Solved Possible infection-Win 7- logs attached

geno368 · 2011/11/07

Hi again..thanks
My system seems ok. I uninstalled AVG but saved my user settings. I followed your instructions and here is the latest Combofix log:
ComboFix 11-11-07.03 - DEAN 11/07/2011 9:41.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6109.4526 [GMT -6:00]
Running from: c:\users\CRABTREE\Desktop\ComboFix.exe
Command switches used :: c:\users\CRABTREE\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\CRABTREE\AppData\Roaming\Duojf
c:\users\CRABTREE\AppData\Roaming\Tydije
.
.
((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))
.
.
2011-11-07 15:48 . 2011-11-07 15:48 -------- d-----w- c:\users\Tech\AppData\Local\temp
2011-11-07 15:48 . 2011-11-07 15:48 -------- d-----w- c:\users\Gene\AppData\Local\temp
2011-11-07 15:48 . 2011-11-07 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-31 13:37 . 2011-10-31 14:42 -------- d-----w- C:\X-Plane 9
2011-10-26 18:57 . 2011-10-26 18:57 -------- d-----w- C:\symbols
2011-10-26 18:02 . 2011-10-26 18:57 -------- d-----w- c:\program files\Debugging Tools for Windows (x64)
2011-10-26 18:02 . 2011-10-26 18:02 -------- d-----w- c:\program files\Microsoft SDKs
2011-10-19 18:44 . 2011-10-19 18:44 -------- d-----w- c:\users\CRABTREE\AppData\Roaming\AVG2012
2011-10-19 18:42 . 2011-11-05 21:11 -------- d-----w- c:\programdata\AVG2012
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-18 20:41 . 2011-06-21 15:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 20:06 . 2011-10-01 20:06 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys
2011-10-01 20:06 . 2011-07-15 22:23 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2011-10-01 20:06 . 2011-10-01 20:06 970336 ----a-w- c:\windows\system32\drivers\timntr.sys
2011-09-09 19:38 . 2011-09-09 19:38 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-05 13:13 . 2011-09-05 13:13 277088 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-08-19 14:55 . 2011-08-19 14:57 94720 ----a-w- c:\windows\system32\antiwpa.dll
2011-08-11 20:49 . 2011-08-11 20:49 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-08-11 20:49 . 2011-08-11 20:49 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-08-11 20:48 . 2011-08-11 20:48 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-08-11 20:48 . 2011-08-11 20:48 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-05_21.32.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-27 20:15 . 2011-11-05 22:06 65620 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-11-05 21:34 43206 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-05 22:06 43206 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-09 16:30 . 2011-11-05 22:06 22842 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2570443451-2467324081-1727471922-1000_UserData.bin
+ 2010-01-09 16:37 . 2011-11-07 15:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-09 16:37 . 2011-11-05 21:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-09 16:37 . 2011-11-07 15:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-09 16:37 . 2011-11-05 21:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-09 16:37 . 2011-11-05 21:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-09 16:37 . 2011-11-07 15:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-09 16:15 . 2011-11-07 15:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-09 16:15 . 2011-11-05 21:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-09 16:15 . 2011-11-07 15:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-09 16:15 . 2011-11-05 21:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-05 21:31 . 2011-11-05 21:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-07 15:49 . 2011-11-07 15:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-07 15:49 . 2011-11-07 15:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-05 21:31 . 2011-11-05 21:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-20 23:12 . 2011-11-07 15:32 711666 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-11-03 18:35 626844 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-07 15:53 626844 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-07 15:53 107160 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-11-03 18:35 107160 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-11-05 21:30 451920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-07 15:48 451920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2011-11-05 21:26 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-11-07 13:05 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-05-02 13:04 . 2011-11-07 15:48 35354756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2570443451-2467324081-1727471922-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail "= "c:\program files (x86)\IncrediMail\bin\IncMail.exe" [2011-09-26 366024]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2009-07-14 163328]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"RoboForm "= "c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-10-29 107000]
"swg "= "c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-08 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2} "= "c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"TrueImageMonitor.exe "= "c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-23 5550984]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm "= "c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-10-29 107000]
.
c:\users\CRABTREE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)
"EnableLinkedConnections "= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
[BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~2\Google\GOBCA7~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1c98ebdbdbb100;Google Update Service (gupdate1c98ebdbdbb100);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-09 135664]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-21 30192]
R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-09 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-09 135664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 tvnserver;TightVNC Server;c:\users\CRABTREE\AppData\Local\CrossLoop\tvnserver.exe [2010-07-21 814080]
R3 uvnc_service;uvnc_service;c:\users\CRABTREE\AppData\Local\CrossLoop\winvnc.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-09-05 3246040]
S2 CrossLoopService;CrossLoop Service;c:\users\CRABTREE\AppData\Local\CrossLoop\CrossLoopService.exe [2010-08-18 560848]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 17:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-06 c:\windows\Tasks\AWC Startup.job
- c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2009-07-12 22:19]
.
2011-11-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-27 20:41]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-09 22:04]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-09 22:04]
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570443451-2467324081-1727471922-1000Core.job
- c:\users\CRABTREE\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-02 12:39]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570443451-2467324081-1727471922-1000UA.job
- c:\users\CRABTREE\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-02 12:39]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"EvtMgr6 "= "c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-05-23 15851040]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-05-23 82464]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"Acronis Scheduler2 Service "= "c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-02 390720]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173601106206p0365v1j5k4871r25n
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {AA25A56C-B654-4356-B390-DC3594B75C63} - hxxp://65.15.154.215:81/codebase/HCNetVideoActiveX.cab
FF - ProfilePath - c:\users\CRABTREE\AppData\Roaming\Mozilla\Firefox\Profiles\xzvs5cdp.default\
FF - prefs.js: browser.search.selectedEngine - Dogpile
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/?_bc=1
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&a=1uwsoPxbpd9&search=
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,1b,63,ed,c3,54,34,4c,a0,61,08,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,1b,63,ed,c3,54,34,4c,a0,61,08,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.10 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue "=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution "= "{15727DE6-F92D-4E46-ACB4-0E2C58B31A18} "
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key "= "ActionsPane3 "
"Location "= "c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd "
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\ACR0007\4&2e65fa43&0&UID16843008\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\ACR0007\4&2e65fa43&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\ACR0007\4&2e65fa43&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\4&2e65fa43&0&UID16843008\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\4&2e65fa43&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\4&2e65fa43&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\DELF003\4&2e65fa43&0&UID16843008\Device Parameters\MODES]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\DELF003\4&2e65fa43&0&UID16843008\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\DELF003\4&2e65fa43&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\DELF003\4&2e65fa43&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A2\4&2e65fa43&0&UID16843008\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A2\4&2e65fa43&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A2\4&2e65fa43&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\SAM016B\4&2e65fa43&0&UID16843008\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\SAM016B\4&2e65fa43&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\SAM016B\4&2e65fa43&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files (x86)\IncrediMail\Bin\ImApp.exe
.
**************************************************************************
.
Completion time: 2011-11-07 10:01:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-07 16:01
ComboFix2.txt 2011-11-05 21:39
.
Pre-Run: 652,817,383,424 bytes free
Post-Run: 652,214,456,320 bytes free
.
- - End Of File - - A885E90FE4D74CD12A29008C88D79C66

broni · 2011/11/07

Good news

You can reinstall AVG now.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

geno368 · 2011/11/08

file is too long...this is the first half

OTL logfile created on: 11/8/2011 8:20:52 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\CRABTREE\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 4.14 Gb Available Physical Memory | 69.40% Memory free
14.91 Gb Paging File | 12.95 Gb Available in Paging File | 86.86% Paging File free
Paging file location(s): c:\pagefile.sys 9163 9163 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 609.24 Gb Free Space | 66.48% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 47.47 Gb Free Space | 15.92% Space Free | Partition Type: NTFS

Computer Name: DEAN-PC | User Name: DEAN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/08 08:18:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\CRABTREE\Desktop\OTL.exe
PRC - [2011/11/07 16:56:52 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2011/10/24 20:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/09/26 08:35:38 | 000,366,024 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
PRC - [2011/09/26 08:35:38 | 000,263,624 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
PRC - [2011/09/22 22:28:29 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/22 19:29:54 | 005,550,984 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011/09/05 07:50:10 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/02/01 18:53:32 | 000,390,720 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/08/17 19:26:38 | 000,560,848 | ---- | M] (CrossLoop Inc) -- C:\Users\CRABTREE\AppData\Local\CrossLoop\CrossLoopService.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/06/29 16:54:16 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2005/07/15 15:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/26 08:35:38 | 000,267,720 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll
MOD - [2011/09/26 08:35:38 | 000,132,552 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll
MOD - [2011/09/26 08:35:38 | 000,079,304 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImAppRU.dll
MOD - [2011/09/26 08:35:38 | 000,071,112 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll
MOD - [2011/09/22 22:28:29 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/06/30 06:28:27 | 000,107,896 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\PMC.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/05 07:50:10 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/01 18:55:24 | 001,112,240 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/08/17 19:26:38 | 000,560,848 | ---- | M] (CrossLoop Inc) [Auto | Running] -- C:\Users\CRABTREE\AppData\Local\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2010/07/21 08:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Users\CRABTREE\AppData\Local\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2010/04/16 17:09:06 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/06/29 16:54:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2006/09/16 20:08:00 | 000,071,184 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/10/01 14:06:42 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011/10/01 14:06:41 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV:64bit: - [2011/10/01 14:06:40 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/09/05 07:13:54 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/11 18:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/16 20:24:34 | 000,027,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 18:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 18:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/06/12 04:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/25 14:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173601106206p0365v1j5k4871r25n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173601106206p0365v1j5k4871r25n

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-21-2570443451-2467324081-1727471922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2570443451-2467324081-1727471922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2570443451-2467324081-1727471922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 AE 90 61 FF 33 CB 01 [binary data]
IE - HKU\S-1-5-21-2570443451-2467324081-1727471922-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2570443451-2467324081-1727471922-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search "
FF - prefs.js..browser.search.selectedEngine: "Dogpile "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/?_bc=1 "
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/?loc=ff_address_bar&a=1uwsoPxbpd9&search= "
FF - prefs.js..network.proxy.type: 4

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\CRABTREE\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\CRABTREE\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\CRABTREE\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\CRABTREE\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011/11/07 17:02:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/29 05:46:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/17 17:09:48 | 000,000,000 | ---D | M]

[2011/02/06 13:21:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\CRABTREE\AppData\Roaming\mozilla\Extensions
[2011/02/06 13:21:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\CRABTREE\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/29 08:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CRABTREE\AppData\Roaming\mozilla\Firefox\Profiles\xzvs5cdp.default\extensions
[2011/10/18 14:21:18 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\CRABTREE\AppData\Roaming\mozilla\Firefox\Profiles\xzvs5cdp.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/10/18 14:30:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\CRABTREE\AppData\Roaming\mozilla\Firefox\Profiles\xzvs5cdp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/18 14:30:54 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\CRABTREE\AppData\Roaming\mozilla\Firefox\Profiles\xzvs5cdp.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/05/19 08:50:46 | 000,002,014 | -H-- | M] () -- C:\Users\CRABTREE\AppData\Roaming\Mozilla\Firefox\Profiles\xzvs5cdp.default\searchplugins\dogpile.xml
[2011/09/29 05:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/02 15:46:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/05/02 15:46:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/05/02 15:46:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/02 15:46:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/09/22 22:28:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/22 19:16:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2007/07/26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
[2010/06/08 14:33:45 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/11/07 09:55:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-2570443451-2467324081-1727471922-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-2570443451-2467324081-1727471922-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\.DEFAULT..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-18..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-2570443451-2467324081-1727471922-1000..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-2570443451-2467324081-1727471922-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Users\CRABTREE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2570443451-2467324081-1727471922-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2570443451-2467324081-1727471922-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2570443451-2467324081-1727471922-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2570443451-2467324081-1727471922-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-2570443451-2467324081-1727471922-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O15 - HKU\S-1-5-21-2570443451-2467324081-1727471922-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-2570443451-2467324081-1727471922-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2570443451-2467324081-1727471922-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab (Reg Error: Key error.)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (Reg Error: Key error.)
O16 - DPF: {AA25A56C-B654-4356-B390-DC3594B75C63} http://65.15.154.215:81/codebase/HCNetVideoActiveX.cab (HCNetVideoActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7D640D0-6EAB-4A49-AC56-DD7D2F91F6FE}: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA8713C9-52CC-42DD-A388-B7B0CCC5398B}: DhcpNameServer = 192.168.1.254 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOBCA7~1\GoogleDesktopNetwork3.dll) -C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\ExplorerFrame.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\ExplorerFrame.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/06 12:59:43 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/08 08:18:49 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\CRABTREE\Desktop\OTL.exe
[2011/11/08 08:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/11/08 08:10:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/11/08 08:03:56 | 003,903,608 | ---- | C] (AVG Technologies) -- C:\Users\CRABTREE\Desktop\avg_free_stb_all_2012_1869_cnet.exe
[2011/11/07 17:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
[2011/11/07 16:37:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/07 14:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/07 10:01:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/05 15:18:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/05 15:18:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/05 15:18:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/05 15:17:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/05 15:17:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/31 07:37:54 | 000,000,000 | ---D | C] -- C:\X-Plane 9
[2011/10/29 16:11:53 | 000,000,000 | ---D | C] -- C:\Users\Gene\Documents\debugwiz
[2011/10/26 12:57:27 | 000,000,000 | ---D | C] -- C:\symbols
[2011/10/26 12:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x64)
[2011/10/26 12:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x64)
[2011/10/26 12:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
[2011/10/26 12:02:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2011/10/24 15:22:13 | 000,463,080 | ---- | C] (CNET Download.com) -- C:\Users\Gene\Documents\cnet_CrossLoopSetup_exe.exe
[2011/10/19 12:44:51 | 000,000,000 | ---D | C] -- C:\Users\CRABTREE\AppData\Roaming\AVG2012
[2011/10/19 12:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2008/05/05 16:19:52 | 000,122,880 | ---- | C] ( ) -- C:\Windows\SysWow64\alauploader.exe
[2008/05/05 16:19:52 | 000,098,304 | ---- | C] ( ) -- C:\Windows\SysWow64\AutoLicense.dll
[2008/05/05 16:19:52 | 000,045,056 | ---- | C] ( ) -- C:\Windows\SysWow64\AutoPAX.dll
[2 C:\Users\CRABTREE\AppData\Local\*.tmp files -> C:\Users\CRABTREE\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/08 08:22:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/11/08 08:18:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\CRABTREE\Desktop\OTL.exe
[2011/11/08 08:16:02 | 070,844,662 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/11/08 08:10:46 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/08 08:10:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/11/08 08:10:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/11/08 08:09:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/08 08:04:29 | 003,903,608 | ---- | M] (AVG Technologies) -- C:\Users\CRABTREE\Desktop\avg_free_stb_all_2012_1869_cnet.exe
[2011/11/08 07:46:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2570443451-2467324081-1727471922-1000UA.job
[2011/11/08 07:15:07 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 07:15:07 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 07:09:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/08 07:00:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/07 17:06:23 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/07 17:06:23 | 000,626,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/07 17:06:23 | 000,107,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/07 16:59:54 | 509,456,383 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/07 14:58:59 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2570443451-2467324081-1727471922-1000Core.job
[2011/11/07 14:55:54 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/07 09:55:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/07 06:45:25 | 000,157,184 | ---- | M] () -- C:\Users\CRABTREE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/03 23:38:30 | 539,815,287 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/03 12:36:28 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/02 12:59:29 | 000,013,533 | ---- | M] () -- C:\Users\CRABTREE\Desktop\MEMORY INVENTORY - Shortcut.lnk
[2011/10/30 16:48:22 | 000,000,512 | ---- | M] () -- C:\Users\Gene\Documents\MBR.dat
[2011/10/29 16:06:14 | 007,941,472 | ---- | M] (Siber Systems) -- C:\Users\Gene\Documents\RoboForm-Setup.exe
[2011/10/27 06:31:40 | 002,331,872 | ---- | M] () -- C:\Users\CRABTREE\Desktop\coupon book.pdf
[2011/10/26 09:22:46 | 000,193,831 | ---- | M] () -- C:\Users\Gene\Documents\license.jpg
[2011/10/24 15:20:03 | 000,463,080 | ---- | M] (CNET Download.com) -- C:\Users\Gene\Documents\cnet_CrossLoopSetup_exe.exe
[2011/10/18 15:38:58 | 000,000,050 | ---- | M] () -- C:\Users\CRABTREE\Desktop\Dogpile Web Search.URL
[2011/10/18 15:34:56 | 000,004,370 | ---- | M] () -- C:\Users\CRABTREE\Desktop\YouTube.url
[2011/10/18 15:19:39 | 000,001,575 | ---- | M] () -- C:\Users\CRABTREE\Desktop\Weather channel.url
[2011/10/18 15:19:03 | 000,000,578 | ---- | M] () -- C:\Users\CRABTREE\Desktop\Weather Underground (2).url
[2011/10/18 15:18:52 | 000,000,396 | ---- | M] () -- C:\Users\CRABTREE\Desktop\AccuWeather.url
[2011/10/18 15:17:23 | 000,000,551 | ---- | M] () -- C:\Users\CRABTREE\Desktop\Accounts Receivable.lnk
[2011/10/18 12:31:33 | 000,000,456 | ---- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/10/18 12:30:14 | 000,000,280 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011/10/18 12:30:14 | 000,000,192 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
[2011/10/18 06:08:01 | 000,020,175 | -H-- | M] () -- C:\Users\CRABTREE\Desktop\OTHER_104010.PDF
[2011/10/13 08:18:52 | 000,501,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

geno368 · 2011/11/08

[2 C:\Users\CRABTREE\AppData\Local\*.tmp files -> C:\Users\CRABTREE\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/08 08:10:46 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/08 08:10:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/11/08 08:10:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/11/07 14:55:54 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/05 15:18:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/05 15:18:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/05 15:18:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/05 15:18:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/05 15:18:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/02 12:59:29 | 000,013,533 | ---- | C] () -- C:\Users\CRABTREE\Desktop\MEMORY INVENTORY - Shortcut.lnk
[2011/10/31 07:26:41 | 000,000,512 | ---- | C] () -- C:\Users\Gene\Documents\MBR.dat
[2011/10/27 06:31:33 | 002,331,872 | ---- | C] () -- C:\Users\CRABTREE\Desktop\coupon book.pdf
[2011/10/26 09:24:52 | 000,193,831 | ---- | C] () -- C:\Users\Gene\Documents\license.jpg
[2011/10/18 15:38:58 | 000,000,050 | ---- | C] () -- C:\Users\CRABTREE\Desktop\Dogpile Web Search.URL
[2011/10/18 15:34:56 | 000,004,370 | ---- | C] () -- C:\Users\CRABTREE\Desktop\YouTube.url
[2011/10/18 15:19:39 | 000,001,575 | ---- | C] () -- C:\Users\CRABTREE\Desktop\Weather channel.url
[2011/10/18 15:19:03 | 000,000,578 | ---- | C] () -- C:\Users\CRABTREE\Desktop\Weather Underground (2).url
[2011/10/18 15:18:52 | 000,000,396 | ---- | C] () -- C:\Users\CRABTREE\Desktop\AccuWeather.url
[2011/10/18 12:30:14 | 000,000,192 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
[2011/10/18 12:30:13 | 000,000,280 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011/10/18 12:30:02 | 000,000,456 | ---- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/10/18 06:08:00 | 000,020,175 | -H-- | C] () -- C:\Users\CRABTREE\Desktop\OTHER_104010.PDF
[2011/10/11 15:52:24 | 000,061,340 | ---- | C] () -- C:\Users\Gene\Documents\Real Estate Lease - Commercial Matthews.rtf
[2011/10/11 08:26:30 | 002,710,661 | ---- | C] () -- C:\Users\Gene\Documents\STRDG500.pdf
[2011/10/11 08:26:24 | 000,854,972 | ---- | C] () -- C:\Users\Gene\Documents\STRDG500_qs.pdf
[2011/04/14 17:03:40 | 000,003,565 | ---- | C] () -- C:\Windows\SysWow64\RDDlg.dat
[2011/02/20 07:53:09 | 000,747,070 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/09 11:49:42 | 000,000,183 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/12/25 17:34:50 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/12/25 10:50:20 | 000,000,680 | -H-- | C] () -- C:\Users\CRABTREE\AppData\Local\d3d9caps.dat
[2010/12/19 14:10:33 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe
[2010/12/19 09:55:57 | 000,099,357 | ---- | C] () -- C:\Windows\hpqins01.dat
[2010/12/19 09:54:30 | 000,096,874 | ---- | C] () -- C:\Windows\hpqins11.dat
[2010/12/16 11:36:05 | 000,164,353 | ---- | C] () -- C:\Windows\hpwins19.dat
[2010/12/16 11:36:04 | 000,000,253 | ---- | C] () -- C:\Windows\hpwmdl19.dat
[2010/12/13 13:33:03 | 000,077,390 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/12/13 09:19:24 | 000,000,031 | ---- | C] () -- C:\Windows\setscan.ini
[2010/12/12 10:04:05 | 000,176,197 | ---- | C] () -- C:\Windows\hpwins19.dat.temp
[2010/12/12 10:04:05 | 000,000,997 | ---- | C] () -- C:\Windows\hpwmdl19.dat.temp
[2010/09/26 12:57:04 | 000,000,196 | ---- | C] () -- C:\Windows\Readiris.ini
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/04 15:27:07 | 000,139,764 | ---- | C] () -- C:\Windows\hpoins15.dat.temp
[2010/08/04 15:27:07 | 000,001,039 | ---- | C] () -- C:\Windows\hpomdl15.dat.temp
[2010/05/18 06:50:00 | 000,022,780 | -H-- | C] () -- C:\Users\CRABTREE\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010/04/28 15:38:38 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI
[2010/01/29 10:04:11 | 000,253,952 | ---- | C] () -- C:\Windows\msfxinfz.dat
[2010/01/28 12:26:02 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/01/19 16:36:06 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2010/01/11 14:25:04 | 000,157,184 | ---- | C] () -- C:\Users\CRABTREE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/09 14:54:36 | 000,000,036 | ---- | C] () -- C:\Windows\iltwain.ini
[2010/01/09 14:53:32 | 000,007,803 | ---- | C] () -- C:\Windows\SysWow64\dymourl.ini
[2010/01/09 14:51:21 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\DYMOCFG.DLL
[2010/01/09 14:51:20 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\lmmonres.dll
[2010/01/09 14:11:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/01/09 12:06:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/05 16:23:38 | 000,122,445 | ---- | C] () -- C:\Windows\hpoins14.dat.temp
[2010/01/05 16:23:38 | 000,001,996 | ---- | C] () -- C:\Windows\hpomdl14.dat.temp
[2010/01/05 11:59:26 | 000,122,445 | ---- | C] () -- C:\Windows\hpoins14.dat
[2010/01/05 11:59:26 | 000,001,996 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2009/12/10 15:37:38 | 000,000,029 | ---- | C] () -- C:\Windows\DEBUGSM.INI
[2009/11/19 15:49:13 | 000,148,317 | ---- | C] () -- C:\Windows\hpwins05.dat
[2009/11/19 15:49:02 | 000,016,059 | ---- | C] () -- C:\Windows\hpwscr05.dat
[2009/11/19 15:49:02 | 000,004,785 | ---- | C] () -- C:\Windows\hpwmdl05.dat
[2009/10/16 09:25:30 | 000,010,704 | ---- | C] () -- C:\Windows\hpwscr19.dat
[2009/10/12 10:54:26 | 000,041,436 | ---- | C] () -- C:\Windows\alaredun.ini
[2009/10/12 09:54:47 | 000,000,056 | ---- | C] () -- C:\Windows\Mercury.ini
[2009/10/12 09:54:43 | 000,000,900 | ---- | C] () -- C:\Windows\alamode.ini
[2009/08/27 15:02:56 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/05/08 11:49:28 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\jacob.dll
[2009/04/11 10:22:30 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/04/11 10:22:29 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/04/11 10:22:25 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/04/02 15:20:10 | 000,140,218 | ---- | C] () -- C:\Windows\hpoins15.dat
[2009/04/02 15:20:10 | 000,001,039 | ---- | C] () -- C:\Windows\hpomdl15.dat
[2009/04/02 12:45:41 | 000,130,464 | ---- | C] () -- C:\Windows\hpoins13.dat.temp
[2009/04/02 12:45:41 | 000,000,811 | ---- | C] () -- C:\Windows\hpomdl13.dat.temp
[2009/01/31 21:21:29 | 004,363,569 | ---- | C] () -- C:\Program Files (x86)\User Guide.pdf
[2009/01/31 21:21:29 | 000,728,414 | ---- | C] () -- C:\Program Files (x86)\MoneyCoach.xml
[2009/01/31 21:21:29 | 000,066,534 | ---- | C] () -- C:\Program Files (x86)\Resources.xml
[2009/01/31 21:21:26 | 000,184,598 | ---- | C] () -- C:\Program Files (x86)\article_header.bmp
[2008/11/17 11:06:08 | 000,022,597 | -H-- | C] () -- C:\Users\CRABTREE\AppData\Roaming\Comma Separated Values (Windows).ADR
[2008/11/13 12:31:49 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\FreezeScreenSaver.exe
[2008/11/06 10:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/11/06 10:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2008/08/11 14:45:14 | 000,000,952 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2008/08/06 09:45:29 | 000,028,433 | -H-- | C] () -- C:\Users\CRABTREE\AppData\Roaming\UserTile.png
[2008/08/03 15:05:36 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/08/03 15:03:37 | 000,000,303 | ---- | C] () -- C:\Windows\Sierra.ini
[2008/08/02 10:58:51 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2008/05/06 18:19:11 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/05/06 18:19:11 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/05/05 16:20:01 | 000,034,304 | ---- | C] () -- C:\Windows\SysWow64\UnlockFile.exe
[2008/05/05 16:20:00 | 000,495,616 | ---- | C] () -- C:\Windows\SysWow64\TX32.dll
[2008/05/05 16:19:59 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\SmaRTEng.dll
[2008/05/05 16:19:58 | 000,577,536 | ---- | C] () -- C:\Windows\SysWow64\PAXMeta.dll
[2008/05/05 16:19:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\P2kDesk.dll
[2008/05/05 16:19:55 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\LFfpx7.dll
[2008/05/05 16:19:55 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\LFKodak.dll
[2008/05/05 16:19:55 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\fmt_jb2.dll
[2008/05/05 16:19:55 | 000,018,944 | ---- | C] () -- C:\Windows\SysWow64\fmt_xcx.dll
[2008/05/05 16:19:55 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\fmt_xmf.dll
[2008/05/05 16:19:55 | 000,000,313 | ---- | C] () -- C:\Windows\SysWow64\ic32.ini
[2008/05/05 16:19:54 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\DeskSkt.dll
[2008/05/05 16:19:54 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\DP2kFrms.dll
[2008/05/05 16:19:53 | 000,220,160 | ---- | C] () -- C:\Windows\SysWow64\Carcla30.dll
[2008/05/05 16:19:52 | 000,401,408 | ---- | C] () -- C:\Windows\SysWow64\AXF_AXS.dll
[2008/05/05 16:19:52 | 000,204,864 | ---- | C] () -- C:\Windows\SysWow64\AtxWrap.dll
[2008/05/05 16:19:52 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\alavistautils.dll
[2008/05/05 16:19:52 | 000,001,597 | ---- | C] () -- C:\Windows\SysWow64\alaUploader.exe.config
[2008/05/05 16:19:51 | 001,159,168 | ---- | C] () -- C:\Windows\SysWow64\alaMFC2.dll
[2008/05/05 16:19:51 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\alaMapi.dll
[2008/05/05 16:19:51 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\alaLaunch2.dll
[2008/05/05 16:19:51 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\alaLaunch.dll
[2008/05/05 16:19:50 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\ala32.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/08/01 03:27:58 | 000,001,361 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI
[2006/11/15 15:25:54 | 000,278,528 | ---- | C] () -- C:\Windows\SysWow64\HCNetSDK.dll
[2006/11/08 13:51:58 | 000,585,728 | ---- | C] () -- C:\Windows\SysWow64\playm4.dll
[2002/08/25 10:14:33 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\vttdrve.dll

========== LOP Check ==========

[2011/10/01 14:06:42 | 000,000,000 | -H-D | M] -- C:\Users\CRABTREE\AppData\Roaming\013392EB-A1A2-4CBB-9D24-C9E456339D4F
[2011/09/05 07:50:11 | 000,000,000 | -H-D | M] -- C:\Users\CRABTREE\AppData\Roaming\11A579E5-45D1-4682-A1AB-8927BC57A32F
[2011/07/15 16:43:09 | 000,000,000 | -H-D | M] -- C:\Users\CRABTREE\AppData\Roaming\23160C74-1DF6-45BC-BC8E-F4770A8F0E45
[2011/07/15 18:25:54 | 000,000,000 | -H-D | M] -- C:\Users\CRABTREE\AppData\Roaming\Acronis
[2011/02/06 13:18:20 | 000,000,000 | -H-D | M] -- C:\Users\CRABTREE\AppData\Roaming\AVG
[2011/10/18 14:30:23 | 000,000,000 | ---D | M] -- C:\Users\CRABTREE\AppData\Roaming\AVG10
[2011/10/19 12:44:51 | 000,000,000 | ---D | M] -- C:\Users\CRABTREE\AppData\Roaming\AVG2012
[2011/02/06 13:20:58 | 000,000,000 | -H-D | M] -- C:\Users\CRABTREE\AppData\Roaming\Broderbund Software
[2010/02/01 13:49:43 | 000,000,000 | -H-D | M] -- C:\Users\CRABTREE\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/18 14:20:59 | 000,000,000 | ---D | M] -- C:\Users\CRABTREE\AppData\Roaming\COWON
[2010/02/17 14:39:29 | 000,000,000 | -H-D | M] -- C:\Users\CRABTREE\AppData\Roaming\CVS
[2011/10/18 14:30:24 | 000,000,000 | ---D | M] -- C:\Users\CRABTREE\AppData\Roaming\DeepBurner
[2011/02/06 13:21:01 | 000,000,000 | -H-D | M] -- C:\Users\CRABTREE\AppData\Roaming\DisplayTune
[2011/10/19 10:54:55 | 000,000,000 | -H-D | M] -- C:\Users\CRABTREE\AppData\Roaming\Dream Aquarium
[2011/03/19 20:18:08 | 000,000,000 | -H-D | M] -- C:\Users\CRABTREE\AppData\Roaming\Dropbox
[2011/10/18 14:20:59 | 000,000,000 | ---D | M] -- C:\Users\CRABTREE\AppData\Roaming\EPSON
[2011/10/18 14:30:24 | 000,000,000 | ---D | M] -- C:\Users\CRABTREE\AppData\Roaming\GARMIN
[2011/05/02 02:00:30 | 000,000,000 | -H-D | M] -- C:\Users\CRABTREE\AppData\Roaming\GoodSync
[2011/02/09 12:29:05 | 000,000,000 | -H-D | M] -- C:\Users\CRABTREE\AppData\Roaming\HotSync
[2011/10/18 14:21:00 | 000,000,000 | ---D | M] -- C:\Users\CRABTREE\AppData\Roaming\IObit
[2011/02/06 13:21:05 | 000,000,000 | -H-D | M] -- C:\Users\CRABTREE\AppData\Roaming\Key Metric Software
[2011/02/06 13:21:05 | 000,000,000 | -H-D | M] -- C:\Users\CRABTREE\AppData\Roaming\Leadertech
[2011/02/06 13:21:24 | 000,000,000 | -H-D | M] -- C:\Users\CRABTREE\AppData\Roaming\muvee Technologies
[2011/10/18 14:30:55 | 000,000,000 | ---D | M] -- C:\Users\CRABTREE\AppData\Roaming\My Macros
[2011/10/18 14:21:21 | 000,000,000 | ---D | M] -- C:\Users\CRABTREE\AppData\Roaming\Oberon Media
[2010/01/09 12:23:20 | 000,000,000 | -H-D | M] -- C:\Users\CRABTREE\AppData\Roaming\Packard Bell
[2011/05/01 08:35:42 | 000,000,000 | -H-D | M] -- C:\Users\CRABTREE\AppData\Roaming\RoboForm
[2011/10/18 14:30:56 | 000,000,000 | ---D | M] -- C:\Users\CRABTREE\AppData\Roaming\Scalabium
[2010/02/26 14:56:07 | 000,000,000 | -H-D | M] -- C:\Users\CRABTREE\AppData\Roaming\Skinux
[2011/10/18 14:30:56 | 000,000,000 | ---D | M] -- C:\Users\CRABTREE\AppData\Roaming\Spearit
[2011/02/06 13:21:29 | 000,000,000 | -H-D | M] -- C:\Users\CRABTREE\AppData\Roaming\Teleca
[2011/10/18 14:30:56 | 000,000,000 | ---D | M] -- C:\Users\CRABTREE\AppData\Roaming\Thunderbird
[2011/10/18 14:30:57 | 000,000,000 | ---D | M] -- C:\Users\CRABTREE\AppData\Roaming\uTorrent
[2010/11/28 14:56:36 | 000,000,000 | -H-D | M] -- C:\Users\CRABTREE\AppData\Roaming\WeatherBug
[2011/02/06 13:21:38 | 000,000,000 | -H-D | M] -- C:\Users\CRABTREE\AppData\Roaming\WildTangent
[2011/02/06 13:21:32 | 000,000,000 | -H-D | M] -- C:\Users\CRABTREE\AppData\Roaming\WinBatch
[2011/05/02 15:46:44 | 000,000,000 | ---D | M] -- C:\Users\Tech\AppData\Roaming\AVG10
[2011/03/09 11:52:42 | 000,000,000 | ---D | M] -- C:\Users\Tech\AppData\Roaming\HotSync
[2011/02/06 09:21:14 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2011/10/19 12:38:26 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< >

< >

< %SYSTEMDRIVE%\*.* >
[2011/02/08 09:12:06 | 000,001,432 | ---- | M] () -- C:\308.IDX
[2011/02/08 09:16:09 | 000,015,360 | ---- | M] () -- C:\308.QEL
[2010/03/10 16:27:50 | 000,000,032 | ---- | M] () -- C:\308.QPH
[2009/04/11 10:23:29 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/08/27 15:04:31 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/11/07 10:01:11 | 000,023,151 | ---- | M] () -- C:\ComboFix.txt
[2011/10/26 12:58:48 | 000,022,911 | ---- | M] () -- C:\debuglog.txt
[2010/07/07 17:24:00 | 000,000,086 | ---- | M] () -- C:\Documents and Settings.rar
[2010/03/05 14:26:31 | 000,569,520 | ---- | M] (Google Inc.) -- C:\GoogleEarthPluginSetup.exe
[2010/03/05 14:26:04 | 000,569,696 | ---- | M] (Google Inc.) -- C:\googleupdatesetup.exe
[2011/11/07 16:59:54 | 509,456,383 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/26 14:36:15 | 002,006,416 | ---- | M] () -- C:\install_easyshare.exe
[2006/12/02 00:37:14 | 000,904,704 | -H-- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/11/07 16:59:59 | 1018,167,294 | -HS- | M] () -- C:\pagefile.sys
[2006/10/06 14:42:22 | 000,002,853 | ---- | M] () -- C:\pdiports64.inf
[2008/08/02 09:29:58 | 000,000,173 | ---- | M] () -- C:\pdisdk.log
[2009/10/19 22:12:21 | 000,002,035 | ---- | M] () -- C:\RHDSetup.log
[2011/11/05 15:47:34 | 000,000,459 | ---- | M] () -- C:\rkill.log
[2011/02/07 17:26:49 | 000,002,576 | ---- | M] () -- C:\RWC.IDX
[2011/02/07 17:54:57 | 000,015,360 | ---- | M] () -- C:\RWC.QEL
[2010/03/14 14:13:21 | 000,000,032 | ---- | M] () -- C:\RWC.QPH
[2011/11/03 12:40:07 | 000,075,728 | ---- | M] () -- C:\TDSSKiller.2.6.15.0_03.11.2011_13.37.03_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/13 23:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 14:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >
[2010/09/20 10:45:44 | 000,016,591 | ---- | M] () -- C:\Windows\system32\bg_bottom.jpg
[2011/04/11 15:37:04 | 000,023,992 | ---- | M] () -- C:\Windows\system32\bg_top.jpg
[2010/07/21 14:04:50 | 000,014,712 | ---- | M] () -- C:\Windows\system32\header.jpg

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/02/20 20:32:14 | 000,106,496 | ---- | M] () -- C:\Windows\DreamAquarium.scr
[2009/02/06 20:03:18 | 000,307,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/09/14 14:05:04 | 000,184,598 | ---- | M] () -- C:\Program Files (x86)\article_header.bmp
[2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2008/09/18 11:36:04 | 000,004,197 | ---- | M] () -- C:\Program Files (x86)\Entities.txt
[2008/10/02 18:44:18 | 000,728,414 | ---- | M] () -- C:\Program Files (x86)\MoneyCoach.xml
[2008/10/02 18:44:18 | 000,066,534 | ---- | M] () -- C:\Program Files (x86)\Resources.xml
[2009/01/31 21:21:29 | 000,000,019 | ---- | M] () -- C:\Program Files (x86)\serial.txt
[2008/10/01 01:57:06 | 004,363,569 | ---- | M] () -- C:\Program Files (x86)\User Guide.pdf

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/05/28 15:53:35 | 000,000,221 | -HS- | M] () -- C:\Users\CRABTREE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2011/08/25 08:36:15 | 000,000,221 | -HS- | M] () -- C:\Users\CRABTREE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/11/08 08:04:29 | 003,903,608 | ---- | M] (AVG Technologies) -- C:\Users\CRABTREE\Desktop\avg_free_stb_all_2012_1869_cnet.exe
[2011/11/08 08:18:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\CRABTREE\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 15:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/10/18 12:31:33 | 000,000,456 | ---- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/03/06 13:33:36 | 000,002,470 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2011/10/18 12:30:14 | 000,000,280 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011/10/18 12:30:14 | 000,000,192 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP339C66D
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMPFC5A2B2

< End of report >

geno368 · 2011/11/08

OTL Extras logfile created on: 11/8/2011 8:20:52 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\CRABTREE\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 4.14 Gb Available Physical Memory | 69.40% Memory free
14.91 Gb Paging File | 12.95 Gb Available in Paging File | 86.86% Paging File free
Paging file location(s): c:\pagefile.sys 9163 9163 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 609.24 Gb Free Space | 66.48% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 47.47 Gb Free Space | 15.92% Space Free | Partition Type: NTFS

Computer Name: DEAN-PC | User Name: DEAN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B7465E2-1A7E-4D21-8670-94D9C11449B8}" = AVG 2012
"{108A39BF-4ED1-4293-B11A-06BD521FB8F7}" = FreeOCR 3.0
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{42B40185-E134-43FD-9381-69F92B317417}" = AVG 2012
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{868EA922-5675-4E91-BDA6-BBD0F923C5EF}" = HP Officejet Pro All-In-One Series
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Software 9.0
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{E11448F2-0B44-4239-B04E-D88FE743E929}" = HP Officejet J4500 Series
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ATT-RC" = ATT-RC Self Support Tool
"AVG" = AVG 2012
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"PDF-XChange 3_is1" = PDF-XChange 3
"Recuva" = Recuva
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"sp6" = Logitech SetPoint 6.20

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{0219FD00-7C39-4CDE-BF53-81F49E6ACF54}" = Readiris Pro 11 Mr.Underground Edition
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{11DE2361-9F73-47B3-B638-2F267927E307}" = Ipswitch WS_FTP Home 2007
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12A3AF78-CBB5-484B-AE87-927C4DE6B9A8}" = Garmin City Navigator North America NT 2011.10 Update
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{166FCF01-AC98-4288-A01C-90BEB808C059}" = Sony RAW Driver
"{17FE8F8E-D8FA-440E-9ACF-3C51787E7225}" = FolderSizes 4
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1A22A15D-E88A-427A-90E2-137245143239}" = Garmin Lifetime Updater
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 23
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3AF1FB80-21BD-4715-8EE2-AB77925519D9}" = PCsync
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3D6A9515-F1B3-4581-BB37-65CD7328BF99}" = PCmover Professional
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{612E2F17-1BEF-4F15-A4E7-8BE501B561C0}" = Wireless-B Notebook Adapter Configuration Utility
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65B23C82-51A5-4ED9-ACE3-BB6029D5A733}" = Garmin City Navigator North America NT 2011.20 Update
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71DFAA65-77FA-41F3-A748-013B5A8524A3}" = Garmin City Navigator North America NT 2010.30
"{73F01EB9-1682-4678-B856-F672D09F1E32}" = Garmin Lifetime Updater
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95C2FBF3-4462-41E3-89DC-0F784387BD53}" = Family Lawyer 2004
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D459B94-7E90-46A5-B76B-5A712E7A3529}" = TurboTax 2010 waliper
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A66DBCC6-8802-3D15-9FDF-9552742C08B0}" = Google Talk Plugin
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.6 MUI
"{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{BC4174D1-7970-40E6-AC57-F095F961FB08}" = HTC Sync
"{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
"{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
"{C3E69CE0-45FD-11D4-AA4A-00C0580802FD}" = eUSB SCSI Adapter
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CDC678B9-DD94-4E37-917B-8D8494BA6F95}" = AT&T Digital Directories - Gadsden-Attalla, AL
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library
"{E11CFDDC-6442-4E90-AA6C-B938E6DB0A74}" = Garmin City Navigator North America NT 2012.20 Update
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
"{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}" = muvee autoProducer 6.1
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FE0C305A-37EE-4499-B4CF-0182E37B20C4}" = PS_AIO_ProductContext
"{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AI RoboForm" = RoboForm 7-6-2 (All Users)
"AutoHotkey" = AutoHotkey 1.0.48.05
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CrossLoop_is1" = CrossLoop 2.74
"Dream Aquarium" = Dream Aquarium 1.234
"Driver Performer_is1" = Driver Performer
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Everyone's Legal Forms Professional Edition_is1" = Everyone's Legal Forms 2007
"Family Lawyer 2010" = Family Lawyer 2010
"FloatLED_is1" = FloatLED v1.06
"FolderSizes 4" = FolderSizes 4
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Photo Frame" = Gateway Photo Frame 4.2.3.10
"Gateway Welcome Center" = Welcome Center
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HP Commercial Scanjet 5590 TWAIN Driver" = HP Commercial Scanjet 5590 TWAIN Driver
"Identity Card" = Identity Card
"IncrediMail" = IncrediMail 2.0
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 7.0 (x86 en-US)" = Mozilla Firefox 7.0 (x86 en-US)
"My Macros_is1" = My Macros 3.1
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Office14.PRJPRO" = Microsoft Project Professional 2010
"PE Builder_is1" = PE Builder 3.1.10a
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PhotoMail" = PhotoMail Maker
"Picasa 3" = Picasa 3
"Print Artist 12.0" = SierraHome Print Artist 12.0
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RC_Vista.exe" = RC_Vista.exe
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Speccy" = Speccy
"STANDARDR" = Microsoft Office Standard 2007
"Tor" = Tor 0.2.1.26
"Tune Tools 2_is1" = Tune Tools 2
"TurboTax 2010" = TurboTax 2010
"Unlocker" = Unlocker 1.8.8
"uTorrent" = µTorrent
"Vidalia" = Vidalia 0.2.9
"WildTangent gateway Master Uninstall" = Gateway Games
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 5.1.1
"Yahoo! Widget Engine" = Yahoo! Widgets
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2570443451-2467324081-1727471922-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/25/2011 11:42:58 AM | Computer Name = Dean-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0875ff80 Faulting process id:
0x9c8 Faulting application start time: 0x01cc932c124c2a9b Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 02c3b80f-ff20-11e0-803c-002511ad2500

Error - 10/25/2011 11:43:04 AM | Computer Name = Dean-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: msvcrt.dll, version: 7.0.7600.16385,
time stamp: 0x4a5bda6f Exception code: 0xc0000409 Fault offset: 0x00023e64 Faulting
process id: 0x9c8 Faulting application start time: 0x01cc932c124c2a9b Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\syswow64\msvcrt.dll Report Id: 064e65da-ff20-11e0-803c-002511ad2500

Error - 10/25/2011 12:55:14 PM | Computer Name = Dean-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f2c8f Faulting module name: mshtml.dll, version: 8.0.7600.16891,
time stamp: 0x4e86a1a7 Exception code: 0xc0000005 Fault offset: 0x00000000002409d8
Faulting
process id: 0x11bc Faulting application start time: 0x01cc933689167567 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 1b3ac41f-ff2a-11e0-803c-002511ad2500

Error - 10/25/2011 12:56:30 PM | Computer Name = Dean-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll ".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 10/26/2011 11:22:14 AM | Computer Name = Dean-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f2c8f Faulting module name: mshtml.dll, version: 8.0.7600.16891,
time stamp: 0x4e86a1a7 Exception code: 0xc0000005 Fault offset: 0x00000000002409d8
Faulting
process id: 0x72c Faulting application start time: 0x01cc93f27fe59aec Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 48001802-ffe6-11e0-974b-002511ad2500

Error - 10/27/2011 8:40:32 AM | Computer Name = Dean-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f2c8f Faulting module name: mshtml.dll, version: 8.0.7600.16891,
time stamp: 0x4e86a1a7 Exception code: 0xc0000005 Fault offset: 0x00000000002409d8
Faulting
process id: 0x1494 Faulting application start time: 0x01cc94a48ba280b7 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: db44c525-0098-11e1-974b-002511ad2500

Error - 10/27/2011 8:48:56 AM | Computer Name = Dean-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f2c8f Faulting module name: ntdll.dll, version: 6.1.7600.16695,
time stamp: 0x4cc7b325 Exception code: 0xc0000005 Fault offset: 0x00000000000515b0
Faulting
process id: 0x1494 Faulting application start time: 0x01cc94a48ba280b7 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 07ab5a9c-009a-11e1-974b-002511ad2500

Error - 10/27/2011 11:22:41 AM | Computer Name = Dean-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f2c8f Faulting module name: mshtml.dll, version: 8.0.7600.16891,
time stamp: 0x4e86a1a7 Exception code: 0xc0000005 Fault offset: 0x00000000002409d8
Faulting
process id: 0xde4 Faulting application start time: 0x01cc94b3871c9306 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 8234ab93-00af-11e1-974b-002511ad2500

Error - 10/28/2011 8:03:00 AM | Computer Name = Dean-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f2c8f Faulting module name: mshtml.dll, version: 8.0.7600.16891,
time stamp: 0x4e86a1a7 Exception code: 0xc0000005 Fault offset: 0x00000000002409d8
Faulting
process id: 0xd7c Faulting application start time: 0x01cc9568cdfec18a Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: c76427ad-015c-11e1-974b-002511ad2500

Error - 10/28/2011 1:03:52 PM | Computer Name = Dean-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f2c8f Faulting module name: mshtml.dll, version: 8.0.7600.16891,
time stamp: 0x4e86a1a7 Exception code: 0xc0000005 Fault offset: 0x00000000002409d8
Faulting
process id: 0x1280 Faulting application start time: 0x01cc959292f0581d Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: cf8f6664-0186-11e1-8634-002511ad2500

[ System Events ]
Error - 11/7/2011 11:48:19 AM | Computer Name = Dean-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 11/7/2011 11:55:35 AM | Computer Name = Dean-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description = Element Provider\Microsoft.Base.Publication/Publication/Computer failed
to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set
properly on the function instance and there were no errors adding the function
instance.

Error - 11/7/2011 1:32:32 PM | Computer Name = Dean-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on cannot be read.

Error - 11/7/2011 7:02:38 PM | Computer Name = Dean-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description = Element Provider\Microsoft.Base.Publication/Publication/Computer failed
to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set
properly on the function instance and there were no errors adding the function
instance.

Error - 11/8/2011 9:39:59 AM | Computer Name = Dean-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR7.

Error - 11/8/2011 9:40:00 AM | Computer Name = Dean-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR7.

Error - 11/8/2011 9:40:00 AM | Computer Name = Dean-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR7.

Error - 11/8/2011 9:40:01 AM | Computer Name = Dean-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR7.

Error - 11/8/2011 9:40:01 AM | Computer Name = Dean-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR7.

Error - 11/8/2011 9:49:05 AM | Computer Name = Dean-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR7.

< End of report >

geno368 · 2011/11/08

OTL Extras logfile created on: 11/8/2011 8:20:52 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\CRABTREE\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 4.14 Gb Available Physical Memory | 69.40% Memory free
14.91 Gb Paging File | 12.95 Gb Available in Paging File | 86.86% Paging File free
Paging file location(s): c:\pagefile.sys 9163 9163 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 609.24 Gb Free Space | 66.48% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 47.47 Gb Free Space | 15.92% Space Free | Partition Type: NTFS

Computer Name: DEAN-PC | User Name: DEAN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B7465E2-1A7E-4D21-8670-94D9C11449B8}" = AVG 2012
"{108A39BF-4ED1-4293-B11A-06BD521FB8F7}" = FreeOCR 3.0
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{42B40185-E134-43FD-9381-69F92B317417}" = AVG 2012
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{868EA922-5675-4E91-BDA6-BBD0F923C5EF}" = HP Officejet Pro All-In-One Series
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Software 9.0
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{E11448F2-0B44-4239-B04E-D88FE743E929}" = HP Officejet J4500 Series
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ATT-RC" = ATT-RC Self Support Tool
"AVG" = AVG 2012
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"PDF-XChange 3_is1" = PDF-XChange 3
"Recuva" = Recuva
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"sp6" = Logitech SetPoint 6.20

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{0219FD00-7C39-4CDE-BF53-81F49E6ACF54}" = Readiris Pro 11 Mr.Underground Edition
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{11DE2361-9F73-47B3-B638-2F267927E307}" = Ipswitch WS_FTP Home 2007
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12A3AF78-CBB5-484B-AE87-927C4DE6B9A8}" = Garmin City Navigator North America NT 2011.10 Update
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{166FCF01-AC98-4288-A01C-90BEB808C059}" = Sony RAW Driver
"{17FE8F8E-D8FA-440E-9ACF-3C51787E7225}" = FolderSizes 4
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1A22A15D-E88A-427A-90E2-137245143239}" = Garmin Lifetime Updater
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 23
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3AF1FB80-21BD-4715-8EE2-AB77925519D9}" = PCsync
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3D6A9515-F1B3-4581-BB37-65CD7328BF99}" = PCmover Professional
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{612E2F17-1BEF-4F15-A4E7-8BE501B561C0}" = Wireless-B Notebook Adapter Configuration Utility
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65B23C82-51A5-4ED9-ACE3-BB6029D5A733}" = Garmin City Navigator North America NT 2011.20 Update
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71DFAA65-77FA-41F3-A748-013B5A8524A3}" = Garmin City Navigator North America NT 2010.30
"{73F01EB9-1682-4678-B856-F672D09F1E32}" = Garmin Lifetime Updater
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95C2FBF3-4462-41E3-89DC-0F784387BD53}" = Family Lawyer 2004
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D459B94-7E90-46A5-B76B-5A712E7A3529}" = TurboTax 2010 waliper
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A66DBCC6-8802-3D15-9FDF-9552742C08B0}" = Google Talk Plugin
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.6 MUI
"{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{BC4174D1-7970-40E6-AC57-F095F961FB08}" = HTC Sync
"{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
"{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
"{C3E69CE0-45FD-11D4-AA4A-00C0580802FD}" = eUSB SCSI Adapter
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CDC678B9-DD94-4E37-917B-8D8494BA6F95}" = AT&T Digital Directories - Gadsden-Attalla, AL
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skypeâ„¢ 5.3
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library
"{E11CFDDC-6442-4E90-AA6C-B938E6DB0A74}" = Garmin City Navigator North America NT 2012.20 Update
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
"{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}" = muvee autoProducer 6.1
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FE0C305A-37EE-4499-B4CF-0182E37B20C4}" = PS_AIO_ProductContext
"{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AI RoboForm" = RoboForm 7-6-2 (All Users)
"AutoHotkey" = AutoHotkey 1.0.48.05
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CrossLoop_is1" = CrossLoop 2.74
"Dream Aquarium" = Dream Aquarium 1.234
"Driver Performer_is1" = Driver Performer
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Everyone's Legal Forms Professional Edition_is1" = Everyone's Legal Forms 2007
"Family Lawyer 2010" = Family Lawyer 2010
"FloatLED_is1" = FloatLED v1.06
"FolderSizes 4" = FolderSizes 4
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Photo Frame" = Gateway Photo Frame 4.2.3.10
"Gateway Welcome Center" = Welcome Center
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HP Commercial Scanjet 5590 TWAIN Driver" = HP Commercial Scanjet 5590 TWAIN Driver
"Identity Card" = Identity Card
"IncrediMail" = IncrediMail 2.0
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 7.0 (x86 en-US)" = Mozilla Firefox 7.0 (x86 en-US)
"My Macros_is1" = My Macros 3.1
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Office14.PRJPRO" = Microsoft Project Professional 2010
"PE Builder_is1" = PE Builder 3.1.10a
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PhotoMail" = PhotoMail Maker
"Picasa 3" = Picasa 3
"Print Artist 12.0" = SierraHome Print Artist 12.0
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RC_Vista.exe" = RC_Vista.exe
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Speccy" = Speccy
"STANDARDR" = Microsoft Office Standard 2007
"Tor" = Tor 0.2.1.26
"Tune Tools 2_is1" = Tune Tools 2
"TurboTax 2010" = TurboTax 2010
"Unlocker" = Unlocker 1.8.8
"uTorrent" = µTorrent
"Vidalia" = Vidalia 0.2.9
"WildTangent gateway Master Uninstall" = Gateway Games
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 5.1.1
"Yahoo! Widget Engine" = Yahoo! Widgets
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2570443451-2467324081-1727471922-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/25/2011 11:42:58 AM | Computer Name = Dean-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0875ff80 Faulting process id:
0x9c8 Faulting application start time: 0x01cc932c124c2a9b Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 02c3b80f-ff20-11e0-803c-002511ad2500

Error - 10/25/2011 11:43:04 AM | Computer Name = Dean-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: msvcrt.dll, version: 7.0.7600.16385,
time stamp: 0x4a5bda6f Exception code: 0xc0000409 Fault offset: 0x00023e64 Faulting
process id: 0x9c8 Faulting application start time: 0x01cc932c124c2a9b Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\syswow64\msvcrt.dll Report Id: 064e65da-ff20-11e0-803c-002511ad2500

Error - 10/25/2011 12:55:14 PM | Computer Name = Dean-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f2c8f Faulting module name: mshtml.dll, version: 8.0.7600.16891,
time stamp: 0x4e86a1a7 Exception code: 0xc0000005 Fault offset: 0x00000000002409d8
Faulting
process id: 0x11bc Faulting application start time: 0x01cc933689167567 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 1b3ac41f-ff2a-11e0-803c-002511ad2500

Error - 10/25/2011 12:56:30 PM | Computer Name = Dean-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll ".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 10/26/2011 11:22:14 AM | Computer Name = Dean-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f2c8f Faulting module name: mshtml.dll, version: 8.0.7600.16891,
time stamp: 0x4e86a1a7 Exception code: 0xc0000005 Fault offset: 0x00000000002409d8
Faulting
process id: 0x72c Faulting application start time: 0x01cc93f27fe59aec Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 48001802-ffe6-11e0-974b-002511ad2500

Error - 10/27/2011 8:40:32 AM | Computer Name = Dean-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f2c8f Faulting module name: mshtml.dll, version: 8.0.7600.16891,
time stamp: 0x4e86a1a7 Exception code: 0xc0000005 Fault offset: 0x00000000002409d8
Faulting
process id: 0x1494 Faulting application start time: 0x01cc94a48ba280b7 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: db44c525-0098-11e1-974b-002511ad2500

Error - 10/27/2011 8:48:56 AM | Computer Name = Dean-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f2c8f Faulting module name: ntdll.dll, version: 6.1.7600.16695,
time stamp: 0x4cc7b325 Exception code: 0xc0000005 Fault offset: 0x00000000000515b0
Faulting
process id: 0x1494 Faulting application start time: 0x01cc94a48ba280b7 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 07ab5a9c-009a-11e1-974b-002511ad2500

Error - 10/27/2011 11:22:41 AM | Computer Name = Dean-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f2c8f Faulting module name: mshtml.dll, version: 8.0.7600.16891,
time stamp: 0x4e86a1a7 Exception code: 0xc0000005 Fault offset: 0x00000000002409d8
Faulting
process id: 0xde4 Faulting application start time: 0x01cc94b3871c9306 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 8234ab93-00af-11e1-974b-002511ad2500

Error - 10/28/2011 8:03:00 AM | Computer Name = Dean-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f2c8f Faulting module name: mshtml.dll, version: 8.0.7600.16891,
time stamp: 0x4e86a1a7 Exception code: 0xc0000005 Fault offset: 0x00000000002409d8
Faulting
process id: 0xd7c Faulting application start time: 0x01cc9568cdfec18a Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: c76427ad-015c-11e1-974b-002511ad2500

Error - 10/28/2011 1:03:52 PM | Computer Name = Dean-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f2c8f Faulting module name: mshtml.dll, version: 8.0.7600.16891,
time stamp: 0x4e86a1a7 Exception code: 0xc0000005 Fault offset: 0x00000000002409d8
Faulting
process id: 0x1280 Faulting application start time: 0x01cc959292f0581d Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: cf8f6664-0186-11e1-8634-002511ad2500

[ System Events ]
Error - 11/7/2011 11:48:19 AM | Computer Name = Dean-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 11/7/2011 11:55:35 AM | Computer Name = Dean-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description = Element Provider\Microsoft.Base.Publication/Publication/Computer failed
to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set
properly on the function instance and there were no errors adding the function
instance.

Error - 11/7/2011 1:32:32 PM | Computer Name = Dean-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on cannot be read.

Error - 11/7/2011 7:02:38 PM | Computer Name = Dean-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description = Element Provider\Microsoft.Base.Publication/Publication/Computer failed
to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set
properly on the function instance and there were no errors adding the function
instance.

Error - 11/8/2011 9:39:59 AM | Computer Name = Dean-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR7.

Error - 11/8/2011 9:40:00 AM | Computer Name = Dean-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR7.

Error - 11/8/2011 9:40:00 AM | Computer Name = Dean-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR7.

Error - 11/8/2011 9:40:01 AM | Computer Name = Dean-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR7.

Error - 11/8/2011 9:40:01 AM | Computer Name = Dean-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR7.

Error - 11/8/2011 9:49:05 AM | Computer Name = Dean-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR7.

< End of report >

broni · 2011/11/08

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

=============================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = localhost
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = localhost
IE - HKU\S-1-5-21-2570443451-2467324081-1727471922-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKU\S-1-5-21-2570443451-2467324081-1727471922-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O15 - HKU\S-1-5-21-2570443451-2467324081-1727471922-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-2570443451-2467324081-1727471922-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2570443451-2467324081-1727471922-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpqdktp/...ds/sysinfo.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab (Reg Error: Key error.)
[2 C:\Users\CRABTREE\AppData\Local\*.tmp files -> C:\Users\CRABTREE\AppData\Local\*.tmp -> ]
[2011/10/18 12:31:33 | 000,000,456 | ---- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/10/18 12:30:14 | 000,000,280 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011/10/18 12:30:14 | 000,000,192 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D339C66D
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

geno368 · 2011/11/08

All processes killed
Error: Unable to interpret <Code:> in the current context!
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-2570443451-2467324081-1727471922-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_USERS\S-1-5-21-2570443451-2467324081-1727471922-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Registry key HKEY_USERS\S-1-5-21-2570443451-2467324081-1727471922-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2570443451-2467324081-1727471922-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2570443451-2467324081-1727471922-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Starting removal of ActiveX control {49232000-16E4-426C-A231-62846947304B}
C:\Windows\Downloaded Program Files\sysinfo.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{49232000-16E4-426C-A231-62846947304B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49232000-16E4-426C-A231-62846947304B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{49232000-16E4-426C-A231-62846947304B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49232000-16E4-426C-A231-62846947304B}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {A27C56D2-3F58-4ABB-AA31-1168EDA6636F}
C:\Windows\Downloaded Program Files\CONFLICT.1\pcmatic.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A27C56D2-3F58-4ABB-AA31-1168EDA6636F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A27C56D2-3F58-4ABB-AA31-1168EDA6636F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A27C56D2-3F58-4ABB-AA31-1168EDA6636F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A27C56D2-3F58-4ABB-AA31-1168EDA6636F}\ not found.
C:\Users\CRABTREE\AppData\Local\IXP00A37.tmp\dotnetfx35\x64\vs_setup.cab deleted successfully.
C:\Users\CRABTREE\AppData\Local\IXP00A37.tmp\dotnetfx35\x64\vs_setup.msi deleted successfully.
C:\Users\CRABTREE\AppData\Local\IXP00A37.tmp\dotnetfx35\x64\_sfx_manifest_ deleted successfully.
C:\Users\CRABTREE\AppData\Local\IXP00A37.tmp\dotnetfx35\x64 folder deleted successfully.
C:\Users\CRABTREE\AppData\Local\IXP00A37.tmp\dotnetfx35 folder deleted successfully.
C:\Users\CRABTREE\AppData\Local\IXP00A37.tmp folder deleted successfully.
C:\Users\CRABTREE\AppData\Local\IXP04E5C.tmp folder deleted successfully.
C:\ProgramData\1kAlMiG2Kb7FzP moved successfully.
C:\ProgramData\~1kAlMiG2Kb7FzP moved successfully.
C:\ProgramData\~1kAlMiG2Kb7FzPr moved successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP339C66D deleted successfully.
ADS C:\ProgramData\TEMPFC5A2B2 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: CRABTREE
->Temp folder emptied: 104022576 bytes
->Temporary Internet Files folder emptied: 2836514 bytes
->Java cache emptied: 144291 bytes
->FireFox cache emptied: 44392505 bytes
->Flash cache emptied: 1159 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gene
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Tech
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21747 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 14145184 bytes

Total Files Cleaned = 158.00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: CRABTREE
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Gene

User: Public

User: Tech
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Error: Unable to interpret <Then click the Run Fix button at the top> in the current context!
Error: Unable to interpret <Let the program run unhindered, reboot the PC when it is done> in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 11082011_161841

Files\Folders moved on Reboot...
C:\Users\CRABTREE\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

geno368 · 2011/11/08

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 29
Java(TM) SE Runtime Environment 6 Update 1
Adobe Flash Player 11.0.1.152
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````

broni · 2011/11/08

Uninstall Java(TM) SE Runtime Environment 6 Update 1 .

geno368 · 2011/11/08

C:\Users\CRABTREE\AppData\Local\IM\Identities\{AB4D8951-D0E1-48F7-AFB5-30C963BD4135}\Message Store\Attachments\cnet_CrossLoopSetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\CRABTREE\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101014111050969.rsc multiple threats deleted - quarantined
C:\Users\Gene\Documents\cnet_CrossLoopSetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Gene\Documents\COMPUTER NOTES\unlocker1.8.8.exe Win32/Adware.ADON application deleted - quarantined

broni · 2011/11/08

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

geno368 · 2011/11/09

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: CRABTREE
->Temp folder emptied: 31976 bytes
->Temporary Internet Files folder emptied: 196806 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43085213 bytes
->Flash cache emptied: 470 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gene
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Tech
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6905 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 11863887923 bytes

Total Files Cleaned = 11,356.00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: CRABTREE
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Gene

User: Public

User: Tech
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 11092011_073246

Files\Folders moved on Reboot...
C:\Users\CRABTREE\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

geno368 · 2011/11/09

BTW, did I have a trojan? What were the infections?

Thanks very much for your help. I will donate!

broni · 2011/11/09

Your computer was seriously infected starting with a rootkit so passwords changes is a must.

Good luck and stay safe

Log in or Sign up

Solved Possible infection-Win 7- logs attached

geno368 Well-Known Member Thread Starter

broni Moderator Malware Analyst

geno368 Well-Known Member Thread Starter

geno368 Well-Known Member Thread Starter

geno368 Well-Known Member Thread Starter

geno368 Well-Known Member Thread Starter

broni Moderator Malware Analyst

geno368 Well-Known Member Thread Starter

geno368 Well-Known Member Thread Starter

broni Moderator Malware Analyst

geno368 Well-Known Member Thread Starter

broni Moderator Malware Analyst

geno368 Well-Known Member Thread Starter

geno368 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Possible infection-Win 7- logs attached

geno368 Well-Known Member Thread Starter

broni Moderator Malware Analyst

geno368 Well-Known Member Thread Starter

geno368 Well-Known Member Thread Starter

geno368 Well-Known Member Thread Starter

geno368 Well-Known Member Thread Starter

broni Moderator Malware Analyst

geno368 Well-Known Member Thread Starter

geno368 Well-Known Member Thread Starter

broni Moderator Malware Analyst

geno368 Well-Known Member Thread Starter

broni Moderator Malware Analyst

geno368 Well-Known Member Thread Starter

geno368 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches