Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Search Engine Redirecting Virus


  • This topic is locked This topic is locked

#1
karenld

karenld

    Member

  • Member
  • PipPip
  • 16 posts
Hi,

I think I have a virus as whenever I click on a link from google it automatically redirects me to an ad site or the yellowpages. Please help.
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Step 1

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • Defogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running Defogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Your Emulation drivers are now re-enabled.

Step 2

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 3

Posted Image OTL Custom Scan

  • Download OTL to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:
  • DeFogger log
  • aswMBR log
  • OTL scan log
  • Extras log

  • 0

#3
karenld

karenld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
When I click the "Defogger" link it just opens a blank page. It says to help protect my security, Internet explorer blocked the site and when I click download file nothing happens. I also have pop-ups temporarily allowed.
  • 0

#4
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Download and then unzip it from here: Attached File  Defogger.zip   14.01KB   22 downloads
  • 0

#5
karenld

karenld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-13 09:04:58
-----------------------------
09:04:58.656 OS Version: Windows x64 6.0.6002 Service Pack 2
09:04:58.656 Number of processors: 2 586 0x170A
09:04:58.656 ComputerName: BOSSCOMP UserName: Karen
09:05:01.698 Initialize success
09:07:03.804 AVAST engine defs: 11091301
09:08:55.422 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:08:55.422 Disk 0 Vendor: FUJITSU_ 0040 Size: 305245MB BusType: 3
09:08:55.469 Disk 0 MBR read successfully
09:08:55.469 Disk 0 MBR scan
09:08:55.469 Disk 0 Windows VISTA default MBR code
09:08:55.485 Service scanning
09:08:57.622 Modules scanning
09:08:57.622 Disk 0 trace - called modules:
09:08:58.028 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
09:08:58.043 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a35790]
09:08:58.043 3 CLASSPNP.SYS[fffffa6000fc5c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c44050]
09:09:00.399 AVAST engine scan C:\Windows
09:09:10.679 AVAST engine scan C:\Windows\system32
09:09:36.622 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Malware-gen
09:14:59.994 AVAST engine scan C:\Windows\system32\drivers
09:15:25.329 AVAST engine scan C:\Users\Karen
09:31:18.130 AVAST engine scan C:\ProgramData
09:35:52.612 Scan finished successfully
09:38:01.640 Disk 0 MBR has been saved successfully to "C:\Users\Karen\Documents\MBR.dat"
09:38:01.655 The log file has been saved successfully to "C:\Users\Karen\Documents\scanresults.txt"
  • 0

#6
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. It seems that we have ZeroAccess rootkit dropper here. You can skip OTL scan for now and proceed with this fix:

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection
  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.
  • 0

#7
karenld

karenld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OTL logfile created on: 13/09/2011 9:55:12 AM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Karen\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.84 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 39.72% Memory free
7.85 Gb Paging File | 5.40 Gb Available in Paging File | 68.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 275.61 Gb Total Space | 70.77 Gb Free Space | 25.68% Space Free | Partition Type: NTFS
Drive E: | 9.78 Gb Total Space | 9.70 Gb Free Space | 99.14% Space Free | Partition Type: NTFS
Drive F: | 4.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BOSSCOMP | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/13 09:41:16 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
PRC - [2010/12/30 19:02:09 | 000,396,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/10/05 20:18:51 | 000,454,656 | ---- | M] (Simon Tatham) -- C:\Users\Karen\Desktop\putty.exe
PRC - [2010/07/09 12:44:18 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgtray.exe
PRC - [2010/04/30 08:47:00 | 000,069,896 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2010/04/30 08:47:00 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2010/04/22 18:33:00 | 000,323,808 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
PRC - [2010/03/18 18:08:00 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
PRC - [2010/03/18 18:07:55 | 001,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgfws8.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/05/12 23:26:42 | 000,299,008 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/04/16 19:42:58 | 000,020,544 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
PRC - [2009/03/30 17:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2009/03/28 15:11:38 | 003,325,952 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Electronic Arts\EADM\Core.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/03/10 19:50:36 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/06 18:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/02/26 13:46:22 | 001,579,528 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSUI.exe
PRC - [2009/02/26 13:46:22 | 000,563,720 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
PRC - [2009/01/13 22:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2007/09/25 11:46:38 | 000,195,112 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/24 03:51:07 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7785435dab38ed94b6a0a608e91c6cda\Microsoft.VisualBasic.ni.dll
MOD - [2011/08/24 03:50:35 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4117485024b0f652b9fbb66ff5025896\System.Management.ni.dll
MOD - [2011/08/24 03:48:46 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1cc11918d8dd561391bba05c61de7573\System.ServiceProcess.ni.dll
MOD - [2011/08/24 03:48:27 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll
MOD - [2011/08/24 03:48:09 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll
MOD - [2011/08/24 03:48:03 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7ae4f4dbbfd301d5b5f3897b6ea433bf\System.Data.ni.dll
MOD - [2011/08/24 03:47:39 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
MOD - [2011/08/24 03:47:22 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
MOD - [2011/08/24 03:46:06 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/08/24 03:45:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll
MOD - [2011/08/24 03:14:38 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/08/24 03:14:28 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/04/22 18:33:24 | 002,887,904 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
MOD - [2010/04/22 18:33:20 | 000,025,824 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
MOD - [2010/04/22 18:33:00 | 000,323,808 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
MOD - [2010/03/22 16:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.dll
MOD - [2009/04/11 00:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/03/29 22:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/02/03 15:49:34 | 000,077,824 | R--- | M] () -- C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\Bin\boost_log-vc71-mt-1_32.dll
MOD - [2009/02/03 15:49:34 | 000,057,344 | R--- | M] () -- C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\Bin\boost_thread-vc71-mt-1_32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/04/14 18:57:28 | 000,251,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/04/09 20:03:58 | 000,803,696 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/03/17 12:48:54 | 000,084,480 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/03/06 19:30:32 | 000,488,288 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/02/19 15:53:28 | 000,055,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)
SRV:64bit: - [2008/10/16 19:05:00 | 001,449,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2008/10/16 18:27:20 | 000,826,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/03/18 13:26:56 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/11/21 17:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2007/02/14 16:23:36 | 000,566,768 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlcccoms.exe -- (dlcc_device)
SRV - [2010/04/30 08:47:00 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/04/22 18:33:04 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/03/18 18:08:00 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2010/03/18 18:07:55 | 001,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgfws8.exe -- (avgfws8)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/20 20:45:11 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/04/16 19:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)
SRV - [2009/04/01 19:10:58 | 000,062,776 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/03/30 17:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/03/06 18:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/02/26 13:46:22 | 000,563,720 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe -- (AVGIDSWatcher)
SRV - [2009/02/26 13:46:20 | 005,576,712 | ---- | M] (AVG) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2009/01/30 13:54:20 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/18 18:08:20 | 000,427,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/01/20 20:45:47 | 000,033,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/01/20 20:45:33 | 000,133,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/01/20 20:45:14 | 000,029,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2010/01/20 20:45:07 | 000,014,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (AvgRkx64)
DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/26 16:55:54 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpGmb001.SYS -- (HpGmb001)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/24 15:29:40 | 000,206,336 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/03/23 17:48:20 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/03/20 17:37:40 | 000,266,288 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/03/18 12:46:44 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\pgeffect.sys -- (PGEffect)
DRV:64bit: - [2009/03/03 13:14:24 | 008,040,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/02/11 18:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/01/27 20:12:14 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/11/17 08:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/09/22 07:49:58 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/03/21 13:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2007/12/11 15:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/09 15:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/02/26 13:46:56 | 000,132,104 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2009/02/26 13:46:56 | 000,035,848 | R--- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2009/02/26 13:46:56 | 000,027,144 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\Drivers\AVGIDSErHr.sys -- (AVGIDSErHr)
DRV - [2008/05/07 12:30:14 | 000,032,040 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2265777535-3956311810-825230018-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE - HKU\S-1-5-21-2265777535-3956311810-825230018-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
IE - HKU\S-1-5-21-2265777535-3956311810-825230018-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2265777535-3956311810-825230018-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: No CLSID value found. File not found
IE - HKU\S-1-5-21-2265777535-3956311810-825230018-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2265777535-3956311810-825230018-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)



O1 HOSTS File: ([2011/04/13 20:17:42 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [DLCCCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\DLCCtime.DLL ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Input Device Main Program] C:\Program Files\HP\HP Wireless Comfort Mobile Mouse\TSR\xDaemon.exe ()
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPCHWMsg] C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVGIDS] C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe (AVG)
O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe ()
O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2265777535-3956311810-825230018-1000..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-2265777535-3956311810-825230018-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80948B02-3C94-419E-ABCA-CA2AFD8B930C}: DhcpNameServer = 129.128.5.233 129.128.76.233
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6FE5B17-D2DB-479F-AE32-086266EFFC18}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Karen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Karen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/20 14:37:17 | 000,054,544 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010/03/26 22:03:00 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{921b1fc7-cfea-11df-bf0d-bf0303945f6b}\Shell - "" = AutoRun
O33 - MountPoints2\{921b1fc7-cfea-11df-bf0d-bf0303945f6b}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{9c3735d7-7360-11de-a84a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9c3735d7-7360-11de-a84a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/04/20 14:37:17 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/13 09:41:06 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
[2011/09/12 22:28:18 | 000,000,000 | ---D | C] -- C:\Users\Karen\Documents\tdsskiller[1]
[2011/09/10 16:27:21 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/09/09 13:14:06 | 000,000,000 | ---D | C] -- C:\Users\Karen\Documents\Life As A House
[2011/09/08 09:40:52 | 000,000,000 | ---D | C] -- C:\Users\Karen\Documents\NURS 290
[2011/09/05 17:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/09/05 17:50:47 | 000,014,336 | ---- | C] (Primax Electronics Ltd.) -- C:\Windows\SysNative\drivers\HpGmb001.sys
[2011/09/05 17:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/08/22 15:16:02 | 004,699,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/08/22 15:15:16 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/08/22 15:15:13 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/08/22 15:15:13 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/22 15:15:12 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/08/22 15:15:12 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/08/22 15:15:12 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/22 15:15:11 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/08/22 15:15:09 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/22 15:15:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/22 15:15:09 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/08/22 15:15:09 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/08/22 15:15:08 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/08/22 15:15:07 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/08/22 15:15:06 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/08/22 15:15:06 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/08/22 15:15:06 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/08/22 15:15:06 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/08/22 15:15:06 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/08/22 15:15:05 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/08/22 15:15:05 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/22 15:15:05 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/08/22 15:15:05 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/08/22 15:15:05 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/08/22 15:15:05 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/08/22 15:15:05 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/22 15:15:05 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/08/22 15:15:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/08/22 15:15:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/08/22 15:15:05 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/08/22 15:14:49 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/22 15:14:45 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll

========== Files - Modified Within 30 Days ==========

[2011/09/13 09:41:16 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
[2011/09/13 09:38:01 | 000,000,512 | ---- | M] () -- C:\Users\Karen\Documents\MBR.dat
[2011/09/13 09:08:08 | 000,000,120 | ---- | M] () -- C:\Users\Karen\webct_upload_applet.properties
[2011/09/13 08:58:55 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/13 08:58:54 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/13 08:58:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/13 08:58:39 | 4123,918,336 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/13 08:55:31 | 000,000,000 | ---- | M] () -- C:\Users\Karen\defogger_reenable
[2011/09/12 21:23:34 | 000,000,600 | ---- | M] () -- C:\Users\Karen\AppData\Local\PUTTY.RND
[2011/09/12 20:28:59 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{886EE7D1-2DFD-4738-BAF2-8EBFE14FC6AB}.job
[2011/09/12 16:20:36 | 000,002,651 | ---- | M] () -- C:\Users\Karen\Desktop\Microsoft Office Word 2007.lnk
[2011/09/11 18:10:13 | 000,075,776 | ---- | M] () -- C:\Users\Karen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/04 10:42:51 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/04 10:42:51 | 000,609,196 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/04 10:42:51 | 000,108,672 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/30 18:51:42 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Ambitions.lnk

========== Files Created - No Company Name ==========

[2011/09/13 09:38:01 | 000,000,512 | ---- | C] () -- C:\Users\Karen\Documents\MBR.dat
[2011/09/13 08:55:31 | 000,000,000 | ---- | C] () -- C:\Users\Karen\defogger_reenable
[2011/08/30 18:51:42 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Ambitions.lnk
[2010/10/05 20:38:37 | 000,000,680 | ---- | C] () -- C:\Users\Karen\AppData\Local\d3d9caps.dat
[2010/10/05 20:32:19 | 000,000,600 | ---- | C] () -- C:\Users\Karen\AppData\Local\PUTTY.RND
[2010/10/05 20:29:29 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/10/05 20:18:53 | 000,000,732 | ---- | C] () -- C:\Users\Karen\AppData\Local\d3d9caps64.dat
[2010/02/16 21:09:30 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/02/16 21:08:45 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/02/16 21:08:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/12/31 15:30:17 | 000,075,776 | ---- | C] () -- C:\Users\Karen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/18 01:10:55 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009/07/18 00:46:41 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2009/07/18 00:46:41 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2009/07/18 00:46:41 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2009/07/18 00:46:41 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2009/07/18 00:46:41 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2009/07/18 00:46:41 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2009/05/08 17:30:14 | 001,240,142 | ---- | C] () -- C:\Windows\ROnce.exe
[2009/05/08 00:57:11 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/03/03 13:12:44 | 000,445,796 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/03/03 13:12:44 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/03/03 13:12:42 | 002,026,604 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2008/09/02 03:32:38 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2010/01/01 21:27:41 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Farm Mania
[2010/05/14 18:08:09 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\FinalMediaPlayer
[2011/04/13 17:21:24 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Leadertech
[2011/04/13 19:18:53 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Memeo
[2011/04/13 17:26:08 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Seagate
[2010/01/20 08:32:17 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\TOSHIBA
[2010/05/11 16:21:32 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Ulead Systems
[2011/09/13 09:59:24 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\uTorrent
[2010/01/01 21:27:05 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\WildTangent
[2011/01/03 20:48:16 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\YoudaGames
[2011/09/13 08:57:27 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/12 20:28:59 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{886EE7D1-2DFD-4738-BAF2-8EBFE14FC6AB}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2008/01/20 20:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_1d87dda2\atapi.sys
[2008/01/20 20:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008/06/02 23:44:43 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=35137384FFB6FB4B4C3063CEB5DB34BE -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_1a9e8abf\atapi.sys
[2008/06/02 23:44:43 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=35137384FFB6FB4B4C3063CEB5DB34BE -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_37d5e5fef5f86cf7\atapi.sys
[2008/06/02 22:12:37 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=B388797CAAB36D523840347CC6A39B96 -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_95f5a2e9\atapi.sys
[2008/06/02 22:12:37 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=B388797CAAB36D523840347CC6A39B96 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_398211faf34b271a\atapi.sys
[2006/11/02 06:01:02 | 000,020,072 | ---- | M] (Microsoft Corporation) MD5=DF96CF8885724430024B7522E5C95722 -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_f8cccc79\atapi.sys
[2009/04/11 01:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009/04/11 01:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\system64\drivers\atapi.sys
[2009/04/11 01:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_b6d20d6f\atapi.sys
[2009/04/11 01:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Karen\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 00:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 01:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 01:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 20:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Karen\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2008/10/29 00:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/29 23:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 20:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 20:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 20:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 20:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 20:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 20:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\system64\svchost.exe
[2008/01/20 20:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 20:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 20:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\system64\userinit.exe
[2008/01/20 20:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Karen\AppData\Local\Temp\RarSFX0\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2009/04/11 01:15:45 | 000,269,288 | ---- | M] (Microsoft Corporation) MD5=5280AADA24AB36B01A84A6424C475C8D -- C:\Windows\SysNative\drivers\volsnap.sys
[2009/04/11 01:15:45 | 000,269,288 | ---- | M] (Microsoft Corporation) MD5=5280AADA24AB36B01A84A6424C475C8D -- C:\Windows\system64\drivers\volsnap.sys
[2009/04/11 01:15:45 | 000,269,288 | ---- | M] (Microsoft Corporation) MD5=5280AADA24AB36B01A84A6424C475C8D -- C:\Windows\system64\DriverStore\FileRepository\volume.inf_d5525b4d\volsnap.sys
[2009/04/11 01:15:45 | 000,269,288 | ---- | M] (Microsoft Corporation) MD5=5280AADA24AB36B01A84A6424C475C8D -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_73c0cc10b194374f\volsnap.sys
[2006/11/02 05:51:39 | 000,247,912 | ---- | M] (Microsoft Corporation) MD5=D4674E125878F77EED0D87E6C46889AA -- C:\Windows\system64\DriverStore\FileRepository\volume.inf_c52a9a32\volsnap.sys
[2008/01/20 20:47:03 | 000,271,416 | ---- | M] (Microsoft Corporation) MD5=DE4307412D98050239026E56A7DFF3C0 -- C:\Windows\system64\DriverStore\FileRepository\volume.inf_47e59f7b\volsnap.sys
[2008/01/20 20:47:03 | 000,271,416 | ---- | M] (Microsoft Corporation) MD5=DE4307412D98050239026E56A7DFF3C0 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_71d55304b4726c03\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 01:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\system64\winlogon.exe
[2009/04/11 01:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 20:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Karen\AppData\Local\Temp\RarSFX0\winlogon.exe
[2008/01/20 20:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/07/23 03:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/07/23 03:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/07/23 03:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/07/23 05:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/07/23 05:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/07/23 03:49:57 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/07/23 03:49:57 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/07/23 03:49:57 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/07/23 05:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/07/23 05:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:EA7D76BE
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

#8
karenld

karenld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OTL Extras logfile created on: 13/09/2011 9:55:12 AM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Karen\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.84 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 39.72% Memory free
7.85 Gb Paging File | 5.40 Gb Available in Paging File | 68.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 275.61 Gb Total Space | 70.77 Gb Free Space | 25.68% Space Free | Partition Type: NTFS
Drive E: | 9.78 Gb Total Space | 9.70 Gb Free Space | 99.14% Space Free | Partition Type: NTFS
Drive F: | 4.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BOSSCOMP | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2265777535-3956311810-825230018-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 66 3B 1D 80 0C D2 CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{047399EA-5DC2-410E-A280-1AB0B31B3AA1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{08B95EA4-358D-4E56-BB0D-96EF0FB49BA6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{093D8904-DB25-40A9-B9E4-7FB6B6A4C486}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{16417836-D0E7-4D0B-9667-54F2AF39FB7A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{164A311A-E3FD-4374-AACF-5EE9875D89AA}" = dir=in | app=c:\program files (x86)\avg\avg8\avgdiag.exe |
"{17C1AB68-E886-418E-A3D4-9D32D6CB79E3}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{18FD2121-F1FA-465A-9DA1-ED6713858D8D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{19366771-CD25-4732-81F4-49173A96F2DE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1A2E6994-F1E5-46D0-A949-804A10F5486B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1F414E1D-E482-4842-BFB6-AE64CE86CCC5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1F891908-50BC-4678-AC39-7C3CD8384600}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1FCD4129-1D95-460B-A248-84A8D761B32D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{27422E74-8EFA-4AF2-965B-FAB8C7FA9687}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{2A27BA72-B28A-4BDA-AF2A-DC8E14B588E9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2CA52029-77D1-422F-9C01-0318C17545BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2DFCF9AA-4B48-4FDE-BBDA-1CBBD1E245E5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2EB1B790-2F45-4E26-B7B1-CB6616B00004}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2EDE08AB-D690-4F86-BB9E-7A9768B41301}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{32E867C1-1595-4C92-B2ED-9044704C3317}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{33402AF0-D53C-4067-B620-9E6C8C839BF2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{33BB2D1B-F748-418D-A3CA-DDE5ADD39216}" = protocol=6 | dir=in | app=c:\users\karen\appdata\local\temp\ranges.exe |
"{35050EA1-BF7F-4BE5-B5C6-BC2C73B92CF1}" = dir=in | app=c:\program files (x86)\avg\avg8\avgam.exe |
"{35B35160-7665-4C13-B472-A2C4A3E87B48}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{38031857-B2FB-4B71-9310-07D5600D843F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3941A89D-E7DC-4838-8B25-2727282EA7DD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3BC2E61F-E122-45AB-88E3-6BA8221D582D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3C2C84BB-D1DF-4D50-8A48-1B0CF5BFA9A8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3C8B29CD-7765-48B6-AFC7-BEC2748FE3E8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{40F43958-DB0C-4FA6-A2B6-BB3A13C90EDC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{463B46D1-7B24-45CC-B7A2-0A42C05633D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{48E50D14-CCC0-43D8-B4F5-5933FCB1336A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4F089A27-C90C-4E1B-BCED-F9A53F3903EE}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{509B0520-F521-4C5A-AE9C-C31E23CB784F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{514EE9E2-AB9D-426B-89B3-E8A3661F8DF5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{54CED185-3D76-45E7-AC1E-E3971192260A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{57A55674-FE56-41B3-A68E-096286C29479}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{57F4857F-90A9-4FC6-B0DE-247C5F3725E8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{59E54746-558E-43CC-A58F-FF472FD92F16}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5F2CE88D-33F3-418C-92BB-259B9AD13B7F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{60C93A83-4B14-4401-B06D-6D9816D3FA8F}" = protocol=17 | dir=in | app=c:\windows\system32\dlcccoms.exe |
"{643FE081-EDE7-42CE-A2C2-CD56BD920849}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{646CC6FC-3080-4468-9498-9F5AE421DD73}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{64DD5DBF-BC09-45A8-B356-4AACB110B4B3}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{65B36A90-4435-4797-97A9-FDACDE1B5A67}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{68A72F8D-9C55-4EEC-8DFB-C82F5DB0F217}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{68E76970-5A87-4D6D-9B82-AEC57FF8C304}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6993610D-6B5C-4DD2-BEF4-1A883AF609C0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6A413839-C95F-439A-8A88-F4DB462A9844}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6C968BAC-CFFE-4780-9EA5-25FE959F2850}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6DDE8636-2727-4729-B0D9-B35C39057192}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6F6670A7-34F6-4BB5-90BF-44A8D626C684}" = protocol=6 | dir=in | app=c:\users\karen\appdata\local\temp\ranges.exe |
"{6FED77A4-9074-481E-BA51-0701B1AB5AA8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{70A1FEAD-5585-4516-9A70-0925EF03E1CB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{73FBCBD7-249B-46AE-8A2C-93A34F8087E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{77287B83-3FFE-41C5-AAAA-9E17713DEC07}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{79F6A117-2040-47C7-A086-AA4A7C6B2F63}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7B118C94-1C46-4B59-9C05-C5ED88CCCDA8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7D238C78-37F1-41B6-98EE-29C39DE1FEBD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7DAF6216-2B54-41D7-9BF0-B7A9981E09B7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{81A13463-4235-4A64-933E-87135D691E79}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |
"{8447E746-2D4A-4AD1-A19F-21A2C488C0E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{881DA3C8-E89C-4356-B6E4-6D5154C96CB3}" = dir=in | app=c:\program files (x86)\avg\avg8\avgnsa.exe |
"{886B7FD6-8648-4419-8816-CB5301190B71}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{8C775AAA-1868-48C9-97BE-6C6644CE33AA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8C9E087D-7253-4798-BE27-147A2CCFEB1E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8E6352FE-2DFB-4595-841E-6C12B916EA75}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8F1C768F-8FE3-4BFA-A1D4-A3355D05A344}" = dir=in | app=c:\program files (x86)\avg\avg8\avgdiagex.exe |
"{8FEEB913-C608-475C-A1EF-9644F23FD466}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{90D8F7EF-19AA-4A37-B5FC-E5B8A995A04C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{92731C3B-987C-4011-8B78-B1B7563746D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{94F1D82B-2B74-4E39-8D0F-7C0457B2FFD4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{963031F2-B9C8-4EAE-B7C0-A9CCCCAEAC28}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9631CD82-6F4F-4104-B908-EC89FE6674BA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{96E96C8D-A82F-46B4-9D5C-8C610521889C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9A9C2EE3-C27C-434A-BDDD-C9FF8C5B3622}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9ACC18FF-C163-47CC-9156-61521A69E16D}" = protocol=17 | dir=in | app=c:\users\karen\appdata\local\temp\ranges.exe |
"{9C09773F-9348-49D0-B5A1-32B9B3B7A35F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9CC85BD3-1679-4CC9-8D97-B9559F3EF785}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9F6FDFAC-E6A9-4BA9-BA4A-C327B4FF9D86}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A3565626-733E-48CC-91D7-9870AE2DC0B7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A44FE670-4F09-44B7-B398-D6F61AE8A4D9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A4E45496-6277-4D50-A742-C8E587506EFB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A562385C-5753-4113-907F-24D1A9B580EA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A69EDCD7-CFFB-4756-AAE7-2D711934AA1F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A6EB8E58-10D0-4482-A6E8-26D1E828E4C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B0805A80-1634-4E7A-B49A-8EBC73A66406}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B337FF38-9BEB-49C6-A42D-229429F1B6D6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B484F0DC-F64D-43C7-848E-1D7B3668B183}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B870E8D0-9E6E-4EC9-A658-9B44A803F0A6}" = protocol=17 | dir=in | app=c:\users\karen\appdata\local\temp\ranges.exe |
"{B881BBE8-25FE-43E6-85D7-A4A393A81DDA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B934B03C-C3A4-4FC1-BA4A-E14C84B8DB58}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BA562D04-84B1-4EDC-BE59-F6765EDCDAD3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BB21CC37-C632-4BA1-8440-84A4A315F1EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BDF8F839-94BF-4ED9-BFB1-BE0CA2F366B0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C0502A93-D3F1-4B70-99A6-2306ED2BB2C9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C2B3B000-5BC0-4256-BE51-15A0E95877A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C447A71C-6705-461C-A083-B47C2AC52820}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C449E8FF-3756-4972-95FD-05CA6F063334}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C522F4D1-6B5D-4E5C-A44F-0B1C232B6D32}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{C568D46B-AFDA-4C64-A999-53A79005558F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C571D24E-8063-4433-81D8-31EEFB00D2A0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C5770866-BD24-428D-9804-5DD3574C0FEB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C65B5A05-5A5B-45FB-AC71-F809BC9A1E60}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C93511BB-DB24-4B6D-A2CB-171719D4B900}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CE29D401-11E5-4D67-8854-3803FB5C5A5D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CE745CA5-D044-4805-95D4-5CB547FC87A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D159948F-C7A6-4BC3-B02D-8CCF60F17A0E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D5830729-703E-4471-A9EC-FDFABE9EB300}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D89CB89F-4E5A-4F76-85D2-8E266EEC5E6B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DD561275-A586-4A58-8851-0C1E1D43AD08}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E06A8D42-3E09-46AC-970E-0B41DDD1EB8E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E49F077E-C050-473D-9E88-070ECE1B1203}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E7BDA306-2960-4CFA-AB49-D53C87768D64}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E913323D-B8D0-4923-B436-5DCB92A72C34}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E9327543-165E-4F04-99D3-75ACA5F83B90}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EA6E5E7E-12DC-41C8-A0C6-BC9482F8DBB2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EBB76E28-C8D8-4BF3-9D89-FFB3A37D6152}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EC83C34F-2085-4E6B-A084-C3D0E8488177}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EC9B4C60-08E5-4AB0-839F-BC0951C22CC2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F041B3C4-0A36-4B5D-AA1F-B9837F751147}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F05D85C1-D65C-47EF-8128-41F77510D469}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F115F179-8D02-415F-A92B-FA5AAA6330CF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F1BCC057-5C86-42E2-9D16-129FA555314B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F1F58B1C-97B3-4950-A9B9-87929015E56D}" = protocol=6 | dir=in | app=c:\windows\system32\dlcccoms.exe |
"{F284C138-1408-41F0-838A-D84AB4F90760}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F28FC48C-5A72-4E06-9911-37D3A83DBFB0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F6D88477-503B-4282-ADC1-C07562739CBA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F8D8E9C0-F73B-4E61-9B51-70C1764E3C3A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FA0AE80C-FA71-4BBF-ACFE-35C6C25F8AE9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FE2220F5-A90D-4BE1-A02A-E0DAB32458EC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FE6B1940-1F6F-49D0-9D3D-43FC54BB499F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1BC77CEF-C52F-4092-BF87-0D4E6B86D860}" = Memeo Share
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7583D2F8-8E7D-40C5-9862-4D218006FB84}" = AVG Identity Protection
"{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81784157-3D4D-4bc1-B988-B24C32A26DA8}" = Memeo Send
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AA8B2587-7198-44E6-858D-20EA0E833C9D}" = HP Wireless Comfort Mobile Mouse
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AE8FFD41-8BFC-47D3-829E-77D23BFF09FF}" = My TOSHIBA
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}" = TOSHIBA ConfigFree
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG8Uninstall" = AVG 8.5
"BFGC" = Big Fish Games: Game Manager
"BFG-Youda Survivor" = Youda Survivor
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"EADM" = EA Download Manager
"FinalMediaPlayer_is1" = Final Media Player 2010
"Graboid Video" = Graboid Video 1.73
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Picasa2" = Picasa 2
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.10
"WildTangent toshiba Master Uninstall" = WildTangent Games

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/08/2011 7:16:20 PM | Computer Name = BOSSCOMP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 68029103

Error - 16/08/2011 11:01:34 PM | Computer Name = BOSSCOMP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 16/08/2011 11:01:34 PM | Computer Name = BOSSCOMP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 448648096

Error - 16/08/2011 11:01:34 PM | Computer Name = BOSSCOMP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 448648096

Error - 16/08/2011 11:01:50 PM | Computer Name = BOSSCOMP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 16/08/2011 11:01:50 PM | Computer Name = BOSSCOMP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 448663727

Error - 16/08/2011 11:01:50 PM | Computer Name = BOSSCOMP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 448663727

Error - 17/08/2011 4:05:10 PM | Computer Name = BOSSCOMP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 17/08/2011 4:05:10 PM | Computer Name = BOSSCOMP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 58736561

Error - 17/08/2011 4:05:10 PM | Computer Name = BOSSCOMP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 58736561

[ System Events ]
Error - 12/09/2011 6:10:01 PM | Computer Name = BOSSCOMP | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =

Error - 12/09/2011 6:10:39 PM | Computer Name = BOSSCOMP | Source = Service Control Manager | ID = 7000
Description =

Error - 12/09/2011 6:10:39 PM | Computer Name = BOSSCOMP | Source = Service Control Manager | ID = 7001
Description =

Error - 12/09/2011 6:15:09 PM | Computer Name = BOSSCOMP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.102 for the Network Card with network
address 001E6546F746 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12/09/2011 8:11:25 PM | Computer Name = BOSSCOMP | Source = bowser | ID = 8003
Description =

Error - 13/09/2011 12:17:28 AM | Computer Name = BOSSCOMP | Source = Service Control Manager | ID = 7000
Description =

Error - 13/09/2011 12:17:28 AM | Computer Name = BOSSCOMP | Source = Service Control Manager | ID = 7001
Description =

Error - 13/09/2011 10:59:46 AM | Computer Name = BOSSCOMP | Source = Service Control Manager | ID = 7000
Description =

Error - 13/09/2011 10:59:46 AM | Computer Name = BOSSCOMP | Source = Service Control Manager | ID = 7001
Description =

Error - 13/09/2011 11:57:27 AM | Computer Name = BOSSCOMP | Source = bowser | ID = 8003
Description =


< End of report >
  • 0

#9
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Before you run Combofix please do the following:

We need to temporarily remove your Anti-Virus, as it interes with the fix I want to run. You can reinstall it again later. If you are not happy about doing this, please let me know before proceding

Download AppRemover and run it.

Click Next >>
Posted Image


Ensure "Remove Security Application" is collected and click Next >>
Posted Image


AppRemover will scan all the security applications on your PC
Posted Image

Select Any AVG entries from the applications offered and click Next >> twice.
Posted Image

Follow any further on-screen instructions. If asked to reboot,please do so.

Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed


NEXT...

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection
  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.
  • 0

#10
karenld

karenld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
When I tried to download combo fix the first time it worked but somehow shut down my computer and when I went to restart my computer it wouldn't start and the computer had to repair itself. Now when I try to download combo fix it shows it is being saved but the pop up just disappears when it is done downloading and I cannot find it on my desktop.
  • 0

Advertisements


#11
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
You actually didn't run Combofix yet?
  • 0

#12
karenld

karenld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I ran part of it before it shut my computer down. I wasn't really watching I just saw that it was running and since you aren't supposed to use the computer I left and when I came back my screen was black and I had to turn it on and get it to do the self repair thing.
  • 0

#13
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Please take a look on a root of C drive if there is maybe some file named combofix.txt
  • 0

#14
karenld

karenld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I'm sorry I don't know how to look in my C drive.
  • 0

#15
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Open Windows Explorer and navigate to C: drive.

Posted Image
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP