OTL logfile created on: 8/10/2012 11:04:32 AM - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\victor\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.96 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 65.01% Memory free 5.93 Gb Paging File | 4.84 Gb Available in Paging File | 81.72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138.28 Gb Total Space | 32.33 Gb Free Space | 23.38% Space Free | Partition Type: NTFS Drive E: | 120.73 Mb Total Space | 119.54 Mb Free Space | 99.01% Space Free | Partition Type: FAT Computer Name: VICTOR-PC | User Name: victor | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/08/10 10:57:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\victor\Desktop\OTL.exe PRC - [2012/07/11 15:54:41 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\victor\AppData\Local\Facebook\Update\FacebookUpdate.exe PRC - [2012/03/27 16:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccsvchst.exe PRC - [2012/02/23 00:12:39 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2011/02/24 22:30:56 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/05/25 20:16:16 | 000,619,008 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe PRC - [2009/08/21 09:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe PRC - [2009/08/21 09:29:20 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe PRC - [2009/08/05 14:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe PRC - [2009/05/05 17:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009/07/29 15:35:38 | 000,014,648 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll MOD - [2009/07/16 15:27:48 | 000,052,536 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll MOD - [2009/07/16 15:27:44 | 007,263,544 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll MOD - [2009/03/12 19:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012/07/11 16:08:37 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/03/27 16:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe -- (NAV) SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2010/02/24 22:30:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/01/16 14:31:40 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist) SRV - [2010/01/16 14:30:16 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe -- (tgsrvc_quickcare) SRV - [2010/01/16 14:30:10 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe -- (sprtsvc_quickcare) SRV - [2009/11/04 05:07:14 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) SRV - [2009/11/04 05:07:14 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) SRV - [2009/08/27 19:21:32 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP) SRV - [2009/08/24 19:25:56 | 000,575,552 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv) SRV - [2009/08/21 09:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/03/30 16:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2009/03/19 10:20:12 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) [Disabled | Stopped] -- C:\Qualcomm\QDLService\QDLService.exe -- (QDLService) SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PCTINDIS5.SYS -- (PCTINDIS5) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pctnullport.sys -- (Nmea) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\victor\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - [2012/06/18 17:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120711.002\BHDrvx86.sys -- (BHDrvx86) DRV - [2012/06/14 11:39:26 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120713.001\IDSvix86.sys -- (IDSVix86) DRV - [2012/06/12 11:47:17 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120715.009\NAVEX15.SYS -- (NAVEX15) DRV - [2012/06/12 11:47:17 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120715.009\NAVENG.SYS -- (NAVENG) DRV - [2012/05/31 01:07:57 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012/05/31 01:07:57 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/03/28 23:28:38 | 000,318,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1307010.005\symnets.sys -- (SymNetS) DRV - [2012/03/28 23:28:30 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NAV\1307010.005\symefa.sys -- (SymEFA) DRV - [2012/03/28 23:06:25 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1307010.005\ironx86.sys -- (SymIRON) DRV - [2012/03/28 23:03:27 | 000,574,072 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\NAV\1307010.005\srtsp.sys -- (SRTSP) DRV - [2012/03/28 23:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1307010.005\srtspx.sys -- (SRTSPX) DRV - [2012/03/23 07:13:33 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011/11/29 15:44:14 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1307010.005\ccsetx86.sys -- (ccSet_NAV) DRV - [2011/07/25 19:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NAV\1307010.005\symds.sys -- (SymDS) DRV - [2011/05/18 08:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 03:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/07/28 10:52:56 | 000,229,376 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI) DRV - [2010/05/04 12:50:36 | 000,105,544 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DIFMNET.sys -- (DIFMNET) DRV - [2010/04/28 13:03:02 | 000,164,552 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DIFMVsp.sys -- (DIFMVsp) DRV - [2010/04/28 13:03:00 | 000,164,552 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DIFMNVsp.sys -- (DIFMNVsp) DRV - [2010/04/28 13:03:00 | 000,164,552 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DIFMMdm.sys -- (DIFMMdm) DRV - [2010/04/28 13:03:00 | 000,164,552 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DIFMCVsp.sys -- (DIFMCVsp) DRV - [2010/04/28 13:03:00 | 000,056,392 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DIFMBUS.sys -- (DIFMBUS) DRV - [2010/03/26 22:07:28 | 000,319,488 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drxvi314.sys -- (bcm) DRV - [2010/03/26 22:04:24 | 000,051,456 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BcmBusCtr.sys -- (bcmbusctr) DRV - [2010/01/13 16:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) DRV - [2009/07/28 18:24:20 | 000,049,152 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie) DRV - [2009/07/14 15:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/13 15:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009/07/13 15:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009/07/04 18:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie) DRV - [2009/07/02 08:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci) DRV - [2009/06/29 16:16:22 | 000,013,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Thpevm.sys -- (Thpevm) DRV - [2009/06/29 10:25:24 | 000,030,272 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\thpdrv.sys -- (Thpdrv) DRV - [2009/05/25 17:01:00 | 000,069,098 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C) DRV - [2009/03/19 09:52:14 | 000,115,200 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcusbnetTSH.sys -- (qcusbnetTSH) DRV - [2009/03/19 09:52:14 | 000,104,448 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qcusbserTSH.sys -- (qcusbserTSH) DRV - [2009/03/19 09:52:14 | 000,005,248 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcfilterTSH.sys -- (qcfilterTSH) DRV - [2009/01/27 19:12:14 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/solidyoutube/{D651FF17-0A3F-41E3-996C-B3717AD9060E} IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm479YYUS&fl=0&ptb=OG3lSiJNNT0.XhG3kRttkw&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=sb&searchfor={searchTerms}&n=77ce57e6 IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm003YYus&ptb=79F92245-ACF5-4A4D-9158-ABAC3AE7DF28&psa=&ind=2011110621&ptnrS=XPxdm003YYus&si=CMew_K-7o6wCFeoZQgodYF_jDg&st=sb&n=77df1cdd&searchfor={searchTerms} IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\victor\Desktop IE - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F 30 6C 19 3A 96 CA 01 [binary data] IE - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000\..\URLSearchHook: {447ccf23-3319-4481-b1f6-0b13e40b0639} - No CLSID value found IE - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000\..\SearchScopes,DefaultScope = {BA65BB68-E51D-4D60-8B24-141FA22A6FAE} IE - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000\..\SearchScopes\{0169E633-8781-F882-9BC7-7B014AE4DE4E}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z206&form=ZGAIDF&install_date=20111110&iesrc={referrer:source} IE - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/solidyoutube/{D651FF17-0A3F-41E3-996C-B3717AD9060E}?q={searchTerms} IE - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000\..\SearchScopes\{9E9533AD-427E-4EE8-ABA7-CD77E9B84EB1}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120624,19081,0,18,0 IE - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm003YYus&ptb=79F92245-ACF5-4A4D-9158-ABAC3AE7DF28&psa=&ind=2011110621&ptnrS=XPxdm003YYus&si=CMew_K-7o6wCFeoZQgodYF_jDg&st=sb&n=77df1cdd&searchfor={searchTerms} IE - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000\..\SearchScopes\{BA65BB68-E51D-4D60-8B24-141FA22A6FAE}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7GPCK_en IE - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80116&lng=en IE - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\victor\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\victor\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\victor\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\victor\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\victor\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\ [2012/08/09 21:19:33 | 000,000,000 | ---D | M] O1 HOSTS File: ([2010/05/13 18:53:40 | 000,001,204 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: ::1 localhost O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDFViewerPlus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (no name) - {de4e75d3-60aa-4f02-a0e4-c8a40576574c} - No CLSID value found. O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000\..\Toolbar\WebBrowser: (no name) - {447CCF23-3319-4481-B1F6-0B13E40B0639} - No CLSID value found. O3 - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found. O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google) O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA) O4 - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000..\Run: [Facebook Update] C:\Users\victor\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C; .NET4.0E)" -"http://www.miniclip.com/games/waterslide-slalom/en/" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2712941158-3131102933-1011039749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/PopularScreenSaversInitialSetup1.0.1.1.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab (PopCapLoader Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81D563F6-CAF0-469A-9969-CCD85A442746}: DhcpNameServer = 192.168.0.1 205.171.2.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8F6750C-AC45-4DCA-8F5E-CFAB224AB97E}: DhcpNameServer = 192.168.0.1 205.171.2.65 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/08/10 10:57:44 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\victor\Desktop\OTL.exe [2012/08/09 18:13:44 | 000,000,000 | ---D | C] -- C:\FRST [2012/08/09 15:57:11 | 000,000,000 | RH-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC [2012/08/09 14:12:36 | 002,841,104 | ---- | C] (Symantec Corporation) -- C:\Users\victor\Desktop\NPE.exe.dbxpdw7.partial [2012/08/08 18:40:42 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2012/08/06 11:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA [2012/08/06 11:18:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO [2012/07/16 10:17:13 | 000,000,000 | ---D | C] -- C:\Users\victor\AppData\Roaming\AVG [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/08/10 11:07:19 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/10 10:57:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\victor\Desktop\OTL.exe [2012/08/10 10:55:17 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/10 10:55:17 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/10 10:50:46 | 000,660,318 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/08/10 10:50:46 | 000,121,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/08/10 10:46:46 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/10 10:46:46 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job [2012/08/10 10:46:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/10 10:45:51 | 2386,956,288 | -HS- | M] () -- C:\hiberfil.sys [2012/08/09 14:12:38 | 002,841,104 | ---- | M] (Symantec Corporation) -- C:\Users\victor\Desktop\NPE.exe.dbxpdw7.partial [2012/08/03 18:02:25 | 000,374,417 | ---- | M] () -- C:\Users\victor\Desktop\img058.pdf [2012/08/01 16:26:01 | 000,036,714 | ---- | M] () -- C:\Users\victor\Desktop\Map & directions.pdf [2012/08/01 16:25:13 | 000,014,174 | ---- | M] () -- C:\Users\victor\Desktop\reference release.pdf [2012/08/01 16:24:29 | 000,055,895 | ---- | M] () -- C:\Users\victor\Desktop\8600403-safety LD-CCL.pdf [2012/07/28 12:46:08 | 000,279,968 | ---- | M] () -- C:\Users\victor\Desktop\MainResume.pdf [2012/07/25 09:50:33 | 000,010,351 | ---- | M] () -- C:\Users\victor\Desktop\Iron Gate Bill.pdf [2012/07/16 09:53:55 | 000,027,520 | ---- | M] () -- C:\Users\victor\AppData\Local\dt.dat [2012/07/16 09:13:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/07/16 08:29:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2712941158-3131102933-1011039749-1000UA.job [2012/07/16 07:41:52 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2712941158-3131102933-1011039749-1000UA.job [2012/07/15 22:29:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2712941158-3131102933-1011039749-1000Core.job [2012/07/15 17:32:47 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2712941158-3131102933-1011039749-1000Core.job [2012/07/12 11:04:59 | 002,107,304 | ---- | M] () -- C:\Users\victor\Documents\VHA.pdf [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/08/03 18:02:25 | 000,374,417 | ---- | C] () -- C:\Users\victor\Desktop\img058.pdf [2012/08/01 16:26:01 | 000,036,714 | ---- | C] () -- C:\Users\victor\Desktop\Map & directions.pdf [2012/08/01 16:25:13 | 000,014,174 | ---- | C] () -- C:\Users\victor\Desktop\reference release.pdf [2012/08/01 16:24:29 | 000,055,895 | ---- | C] () -- C:\Users\victor\Desktop\8600403-safety LD-CCL.pdf [2012/07/28 12:46:06 | 000,279,968 | ---- | C] () -- C:\Users\victor\Desktop\MainResume.pdf [2012/07/25 09:50:33 | 000,010,351 | ---- | C] () -- C:\Users\victor\Desktop\Iron Gate Bill.pdf [2012/07/16 09:53:55 | 000,027,520 | ---- | C] () -- C:\Users\victor\AppData\Local\dt.dat [2012/07/12 11:04:42 | 002,107,304 | ---- | C] () -- C:\Users\victor\Documents\VHA.pdf [2012/03/02 20:54:46 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI [2012/03/02 18:47:42 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Grapher [2012/03/02 18:47:42 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Grand Piano [2012/03/02 18:47:42 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Generic [2012/03/02 18:47:42 | 000,000,268 | RH-- | C] () -- C:\Users\victor\AppData\Roaming\Galaxy Swirl [2012/03/02 18:47:42 | 000,000,268 | RH-- | C] () -- C:\Users\victor\AppData\Roaming\Galactic Static [2012/03/02 18:47:42 | 000,000,268 | RH-- | C] () -- C:\Users\victor\AppData\Roaming\Funk Animals [2012/03/02 18:47:42 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2012/03/02 18:47:42 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2012/03/02 18:47:42 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2012/01/18 07:13:50 | 000,000,000 | ---- | C] () -- C:\Users\victor\AppData\Local\{60750A61-37A8-40AC-AA78-59AC2E524448} [2011/11/12 20:50:14 | 000,315,682 | ---- | C] () -- C:\Windows\System32\slwc.exe [2011/11/12 20:33:46 | 000,111,104 | ---- | C] () -- C:\Windows\System32\Uharc.exe [2011/11/12 20:33:46 | 000,008,636 | ---- | C] () -- C:\Windows\System32\modifype.exe [2011/10/31 08:34:57 | 000,000,355 | ---- | C] () -- C:\Users\victor\Computer - Shortcut.lnk [2011/09/09 21:54:44 | 000,000,027 | -HS- | C] () -- C:\Users\victor\.pr_data [2011/09/09 21:24:03 | 000,000,000 | -HS- | C] () -- C:\Users\victor\.pr_stat_data [2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011/05/10 23:31:59 | 000,000,736 | ---- | C] () -- C:\Windows\SamsungMaster.INI [2011/04/03 11:20:22 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011/02/22 12:28:46 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011/02/19 10:09:35 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010/10/02 11:08:42 | 000,148,664 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010/09/27 14:00:35 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010/05/21 22:09:26 | 000,000,086 | ---- | C] () -- C:\Users\victor\AppData\Roaming\default.pls [2010/04/20 17:46:30 | 000,001,024 | ---- | C] () -- C:\Users\victor\.rnd [2009/12/26 00:28:37 | 000,000,069 | ---- | C] () -- C:\Users\victor\jagex_runescape_preferences2.dat [2009/12/26 00:27:47 | 000,000,039 | ---- | C] () -- C:\Users\victor\jagex_runescape_preferences.dat [2009/11/12 21:33:27 | 000,007,600 | ---- | C] () -- C:\Users\victor\AppData\Local\Resmon.ResmonCfg [color=#E56717]========== LOP Check ==========[/color] [2010/04/10 07:48:23 | 000,000,000 | ---D | M] -- C:\Users\Guest.victor-PC.000\AppData\Roaming\Epson [2012/08/09 21:19:43 | 000,000,000 | ---D | M] -- C:\Users\Mark.victor-PC.000\AppData\Roaming\AVG10 [2012/08/09 21:19:43 | 000,000,000 | ---D | M] -- C:\Users\Mark.victor-PC.000\AppData\Roaming\BitTorrent [2012/08/09 21:19:43 | 000,000,000 | ---D | M] -- C:\Users\Mark.victor-PC.000\AppData\Roaming\Epson [2012/08/09 21:19:44 | 000,000,000 | ---D | M] -- C:\Users\Mark.victor-PC.000\AppData\Roaming\Sprint [2012/08/09 21:15:40 | 000,000,000 | ---D | M] -- C:\Users\Oksana\AppData\Roaming\Sprint [2012/06/23 23:30:23 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\.minecraft [2011/09/26 17:21:38 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\.oit [2012/03/25 18:11:42 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\AnvSoft [2012/07/16 10:17:13 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\AVG [2011/01/27 11:32:32 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\AVG10 [2012/08/09 21:19:53 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\BitTorrent [2011/01/03 20:06:11 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\Bytemobile [2010/03/09 13:45:07 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\Canon [2011/06/12 13:59:56 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1 [2010/10/16 13:46:51 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\com.nyt.ihtreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1 [2010/02/12 19:26:14 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1 [2011/08/12 11:11:14 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\Epson [2012/08/09 21:19:53 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\FinalMediaPlayer [2011/02/20 00:03:21 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\FrostWire [2011/11/12 20:32:41 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\HamsterSoft [2010/02/14 12:35:16 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\ImgBurn [2010/04/06 20:34:28 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\Leadertech [2011/09/09 21:52:17 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\NewspaperDirect [2012/03/02 18:50:23 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\Nikon [2010/03/03 15:14:15 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\Nuance [2009/11/02 11:21:04 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\OpenOffice.org [2011/01/03 20:02:00 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\Sierra Wireless [2011/01/03 20:06:13 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\Sprint [2009/11/01 16:55:56 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\Template [2011/02/19 09:42:59 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\Tific [2009/10/30 22:29:01 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\toshiba [2009/10/30 21:27:46 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\WinBatch [2010/10/21 11:02:29 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\Windows Live Writer [2012/06/11 20:25:47 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\WinZip [2010/03/03 15:14:24 | 000,000,000 | ---D | M] -- C:\Users\victor\AppData\Roaming\Zeon [2012/07/15 17:32:47 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2712941158-3131102933-1011039749-1000Core.job [2012/07/16 07:41:52 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2712941158-3131102933-1011039749-1000UA.job [2012/08/10 10:46:46 | 000,000,388 | ---- | M] () -- C:\Windows\Tasks\Final Media Player Update Checker.job [2012/07/13 06:46:25 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011/02/24 22:30:56 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [color=#A23BEC]< MD5 for: SERVICES >[/color] [2009/06/10 14:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services [2009/06/10 14:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services [color=#A23BEC]< MD5 for: SERVICES.EXE >[/color] [2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\FRST\Quarantine\services.exe [2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe [2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe [color=#A23BEC]< MD5 for: SERVICES.EXE.MUI >[/color] [2009/07/13 19:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui [2009/07/13 19:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui [color=#A23BEC]< MD5 for: SERVICES.EXE-511D36F4.PF >[/color] [2012/08/09 10:55:01 | 000,008,810 | ---- | M] () MD5=9B02A432DF9B94FD92C457133E23A12A -- C:\Windows\Prefetch\SERVICES.EXE-511D36F4.pf [color=#A23BEC]< MD5 for: SERVICES.LNK >[/color] [2009/07/13 21:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk [2009/07/13 21:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk [color=#A23BEC]< MD5 for: SERVICES.MOCHIADS.COM.SOL >[/color] [2010/04/01 22:30:32 | 000,000,233 | ---- | M] () MD5=0B0AB8180F011005EBB8FFEE0A5CA7FB -- C:\Users\Mark.victor-PC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BAE8HVN7\mochiads.com\services.mochiads.com.sol [2012/08/07 20:20:42 | 000,000,391 | ---- | M] () MD5=63BC36D3DB76BEB3F84A1823B1AFC5B9 -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RX9DZPAS\mochiads.com\services.mochiads.com.sol [color=#A23BEC]< MD5 for: SERVICES.MOF >[/color] [2009/06/10 14:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof [2009/06/10 14:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof [color=#A23BEC]< MD5 for: SERVICES.MSC >[/color] [2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc [2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc [2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc [2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc [color=#A23BEC]< MD5 for: SERVICES.PTXML >[/color] [2009/07/13 13:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml [2009/07/13 13:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009/10/27 23:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/27 22:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009/07/13 18:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >[/color] [HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache\LAN] "AutodiscoveryFlags" = -2147483648 "DetectedInterfaceIpCount" = 3 "LastDetectHighDateTime" = 0 "LastDetectLowDateTime" = 0 "LastDetectTime" = 01/01/1601, 00:00:00 UTC "DetectedInterfaceIps" = fe80::3cce:2f0:3f57:fffc%98;192.168.0.3;2001:0:4137:9e76:3cce:2f0:3f57:fffc; "LastDetectUrl" = [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 247 bytes -> C:\ProgramData\TEMP:0B9FB94D @Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:01C66DD9 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4 < End of report >