx64</p><p>2012-04-10 00:04 . 2012-04-10 00:04 2071600 ----a-w- C:\iexplorer_1.exe</p><p>2012-03-31 13:06 . 2012-03-31 13:06 -------- d-----w- c:\users\steve\AppData\Roaming\AdobeLensProfileDownloader</p><p>2012-03-31 13:06 . 2012-03-31 13:06 -------- d-----w- c:\program files (x86)\Adobe Lens Profile Downloader</p><p>2012-03-17 14:00 . 2012-03-17 14:00 -------- d-----w- c:\program files\iPod</p><p>2012-03-17 14:00 . 2012-03-17 14:00 -------- d-----w- c:\program files\iTunes</p><p>2012-03-17 14:00 . 2012-03-17 14:00 -------- d-----w- c:\program files (x86)\iTunes</p><p>.</p><p>.</p><p>.</p><p>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>2012-04-13 12:14 . 2011-06-01 04:36 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl</p><p>2012-04-13 02:22 . 2009-11-03 16:00 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe</p><p>2012-04-13 02:22 . 2009-11-03 16:00 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe</p><p>2012-04-13 02:22 . 2009-11-03 16:00 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0</p><p>2012-04-09 03:36 . 2009-11-03 16:02 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr</p><p>2012-04-04 19:56 . 2009-10-25 03:05 24904 ----a-w- c:\windows\system32\drivers\mbam.sys</p><p>2012-03-25 15:15 . 2011-11-17 19:01 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys</p><p>2012-02-17 06:38 . 2012-03-13 18:34 1031680 ----a-w- c:\windows\system32\rdpcore.dll</p><p>2012-02-17 05:34 . 2012-03-13 18:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll</p><p>2012-02-17 04:58 . 2012-03-13 18:34 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys</p><p>2012-02-17 04:57 . 2012-03-13 18:34 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys</p><p>2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys</p><p>2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll</p><p>2012-02-10 06:36 . 2012-03-13 19:51 1544192 ----a-w- c:\windows\system32\DWrite.dll</p><p>2012-02-10 05:38 . 2012-03-13 19:51 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll</p><p>2012-02-03 04:34 . 2012-03-13 19:51 3145728 ----a-w- c:\windows\system32\win32k.sys</p><p>2012-01-31 12:44 . 2009-10-24 09:07 279656 ------w- c:\windows\system32\MpSigStub.exe</p><p>2012-01-25 06:38 . 2012-03-13 18:34 77312 ----a-w- c:\windows\system32\rdpwsx.dll</p><p>2012-01-25 06:38 . 2012-03-13 18:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll</p><p>2012-01-25 06:33 . 2012-03-13 18:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>*Note* empty entries & legit default entries are not shown </p><p>REGEDIT4</p><p>.</p><p>[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]</p><p>2008-09-09 03:08 279944 ----a-w- c:\program files (x86)\AskBarDis\bar\bin\askBar.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]</p><p>"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]</p><p>.</p><p>[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]</p><p>[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]</p><p>.</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]</p><p>"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]</p><p>"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-12-21 718720]</p><p>"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]</p><p>"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-04-13 3402376]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</p><p>"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]</p><p>"Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800]</p><p>"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]</p><p>"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]</p><p>"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]</p><p>"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]</p><p>"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]</p><p>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]</p><p>"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]</p><p>.</p><p>c:\users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</p><p>NuvaTime.lnk.disabled [2011-7-3 987]</p><p>OpenOffice.org 3.1.lnk.disabled [2009-11-3 1243]</p><p>QiGO Discovery Agent.lnk - c:\users\steve\AppData\Roaming\Microsoft\Installer\{38739316-8A0C-4E60-8675-B5F6281B01FD}\_DD752229196EA0E7BC2D3D.exe [2011-7-14 17542]</p><p>.</p><p>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\</p><p>HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]</p><p>McAfee Security Scan Plus.lnk.disabled [2010-6-28 1864]</p><p>PHOTOfunSTUDIO 6.0 BD Edition.lnk.disabled [2012-1-10 2484]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</p><p>"ConsentPromptBehaviorAdmin"= 5 (0x5)</p><p>"ConsentPromptBehaviorUser"= 3 (0x3)</p><p>"EnableUIADesktopToggle"= 0 (0x0)</p><p>.</p><p>[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]</p><p>"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]</p><p>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"</p><p>"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"</p><p>"EasyTuneVI"=c:\program files (x86)\GIGABYTE\ET6\ETcall.exe</p><p>"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"</p><p>"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime</p><p>"ASUSGamerOSD"=c:\program files (x86)\ASUS\GamerOSD\GamerOSD.exe</p><p>"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"</p><p>"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"</p><p>"AVG_TRAY"=c:\program files (x86)\AVG\AVG10\avgtray.exe</p><p>"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe</p><p>"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices</p><p>"ContentTransferWMDetector.exe"=c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe</p><p>"JMB36X IDE Setup"=c:\windows\RaidTool\xInsIDE.exe</p><p>"LWS"=c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide</p><p>"AppleSyncNotifier"=c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe</p><p>.</p><p>R</p></blockquote><p></p>
[QUOTE="lplp, post: 48711, member: 1395"] Hi, thanks for helping me with this, I really appreciate it! I followed your instructions, but did have a minor blip. OLT ran the instructions fine, and I have the log from the followup quick scan. Next I disabled the antispyware (teatimer) and antivirus (MS Security Essentials). Downloaded Combofix and put it on the desktop and started Combofix, but got prompted that MSSE is still running. The MSSE dialog box showed it was stopped. I then uninstalled MSSE to ensure that it was indeed not running. I clicked the continue button for the combofix warning, again it said that MSSE antivirus was still running? I clicked OK, and Combofix then completed it's scan. Logs of OTL and combofix attached. The computer still has the same issues. thanks! OTL logfile created on: 4/13/2012 9:01:47 PM - Run 2 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\steve\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 15.99 Gb Total Physical Memory | 13.79 Gb Available Physical Memory | 86.24% Memory free 31.98 Gb Paging File | 29.64 Gb Available in Paging File | 92.66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 457.76 Gb Total Space | 218.84 Gb Free Space | 47.81% Space Free | Partition Type: NTFS Computer Name: I5-PC | User Name: steve | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\steve\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\PnkBstrB.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c)) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Users\steve\AppData\Roaming\QiGO\QiGODiscoveryAgent\QiGODiscoveryAgent.exe (QiGO) PRC - C:\Windows\SysWOW64\XSrvSetup.exe () PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Program Files (x86)\Origin\imageformats\qtiff4.dll () MOD - C:\Program Files (x86)\Origin\QtWebKit4.dll () MOD - C:\Program Files (x86)\Origin\QtXmlPatterns4.dll () MOD - C:\Program Files (x86)\Origin\QtXml4.dll () MOD - C:\Program Files (x86)\Origin\imageformats\qmng4.dll () MOD - C:\Program Files (x86)\Origin\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Origin\imageformats\qico4.dll () MOD - C:\Program Files (x86)\Origin\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Origin\QtGui4.dll () MOD - C:\Program Files (x86)\Origin\QtCore4.dll () MOD - C:\Program Files (x86)\Origin\QtNetwork4.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\avutil-51.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\avformat-53.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll () [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:[b]64bit:[/b] - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV:[b]64bit:[/b] - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV:[b]64bit:[/b] - (LVPrcS64) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:[b]64bit:[/b] - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:[b]64bit:[/b] - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:[b]64bit:[/b] - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:[b]64bit:[/b] - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.) DRV:[b]64bit:[/b] - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:[b]64bit:[/b] - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech) DRV:[b]64bit:[/b] - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech) DRV:[b]64bit:[/b] - (LVUVC64) Logitech Webcam Pro 9000(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:[b]64bit:[/b] - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:[b]64bit:[/b] - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:[b]64bit:[/b] - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:[b]64bit:[/b] - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:[b]64bit:[/b] - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:[b]64bit:[/b] - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:[b]64bit:[/b] - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:[b]64bit:[/b] - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:[b]64bit:[/b] - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:[b]64bit:[/b] - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:[b]64bit:[/b] - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.) DRV:[b]64bit:[/b] - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows (R) Codename Longhorn DDK provider) DRV:[b]64bit:[/b] - (asusgsb) -- C:\Windows\SysNative\drivers\asusgsb.sys (ASUSTeK Computer Inc.) DRV:[b]64bit:[/b] - (EIO_XP) -- C:\Windows\SysNative\drivers\EIO64_XP.sys (ASUSTeK Computer Inc.) DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys () DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (AODDriver) -- C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys () [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{19C5A942-F1C7-45BE-A1EB-9EAD485170E1}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{9B0FE47C-BED4-44E4-8C07-D7F906B08B5A}: "URL" = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=1690&l=dir IE - HKCU\..\SearchScopes\{BF0212BE-AB43-4D91-BDE1-0C74CEF5B145}: "URL" = http://search.avg.com/route/?d=4ceb1f24&v=6.11.25.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=MP3R3 IE - HKCU\..\SearchScopes\{F9FAE696-9B1B-44A2-A503-83CBBFE4D10C}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/23 19:59:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/12 18:04:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/06 16:29:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/23 19:59:13 | 000,000,000 | ---D | M] [2009/10/24 23:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steve\AppData\Roaming\Mozilla\Extensions [2011/10/02 18:31:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\bak\w5083rzp.profile 2\extensions [2011/10/02 18:31:45 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\bak\w5083rzp.profile 2\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2011/10/02 18:31:45 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\bak\w5083rzp.profile 2\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2011/10/02 18:31:48 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\bak\w5083rzp.profile 2\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2011/10/02 18:31:40 | 000,000,000 | ---D | M] (KidZui) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\bak\w5083rzp.profile 2\extensions\firefox@kidzui.com [2011/10/02 18:31:44 | 000,000,000 | ---D | M] (FlashCatch) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\bak\w5083rzp.profile 2\extensions\flashcatch-amo@flashcatch.com [2011/10/02 18:31:44 | 000,000,000 | ---D | M] (Flash Video Resources Downloader) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\bak\w5083rzp.profile 2\extensions\max@subfighter.com [2011/12/09 22:33:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\nejbf5ls.new\extensions [2011/11/12 11:17:02 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\nejbf5ls.new\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2011/10/08 18:54:27 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\nejbf5ls.new\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2011/10/08 18:54:27 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\nejbf5ls.new\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2011/10/08 18:54:27 | 000,000,000 | ---D | M] (KidZui) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\nejbf5ls.new\extensions\firefox@kidzui.com [2011/12/09 22:33:21 | 000,000,000 | ---D | M] (FlashCatch) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\nejbf5ls.new\extensions\flashcatch-amo@flashcatch.com [2011/10/08 18:54:27 | 000,000,000 | ---D | M] (Flash Video Resources Downloader) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\nejbf5ls.new\extensions\max@subfighter.com [2012/03/30 06:05:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\s859sw5f.default\extensions [2012/03/30 06:05:22 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\s859sw5f.default\extensions\crossriderapp2258@crossrider.com [2012/02/11 22:58:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/02/11 22:58:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2012/04/12 18:04:36 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/02/11 22:58:54 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012/04/12 18:04:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/04/12 18:04:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\steve\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: CacheList = C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\amhhdbdhoghppijbjfdkiaconkmfbbpa\2.3.6_0\ CHR - Extension: YouTube = C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Apple Shooter = C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingecjekeggadjbbklelffkgeppklgnm\2.1_0\ CHR - Extension: Image Properties Context Menu = C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon\0.7.5_0\ CHR - Extension: Google Maps = C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.3_0\ CHR - Extension: Plants vs Zombies = C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\ CHR - Extension: Gmail = C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/04/13 20:53:16 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:[b]64bit:[/b] - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll File not found O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll File not found O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll File not found O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll File not found O4:[b]64bit:[/b] - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c)) O4 - HKCU..\Run: [conhost] C:\Users\steve\AppData\Roaming\Microsoft\conhost.exe File not found O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NuvaTime.lnk.disabled () O4 - Startup: C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk.disabled () O4 - Startup: C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QiGO Discovery Agent.lnk = C:\Users\steve\AppData\Roaming\Microsoft\Installer\{38739316-8A0C-4E60-8675-B5F6281B01FD}\_DD752229196EA0E7BC2D3D.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D8BAD41-EF15-4C7A-834C-7F42EB7A7822}: DhcpNameServer = 192.168.1.1 71.252.0.12 O18:[b]64bit:[/b] - Protocol\Handler\avgsecuritytoolbar - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll File not found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\LBTWlgn: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/04/13 20:53:14 | 000,000,000 | ---D | C] -- C:\_OTL [2012/04/12 23:32:04 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\steve\Desktop\OTL.exe [2012/04/12 22:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012/04/12 22:42:50 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012/04/12 22:42:50 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012/04/12 22:13:14 | 000,000,000 | ---D | C] -- C:\Users\steve\AppData\Local\Origin [2012/04/12 22:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2012/04/12 22:12:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2012/04/12 19:13:38 | 000,000,000 | ---D | C] -- C:\Users\steve\Documents\Battlefield 3 [2012/04/12 08:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 [2012/04/09 20:57:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2012/04/09 20:54:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64 [2012/04/09 20:54:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C [2012/04/09 20:04:09 | 002,071,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\iexplorer_1.exe [2012/04/09 08:22:40 | 000,000,000 | ---D | C] -- C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD [2012/03/31 09:06:44 | 000,000,000 | ---D | C] -- C:\Users\steve\AppData\Roaming\AdobeLensProfileDownloader [2012/03/31 09:06:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Lens Profile Downloader [2012/03/30 18:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012/03/30 18:27:10 | 000,000,000 | ---D | C] -- C:\Users\steve\Desktop\Adobe [2012/03/29 21:56:04 | 000,000,000 | ---D | C] -- C:\Users\steve\Documents\BioWare [2012/03/17 10:00:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/03/17 10:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/03/17 10:00:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/03/17 10:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012/03/16 19:55:55 | 000,000,000 | ---D | C] -- C:\Users\steve\Documents\Adobe [2 C:\Users\steve\Documents\*.tmp files -> C:\Users\steve\Documents\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/04/13 21:06:35 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/13 21:06:35 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/13 20:58:58 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/13 20:58:30 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/13 20:58:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/13 20:58:20 | 4288,274,430 | -HS- | M] () -- C:\hiberfil.sys [2012/04/13 20:53:16 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2012/04/13 20:27:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/13 15:55:23 | 000,002,348 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/04/13 00:07:01 | 000,796,580 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/04/13 00:07:01 | 000,662,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/04/13 00:07:01 | 000,122,236 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/04/12 23:30:57 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\steve\Desktop\OTL.exe [2012/04/12 22:22:54 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/04/12 22:22:43 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012/04/12 22:22:43 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/04/12 22:12:26 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2012/04/12 18:04:38 | 000,002,052 | ---- | M] () -- C:\Users\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/04/12 08:18:05 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2012/04/10 07:49:59 | 000,001,087 | ---- | M] () -- C:\Users\steve\Desktop\SpywareBlaster.lnk [2012/04/09 22:00:17 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/09 20:57:29 | 002,018,317 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\Cat.DB [2012/04/09 20:04:09 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\iexplorer_1.exe [2012/04/09 08:22:40 | 000,000,675 | ---- | M] () -- C:\Users\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk [2012/04/09 08:22:40 | 000,000,651 | ---- | M] () -- C:\Users\steve\Desktop\SMART_HDD.lnk [2012/04/08 23:36:32 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/03/31 09:06:29 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Lens Profile Downloader.lnk [2012/03/30 18:35:01 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 4 64-bit.lnk [2012/03/17 10:02:34 | 000,002,515 | ---- | M] () -- C:\Users\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2012/03/17 10:02:34 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2012/03/17 10:00:39 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2 C:\Users\steve\Documents\*.tmp files -> C:\Users\steve\Documents\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/04/13 07:37:59 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/12 22:12:26 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2012/04/12 08:18:05 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2012/04/11 23:01:53 | 002,515,790 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2012/04/09 21:25:44 | 000,002,741 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk [2012/04/09 21:25:44 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012/04/09 21:25:44 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2012/04/09 21:25:44 | 000,002,348 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/04/09 21:25:44 | 000,002,346 | ---- | C] () -- C:\Users\Public\Desktop\Media Impression.lnk [2012/04/09 21:25:44 | 000,002,225 | ---- | C] () -- C:\Users\Public\Desktop\Need For Speed World.lnk [2012/04/09 21:25:44 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012/04/09 21:25:44 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\PHOTOfunSTUDIO 6.0 BD Edition.lnk [2012/04/09 21:25:44 | 000,002,171 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk [2012/04/09 21:25:44 | 000,002,140 | ---- | C] () -- C:\Users\Public\Desktop\SILKYPIX Developer Studio 3.1 SE.lnk [2012/04/09 21:25:44 | 000,002,139 | ---- | C] () -- C:\Users\Public\Desktop\Panorama Maker 4.lnk [2012/04/09 21:25:44 | 000,002,041 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk [2012/04/09 21:25:44 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 4 64-bit.lnk [2012/04/09 21:25:44 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\ET6.lnk [2012/04/09 21:25:44 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/04/09 21:25:44 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/04/09 21:25:44 | 000,001,837 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2012/04/09 21:25:44 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/04/09 21:25:44 | 000,001,628 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk [2012/04/09 21:25:44 | 000,001,319 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk [2012/04/09 21:25:44 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk [2012/04/09 21:25:44 | 000,001,165 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk [2012/04/09 21:25:44 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk [2012/04/09 21:25:44 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/09 21:25:44 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster.lnk [2012/04/09 21:25:44 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\Content Transfer.lnk [2012/04/09 21:25:44 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/04/09 21:25:44 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\Easy Media Player.lnk [2012/04/09 21:25:44 | 000,000,187 | ---- | C] () -- C:\Users\Public\Desktop\Photo & Video Editor Super LoiLoScope Download.url [2012/04/09 21:25:43 | 000,002,484 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.0 BD Edition.lnk.disabled [2012/04/09 21:25:43 | 000,002,417 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk [2012/04/09 21:25:43 | 000,002,103 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012/04/09 21:25:43 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012/04/09 21:25:43 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk.disabled [2012/04/09 21:25:43 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2012/04/09 21:25:43 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk [2012/04/09 21:25:43 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012/04/09 21:25:43 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk [2012/04/09 21:25:43 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [2012/04/09 21:25:43 | 000,001,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 5.lnk [2012/04/09 21:25:43 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Lens Profile Downloader.lnk [2012/04/09 21:25:42 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk [2012/04/09 21:25:42 | 000,001,849 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012/04/09 21:25:42 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [2012/04/09 21:25:41 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012/04/09 21:25:41 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/04/09 21:25:40 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012/04/09 21:25:40 | 000,001,058 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk [2012/04/09 21:25:38 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012/04/09 21:25:38 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012/04/09 21:25:38 | 000,002,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4 64-bit.lnk [2012/04/09 21:25:38 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lens Profile Downloader.lnk [2012/04/09 20:57:19 | 002,018,317 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\Cat.DB [2012/04/09 08:22:40 | 000,000,675 | ---- | C] () -- C:\Users\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk [2012/04/09 08:22:40 | 000,000,651 | ---- | C] () -- C:\Users\steve\Desktop\SMART_HDD.lnk [2012/01/10 01:42:23 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2012/01/10 01:42:23 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2012/01/10 01:42:23 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2012/01/10 01:42:23 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2012/01/10 01:42:23 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2012/01/10 01:42:23 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2012/01/10 01:42:23 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2012/01/10 01:42:23 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2012/01/10 01:42:23 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2012/01/10 01:42:23 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2012/01/10 01:42:23 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2012/01/10 01:42:23 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2012/01/10 01:42:23 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2012/01/10 01:42:23 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2012/01/10 01:42:23 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2012/01/10 01:42:23 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2012/01/10 01:42:23 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2012/01/10 01:42:23 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2012/01/10 01:42:23 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2011/12/23 19:56:40 | 000,221,312 | ---- | C] () -- C:\Windows\hpoins19.dat [2011/12/23 19:56:40 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2011/12/21 08:53:14 | 000,000,000 | ---- | C] () -- C:\Users\steve\AppData\Local\{092E70C7-0F85-432B-8EA1-99778C692ABF} [2011/12/20 13:18:10 | 000,195,732 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011/10/17 05:10:50 | 000,000,000 | ---- | C] () -- C:\Users\steve\AppData\Local\{71BAC429-A9BB-45F7-9D77-6439834FC593} [2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011/09/27 21:14:53 | 000,013,444 | ---- | C] () -- C:\Users\steve\AppData\Roaming\SJEE47.668SJ [2011/03/23 17:38:33 | 000,000,644 | ---- | C] () -- C:\Windows\EReg515.dat [2011/03/23 17:38:17 | 000,000,460 | ---- | C] () -- C:\Windows\Disney.ini [2011/02/24 20:02:31 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2011/01/12 22:43:29 | 000,776,426 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/01/12 21:02:17 | 000,000,272 | ---- | C] () -- C:\Windows\wininit.ini [2010/12/16 22:21:30 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2010/10/03 19:04:57 | 000,003,584 | ---- | C] () -- C:\Users\steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/09 20:38:16 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010/05/14 17:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2010/05/14 17:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2010/05/14 17:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [color=#E56717]========== LOP Check ==========[/color] [2009/12/19 20:45:32 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\Amazon [2010/11/22 21:56:38 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\AVG10 [2011/11/05 01:12:21 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\BF3CC [2011/05/28 15:14:19 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\BFBC2CC [2011/12/17 11:03:25 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\COWON [2011/01/20 23:20:05 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\FileZilla [2010/09/27 00:08:20 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\FireShot [2011/03/23 21:10:15 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\GARMIN [2010/11/22 22:14:03 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\IObit [2010/12/25 12:22:31 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\Leadertech [2011/12/01 23:09:09 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\mp3rocket [2011/02/12 23:10:08 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\Need for Speed World [2011/06/12 16:13:31 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\nuvaring.nuvatime.325004F4631BB8A43CC5A9432BA18C87B2BD812C.1 [2009/11/03 11:42:30 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\OpenOffice.org [2011/06/26 23:42:26 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\Opera [2011/10/21 12:29:19 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\Origin [2011/06/30 20:14:37 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\Picturenaut [2011/07/14 18:36:44 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\QiGO [2011/03/09 22:48:15 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\SanDisk [2010/03/13 04:24:24 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\TeamViewer [2011/01/12 10:57:16 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\Tific [2012/02/29 20:34:16 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\TreeCardGames [2012/03/09 11:15:57 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\TS3Client [2009/12/18 20:12:41 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\updatetool [2011/12/16 01:38:33 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\uTorrent [2012/03/15 23:55:08 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 3437 bytes -> C:\Users\steve\Documents\JanuaryGardenSproutNewsletter.eml:OECustomProperty < End of report > combofix log: ComboFix 12-04-13.01 - steve 04/13/2012 21:18:31.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16375.13980 [GMT -4:00] Running from: c:\users\steve\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\steve\Documents\~WRL1776.tmp c:\users\steve\Documents\~WRL2539.tmp . . ((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 ))))))))))))))))))))))))))))))) . . 2012-04-14 01:25 . 2012-04-14 01:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-14 00:53 . 2012-04-14 00:53 -------- d-----w- C:\_OTL 2012-04-13 12:14 . 2012-04-13 12:14 8767136 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-13 11:37 . 2012-04-13 12:14 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-04-13 04:04 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-13 04:04 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-04-13 04:04 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-04-13 04:03 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-13 04:03 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-13 04:03 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-13 04:03 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-13 04:03 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-13 04:03 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-13 04:03 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-04-13 02:43 . 2011-10-15 08:53 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll 2012-04-13 02:13 . 2012-04-13 02:13 -------- d-----w- c:\users\steve\AppData\Local\Origin 2012-04-13 02:12 . 2012-04-13 02:13 -------- d-----w- c:\program files (x86)\Origin 2012-04-12 22:04 . 2012-04-12 22:04 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-04-12 22:04 . 2012-04-12 22:04 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-04-12 03:02 . 2012-04-13 02:44 -------- d-----w- c:\users\UpdatusUser 2012-04-12 03:01 . 2012-02-29 20:59 2515790 ----a-w- c:\windows\system32\nvcoproc.bin 2012-04-12 03:00 . 2012-03-01 00:02 962368 ----a-w- c:\windows\system32\nvumdshimx.dll 2012-04-12 03:00 . 2012-03-01 00:02 812352 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2012-04-12 03:00 . 2012-03-01 00:02 364352 ----a-w- c:\windows\system32\nvdecodemft.dll 2012-04-12 03:00 . 2012-03-01 00:02 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll 2012-04-12 03:00 . 2012-03-01 00:02 260416 ----a-w- c:\windows\system32\nvinitx.dll 2012-04-12 03:00 . 2012-03-01 00:02 215360 ----a-w- c:\windows\SysWow64\nvinit.dll 2012-04-12 03:00 . 2012-01-17 12:45 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2012-04-12 03:00 . 2011-10-15 08:53 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-04-10 00:57 . 2012-04-10 01:27 -------- d-----w- c:\program files\Common Files\Symantec Shared 2012-04-10 00:54 . 2012-04-10 00:54 -------- d-----w- c:\windows\system32\drivers\NISx64 2012-04-10 00:04 . 2012-04-10 00:04 2071600 ----a-w- C:\iexplorer_1.exe 2012-03-31 13:06 . 2012-03-31 13:06 -------- d-----w- c:\users\steve\AppData\Roaming\AdobeLensProfileDownloader 2012-03-31 13:06 . 2012-03-31 13:06 -------- d-----w- c:\program files (x86)\Adobe Lens Profile Downloader 2012-03-17 14:00 . 2012-03-17 14:00 -------- d-----w- c:\program files\iPod 2012-03-17 14:00 . 2012-03-17 14:00 -------- d-----w- c:\program files\iTunes 2012-03-17 14:00 . 2012-03-17 14:00 -------- d-----w- c:\program files (x86)\iTunes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-13 12:14 . 2011-06-01 04:36 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-13 02:22 . 2009-11-03 16:00 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-04-13 02:22 . 2009-11-03 16:00 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-04-13 02:22 . 2009-11-03 16:00 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-04-09 03:36 . 2009-11-03 16:02 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-04-04 19:56 . 2009-10-25 03:05 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-25 15:15 . 2011-11-17 19:01 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-02-17 06:38 . 2012-03-13 18:34 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 05:34 . 2012-03-13 18:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58 . 2012-03-13 18:34 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:57 . 2012-03-13 18:34 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-02-10 06:36 . 2012-03-13 19:51 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-02-10 05:38 . 2012-03-13 19:51 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-02-03 04:34 . 2012-03-13 19:51 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-01-31 12:44 . 2009-10-24 09:07 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-25 06:38 . 2012-03-13 18:34 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-01-25 06:38 . 2012-03-13 18:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-01-25 06:33 . 2012-03-13 18:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-09-09 03:08 279944 ----a-w- c:\program files (x86)\AskBarDis\bar\bin\askBar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944] . [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184] "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-12-21 718720] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-04-13 3402376] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736] . c:\users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ NuvaTime.lnk.disabled [2011-7-3 987] OpenOffice.org 3.1.lnk.disabled [2009-11-3 1243] QiGO Discovery Agent.lnk - c:\users\steve\AppData\Roaming\Microsoft\Installer\{38739316-8A0C-4E60-8675-B5F6281B01FD}\_DD752229196EA0E7BC2D3D.exe [2011-7-14 17542] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] McAfee Security Scan Plus.lnk.disabled [2010-6-28 1864] PHOTOfunSTUDIO 6.0 BD Edition.lnk.disabled [2012-1-10 2484] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "EasyTuneVI"=c:\program files (x86)\GIGABYTE\ET6\ETcall.exe "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime "ASUSGamerOSD"=c:\program files (x86)\ASUS\GamerOSD\GamerOSD.exe "NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "AVG_TRAY"=c:\program files (x86)\AVG\AVG10\avgtray.exe "HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices "ContentTransferWMDetector.exe"=c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe "JMB36X IDE Setup"=c:\windows\RaidTool\xInsIDE.exe "LWS"=c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide "AppleSyncNotifier"=c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . R [/QUOTE]
Insert quotes…
Verification
Post reply
Top
