Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Search Engine Redirecting Virus


  • This topic is locked This topic is locked

#16
karenld

karenld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Ahhh yes thank you. I have found the Combo Fix program. Including the text file located here.
  • 0

Advertisements


#17
karenld

karenld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Not sure if you wanted this or not but this is what the text said

ComboFix 11-09-13.03 - Karen 13/09/2011 14:33:58.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3932.2419 [GMT -6:00]
Running from: C:\Users\Karen\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  • 0

#18
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please attach this file in you next reply.

How to add an attachment to a new topic or reply
  • 0

#19
karenld

karenld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
the combofix file I found just has a lot of smaller files in it. I'm not sure which one to run.
  • 0

#20
karenld

karenld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I was trying to download some other files for school and they are also not completely downloading or ending up in the wrong place.
  • 0

#21
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Strange. Let's look into that.

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.*
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

#22
karenld

karenld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OTL logfile created on: 14/09/2011 4:04:34 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Karen\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.84 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 41.94% Memory free
7.88 Gb Paging File | 5.72 Gb Available in Paging File | 72.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 275.61 Gb Total Space | 77.94 Gb Free Space | 28.28% Space Free | Partition Type: NTFS
Drive E: | 9.78 Gb Total Space | 9.70 Gb Free Space | 99.14% Space Free | Partition Type: NTFS
Drive F: | 4.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BOSSCOMP | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/13 20:59:22 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Users\Karen\AppData\Local\Temp\8LJCAEC.exe
PRC - [2011/09/13 09:41:16 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
PRC - [2010/12/30 19:02:09 | 000,396,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/03/18 18:07:55 | 001,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgfws8.exe
PRC - [2009/05/12 23:26:42 | 000,299,008 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/04/16 19:42:58 | 000,020,544 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
PRC - [2009/03/30 17:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2009/03/28 15:11:38 | 003,325,952 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Electronic Arts\EADM\Core.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/03/06 18:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/02/26 13:46:22 | 001,579,528 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSUI.exe
PRC - [2009/02/26 13:46:22 | 000,563,720 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
PRC - [2009/01/13 22:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2009/01/08 08:36:42 | 002,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
PRC - [2007/09/25 11:46:38 | 000,195,112 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe


========== Modules (No Company Name) ==========

MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/04/11 00:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/02/03 15:49:34 | 000,077,824 | R--- | M] () -- C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\Bin\boost_log-vc71-mt-1_32.dll
MOD - [2009/02/03 15:49:34 | 000,057,344 | R--- | M] () -- C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\Bin\boost_thread-vc71-mt-1_32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/04/14 18:57:28 | 000,251,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/04/09 20:03:58 | 000,803,696 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/03/17 12:48:54 | 000,084,480 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/03/06 19:30:32 | 000,488,288 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/02/19 15:53:28 | 000,055,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)
SRV:64bit: - [2008/10/16 19:05:00 | 001,449,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2008/10/16 18:27:20 | 000,826,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/03/18 13:26:56 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/11/21 17:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2007/02/14 16:23:36 | 000,566,768 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlcccoms.exe -- (dlcc_device)
SRV - [2010/04/30 08:47:00 | 000,014,088 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/04/22 18:33:04 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/03/18 18:08:00 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2010/03/18 18:07:55 | 001,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgfws8.exe -- (avgfws8)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/20 20:45:11 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/04/16 19:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)
SRV - [2009/04/01 19:10:58 | 000,062,776 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/03/30 17:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/03/06 18:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/02/26 13:46:22 | 000,563,720 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe -- (AVGIDSWatcher)
SRV - [2009/02/26 13:46:20 | 005,576,712 | ---- | M] (AVG) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2009/01/30 13:54:20 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/18 18:08:20 | 000,427,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/01/20 20:45:47 | 000,033,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/01/20 20:45:33 | 000,133,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/01/20 20:45:14 | 000,029,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2010/01/20 20:45:07 | 000,014,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (AvgRkx64)
DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/26 16:55:54 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpGmb001.SYS -- (HpGmb001)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/24 15:29:40 | 000,206,336 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/03/23 17:48:20 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/03/20 17:37:40 | 000,266,288 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/03/18 12:46:44 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\pgeffect.sys -- (PGEffect)
DRV:64bit: - [2009/03/03 13:14:24 | 008,040,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/02/11 18:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/01/27 20:12:14 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/11/17 08:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/09/22 07:49:58 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/03/21 13:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2007/12/11 15:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/09 15:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/02/26 13:46:56 | 000,132,104 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2009/02/26 13:46:56 | 000,035,848 | R--- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2009/02/26 13:46:56 | 000,027,144 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\Drivers\AVGIDSErHr.sys -- (AVGIDSErHr)
DRV - [2008/05/07 12:30:14 | 000,032,040 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2265777535-3956311810-825230018-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE - HKU\S-1-5-21-2265777535-3956311810-825230018-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
IE - HKU\S-1-5-21-2265777535-3956311810-825230018-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2265777535-3956311810-825230018-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: No CLSID value found. File not found
IE - HKU\S-1-5-21-2265777535-3956311810-825230018-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2265777535-3956311810-825230018-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)



O1 HOSTS File: ([2011/04/13 20:17:42 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [DLCCCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\DLCCtime.DLL ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Input Device Main Program] C:\Program Files\HP\HP Wireless Comfort Mobile Mouse\TSR\xDaemon.exe ()
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPCHWMsg] C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVGIDS] C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe (AVG)
O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe ()
O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2265777535-3956311810-825230018-1000..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-2265777535-3956311810-825230018-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80948B02-3C94-419E-ABCA-CA2AFD8B930C}: DhcpNameServer = 129.128.5.233 129.128.76.233
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6FE5B17-D2DB-479F-AE32-086266EFFC18}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Karen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Karen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/20 14:37:17 | 000,054,544 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010/03/26 22:03:00 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{921b1fc7-cfea-11df-bf0d-bf0303945f6b}\Shell - "" = AutoRun
O33 - MountPoints2\{921b1fc7-cfea-11df-bf0d-bf0303945f6b}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{9c3735d7-7360-11de-a84a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9c3735d7-7360-11de-a84a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/04/20 14:37:17 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/13 14:27:42 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/09/13 14:27:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/13 09:41:06 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
[2011/09/12 22:28:18 | 000,000,000 | ---D | C] -- C:\Users\Karen\Documents\tdsskiller[1]
[2011/09/10 16:27:21 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/09/09 13:14:06 | 000,000,000 | ---D | C] -- C:\Users\Karen\Documents\Life As A House
[2011/09/08 09:40:52 | 000,000,000 | ---D | C] -- C:\Users\Karen\Documents\NURS 290
[2011/09/05 17:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/09/05 17:50:47 | 000,014,336 | ---- | C] (Primax Electronics Ltd.) -- C:\Windows\SysNative\drivers\HpGmb001.sys
[2011/09/05 17:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/08/22 15:16:02 | 004,699,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/08/22 15:15:16 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/08/22 15:15:13 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/08/22 15:15:13 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/22 15:15:12 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/08/22 15:15:12 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/08/22 15:15:12 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/22 15:15:11 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/08/22 15:15:09 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/22 15:15:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/22 15:15:09 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/08/22 15:15:09 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/08/22 15:15:08 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/08/22 15:15:07 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/08/22 15:15:06 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/08/22 15:15:06 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/08/22 15:15:06 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/08/22 15:15:06 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/08/22 15:15:06 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/08/22 15:15:05 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/08/22 15:15:05 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/22 15:15:05 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/08/22 15:15:05 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/08/22 15:15:05 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/08/22 15:15:05 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/08/22 15:15:05 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/22 15:15:05 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/08/22 15:15:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/08/22 15:15:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/08/22 15:15:05 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/08/22 15:14:49 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/22 15:14:45 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll

========== Files - Modified Within 30 Days ==========

[2011/09/14 16:04:30 | 000,000,600 | ---- | M] () -- C:\Users\Karen\AppData\Local\PUTTY.RND
[2011/09/14 15:57:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/14 13:03:42 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/14 13:03:41 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/13 21:27:34 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{886EE7D1-2DFD-4738-BAF2-8EBFE14FC6AB}.job
[2011/09/13 21:23:28 | 000,076,288 | ---- | M] () -- C:\Users\Karen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/13 21:17:55 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/13 21:17:55 | 000,609,196 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/13 21:17:55 | 000,108,672 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/13 20:58:50 | 4123,918,336 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/13 09:41:16 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
[2011/09/13 09:38:01 | 000,000,512 | ---- | M] () -- C:\Users\Karen\Documents\MBR.dat
[2011/09/13 09:08:08 | 000,000,120 | ---- | M] () -- C:\Users\Karen\webct_upload_applet.properties
[2011/09/13 08:55:31 | 000,000,000 | ---- | M] () -- C:\Users\Karen\defogger_reenable
[2011/09/12 16:20:36 | 000,002,651 | ---- | M] () -- C:\Users\Karen\Desktop\Microsoft Office Word 2007.lnk
[2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/30 18:51:42 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Ambitions.lnk

========== Files Created - No Company Name ==========

[2011/09/13 09:38:01 | 000,000,512 | ---- | C] () -- C:\Users\Karen\Documents\MBR.dat
[2011/09/13 08:55:31 | 000,000,000 | ---- | C] () -- C:\Users\Karen\defogger_reenable
[2011/08/30 18:51:42 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Ambitions.lnk
[2010/10/05 20:38:37 | 000,000,680 | ---- | C] () -- C:\Users\Karen\AppData\Local\d3d9caps.dat
[2010/10/05 20:32:19 | 000,000,600 | ---- | C] () -- C:\Users\Karen\AppData\Local\PUTTY.RND
[2010/10/05 20:29:29 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/10/05 20:18:53 | 000,000,732 | ---- | C] () -- C:\Users\Karen\AppData\Local\d3d9caps64.dat
[2010/02/16 21:09:30 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/02/16 21:08:45 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/02/16 21:08:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/12/31 15:30:17 | 000,076,288 | ---- | C] () -- C:\Users\Karen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/18 01:10:55 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009/07/18 00:46:41 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2009/07/18 00:46:41 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2009/07/18 00:46:41 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2009/07/18 00:46:41 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2009/07/18 00:46:41 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2009/07/18 00:46:41 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2009/05/08 17:30:14 | 001,240,142 | ---- | C] () -- C:\Windows\ROnce.exe
[2009/05/08 00:57:11 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/03/03 13:12:44 | 000,445,796 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/03/03 13:12:44 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/03/03 13:12:42 | 002,026,604 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2008/09/02 03:32:38 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2010/01/01 21:27:41 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Farm Mania
[2010/05/14 18:08:09 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\FinalMediaPlayer
[2011/04/13 17:21:24 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Leadertech
[2011/04/13 19:18:53 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Memeo
[2011/04/13 17:26:08 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Seagate
[2010/01/20 08:32:17 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\TOSHIBA
[2010/05/11 16:21:32 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Ulead Systems
[2011/09/14 16:08:23 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\uTorrent
[2010/01/01 21:27:05 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\WildTangent
[2011/01/03 20:48:16 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\YoudaGames
[2011/09/13 20:57:43 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/13 21:27:34 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{886EE7D1-2DFD-4738-BAF2-8EBFE14FC6AB}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/05/08 17:30:00 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/09/13 20:58:50 | 4123,918,336 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/18 00:35:16 | 000,000,527 | -H-- | M] () -- C:\log.txt
[2011/04/13 17:25:57 | 000,000,162 | ---- | M] () -- C:\MemeoSendAddin
[2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/09/13 20:58:49 | 142,536,703 | -HS- | M] () -- C:\pagefile.sys
[2011/04/12 20:12:49 | 000,000,664 | ---- | M] () -- C:\rkill.log


< MD5 for: EXPLORER.EXE >
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Karen\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 00:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 01:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 01:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 20:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Karen\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2008/10/29 00:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/29 23:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 20:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 20:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 20:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 20:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 20:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 20:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\system64\svchost.exe
[2008/01/20 20:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 20:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 20:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\system64\userinit.exe
[2008/01/20 20:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Karen\AppData\Local\Temp\RarSFX0\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 01:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\system64\winlogon.exe
[2009/04/11 01:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 20:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Karen\AppData\Local\Temp\RarSFX0\winlogon.exe
[2008/01/20 20:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/07/23 03:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/07/23 03:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/07/23 03:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/07/23 05:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/07/23 05:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/07/23 03:49:57 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/07/23 03:49:57 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/07/23 03:49:57 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/07/23 05:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/07/23 05:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)

< >

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:EA7D76BE
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

#23
karenld

karenld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OTL Extras logfile created on: 14/09/2011 4:04:34 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Karen\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.84 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 41.94% Memory free
7.88 Gb Paging File | 5.72 Gb Available in Paging File | 72.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 275.61 Gb Total Space | 77.94 Gb Free Space | 28.28% Space Free | Partition Type: NTFS
Drive E: | 9.78 Gb Total Space | 9.70 Gb Free Space | 99.14% Space Free | Partition Type: NTFS
Drive F: | 4.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BOSSCOMP | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2265777535-3956311810-825230018-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 66 3B 1D 80 0C D2 CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{047399EA-5DC2-410E-A280-1AB0B31B3AA1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{08B95EA4-358D-4E56-BB0D-96EF0FB49BA6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{093D8904-DB25-40A9-B9E4-7FB6B6A4C486}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{16417836-D0E7-4D0B-9667-54F2AF39FB7A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{164A311A-E3FD-4374-AACF-5EE9875D89AA}" = dir=in | app=c:\program files (x86)\avg\avg8\avgdiag.exe |
"{17C1AB68-E886-418E-A3D4-9D32D6CB79E3}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{18FD2121-F1FA-465A-9DA1-ED6713858D8D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{19366771-CD25-4732-81F4-49173A96F2DE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1A2E6994-F1E5-46D0-A949-804A10F5486B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1F414E1D-E482-4842-BFB6-AE64CE86CCC5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1F891908-50BC-4678-AC39-7C3CD8384600}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1FCD4129-1D95-460B-A248-84A8D761B32D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{27422E74-8EFA-4AF2-965B-FAB8C7FA9687}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{2A27BA72-B28A-4BDA-AF2A-DC8E14B588E9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2CA52029-77D1-422F-9C01-0318C17545BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2DFCF9AA-4B48-4FDE-BBDA-1CBBD1E245E5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2EB1B790-2F45-4E26-B7B1-CB6616B00004}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2EDE08AB-D690-4F86-BB9E-7A9768B41301}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{32E867C1-1595-4C92-B2ED-9044704C3317}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{33402AF0-D53C-4067-B620-9E6C8C839BF2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{33BB2D1B-F748-418D-A3CA-DDE5ADD39216}" = protocol=6 | dir=in | app=c:\users\karen\appdata\local\temp\ranges.exe |
"{35050EA1-BF7F-4BE5-B5C6-BC2C73B92CF1}" = dir=in | app=c:\program files (x86)\avg\avg8\avgam.exe |
"{35B35160-7665-4C13-B472-A2C4A3E87B48}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{38031857-B2FB-4B71-9310-07D5600D843F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3941A89D-E7DC-4838-8B25-2727282EA7DD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3BC2E61F-E122-45AB-88E3-6BA8221D582D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3C2C84BB-D1DF-4D50-8A48-1B0CF5BFA9A8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3C8B29CD-7765-48B6-AFC7-BEC2748FE3E8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{40F43958-DB0C-4FA6-A2B6-BB3A13C90EDC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{463B46D1-7B24-45CC-B7A2-0A42C05633D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{48E50D14-CCC0-43D8-B4F5-5933FCB1336A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4F089A27-C90C-4E1B-BCED-F9A53F3903EE}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{509B0520-F521-4C5A-AE9C-C31E23CB784F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{514EE9E2-AB9D-426B-89B3-E8A3661F8DF5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{54CED185-3D76-45E7-AC1E-E3971192260A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{57A55674-FE56-41B3-A68E-096286C29479}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{57F4857F-90A9-4FC6-B0DE-247C5F3725E8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{59E54746-558E-43CC-A58F-FF472FD92F16}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5F2CE88D-33F3-418C-92BB-259B9AD13B7F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{60C93A83-4B14-4401-B06D-6D9816D3FA8F}" = protocol=17 | dir=in | app=c:\windows\system32\dlcccoms.exe |
"{643FE081-EDE7-42CE-A2C2-CD56BD920849}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{646CC6FC-3080-4468-9498-9F5AE421DD73}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{64DD5DBF-BC09-45A8-B356-4AACB110B4B3}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{65B36A90-4435-4797-97A9-FDACDE1B5A67}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{68A72F8D-9C55-4EEC-8DFB-C82F5DB0F217}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{68E76970-5A87-4D6D-9B82-AEC57FF8C304}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6993610D-6B5C-4DD2-BEF4-1A883AF609C0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6A413839-C95F-439A-8A88-F4DB462A9844}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6C968BAC-CFFE-4780-9EA5-25FE959F2850}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6DDE8636-2727-4729-B0D9-B35C39057192}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6F6670A7-34F6-4BB5-90BF-44A8D626C684}" = protocol=6 | dir=in | app=c:\users\karen\appdata\local\temp\ranges.exe |
"{6FED77A4-9074-481E-BA51-0701B1AB5AA8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{70A1FEAD-5585-4516-9A70-0925EF03E1CB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{73FBCBD7-249B-46AE-8A2C-93A34F8087E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{77287B83-3FFE-41C5-AAAA-9E17713DEC07}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{79F6A117-2040-47C7-A086-AA4A7C6B2F63}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7B118C94-1C46-4B59-9C05-C5ED88CCCDA8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7D238C78-37F1-41B6-98EE-29C39DE1FEBD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7DAF6216-2B54-41D7-9BF0-B7A9981E09B7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{81A13463-4235-4A64-933E-87135D691E79}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |
"{8447E746-2D4A-4AD1-A19F-21A2C488C0E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{881DA3C8-E89C-4356-B6E4-6D5154C96CB3}" = dir=in | app=c:\program files (x86)\avg\avg8\avgnsa.exe |
"{886B7FD6-8648-4419-8816-CB5301190B71}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{8C775AAA-1868-48C9-97BE-6C6644CE33AA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8C9E087D-7253-4798-BE27-147A2CCFEB1E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8E6352FE-2DFB-4595-841E-6C12B916EA75}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8F1C768F-8FE3-4BFA-A1D4-A3355D05A344}" = dir=in | app=c:\program files (x86)\avg\avg8\avgdiagex.exe |
"{8FEEB913-C608-475C-A1EF-9644F23FD466}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{90D8F7EF-19AA-4A37-B5FC-E5B8A995A04C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{92731C3B-987C-4011-8B78-B1B7563746D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{94F1D82B-2B74-4E39-8D0F-7C0457B2FFD4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{963031F2-B9C8-4EAE-B7C0-A9CCCCAEAC28}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9631CD82-6F4F-4104-B908-EC89FE6674BA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{96E96C8D-A82F-46B4-9D5C-8C610521889C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9A9C2EE3-C27C-434A-BDDD-C9FF8C5B3622}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9ACC18FF-C163-47CC-9156-61521A69E16D}" = protocol=17 | dir=in | app=c:\users\karen\appdata\local\temp\ranges.exe |
"{9C09773F-9348-49D0-B5A1-32B9B3B7A35F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9CC85BD3-1679-4CC9-8D97-B9559F3EF785}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9F6FDFAC-E6A9-4BA9-BA4A-C327B4FF9D86}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A3565626-733E-48CC-91D7-9870AE2DC0B7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A44FE670-4F09-44B7-B398-D6F61AE8A4D9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A4E45496-6277-4D50-A742-C8E587506EFB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A562385C-5753-4113-907F-24D1A9B580EA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A69EDCD7-CFFB-4756-AAE7-2D711934AA1F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A6EB8E58-10D0-4482-A6E8-26D1E828E4C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B0805A80-1634-4E7A-B49A-8EBC73A66406}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B337FF38-9BEB-49C6-A42D-229429F1B6D6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B484F0DC-F64D-43C7-848E-1D7B3668B183}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B870E8D0-9E6E-4EC9-A658-9B44A803F0A6}" = protocol=17 | dir=in | app=c:\users\karen\appdata\local\temp\ranges.exe |
"{B881BBE8-25FE-43E6-85D7-A4A393A81DDA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B934B03C-C3A4-4FC1-BA4A-E14C84B8DB58}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BA562D04-84B1-4EDC-BE59-F6765EDCDAD3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BB21CC37-C632-4BA1-8440-84A4A315F1EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BDF8F839-94BF-4ED9-BFB1-BE0CA2F366B0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C0502A93-D3F1-4B70-99A6-2306ED2BB2C9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C2B3B000-5BC0-4256-BE51-15A0E95877A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C447A71C-6705-461C-A083-B47C2AC52820}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C449E8FF-3756-4972-95FD-05CA6F063334}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C522F4D1-6B5D-4E5C-A44F-0B1C232B6D32}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{C568D46B-AFDA-4C64-A999-53A79005558F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C571D24E-8063-4433-81D8-31EEFB00D2A0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C5770866-BD24-428D-9804-5DD3574C0FEB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C65B5A05-5A5B-45FB-AC71-F809BC9A1E60}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C93511BB-DB24-4B6D-A2CB-171719D4B900}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CE29D401-11E5-4D67-8854-3803FB5C5A5D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CE745CA5-D044-4805-95D4-5CB547FC87A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D159948F-C7A6-4BC3-B02D-8CCF60F17A0E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D5830729-703E-4471-A9EC-FDFABE9EB300}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D89CB89F-4E5A-4F76-85D2-8E266EEC5E6B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DD561275-A586-4A58-8851-0C1E1D43AD08}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E06A8D42-3E09-46AC-970E-0B41DDD1EB8E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E49F077E-C050-473D-9E88-070ECE1B1203}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E7BDA306-2960-4CFA-AB49-D53C87768D64}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E913323D-B8D0-4923-B436-5DCB92A72C34}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E9327543-165E-4F04-99D3-75ACA5F83B90}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EA6E5E7E-12DC-41C8-A0C6-BC9482F8DBB2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EBB76E28-C8D8-4BF3-9D89-FFB3A37D6152}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EC83C34F-2085-4E6B-A084-C3D0E8488177}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EC9B4C60-08E5-4AB0-839F-BC0951C22CC2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F041B3C4-0A36-4B5D-AA1F-B9837F751147}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F05D85C1-D65C-47EF-8128-41F77510D469}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F115F179-8D02-415F-A92B-FA5AAA6330CF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F1BCC057-5C86-42E2-9D16-129FA555314B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F1F58B1C-97B3-4950-A9B9-87929015E56D}" = protocol=6 | dir=in | app=c:\windows\system32\dlcccoms.exe |
"{F284C138-1408-41F0-838A-D84AB4F90760}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F28FC48C-5A72-4E06-9911-37D3A83DBFB0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F6D88477-503B-4282-ADC1-C07562739CBA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F8D8E9C0-F73B-4E61-9B51-70C1764E3C3A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FA0AE80C-FA71-4BBF-ACFE-35C6C25F8AE9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FE2220F5-A90D-4BE1-A02A-E0DAB32458EC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FE6B1940-1F6F-49D0-9D3D-43FC54BB499F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1BC77CEF-C52F-4092-BF87-0D4E6B86D860}" = Memeo Share
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7583D2F8-8E7D-40C5-9862-4D218006FB84}" = AVG Identity Protection
"{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81784157-3D4D-4bc1-B988-B24C32A26DA8}" = Memeo Send
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AA8B2587-7198-44E6-858D-20EA0E833C9D}" = HP Wireless Comfort Mobile Mouse
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AE8FFD41-8BFC-47D3-829E-77D23BFF09FF}" = My TOSHIBA
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}" = TOSHIBA ConfigFree
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG8Uninstall" = AVG 8.5
"BFGC" = Big Fish Games: Game Manager
"BFG-Youda Survivor" = Youda Survivor
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"EADM" = EA Download Manager
"FinalMediaPlayer_is1" = Final Media Player 2010
"Graboid Video" = Graboid Video 1.73
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Picasa2" = Picasa 2
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.10
"WildTangent toshiba Master Uninstall" = WildTangent Games

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/08/2011 7:16:20 PM | Computer Name = BOSSCOMP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 68029103

Error - 16/08/2011 11:01:34 PM | Computer Name = BOSSCOMP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 16/08/2011 11:01:34 PM | Computer Name = BOSSCOMP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 448648096

Error - 16/08/2011 11:01:34 PM | Computer Name = BOSSCOMP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 448648096

Error - 16/08/2011 11:01:50 PM | Computer Name = BOSSCOMP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 16/08/2011 11:01:50 PM | Computer Name = BOSSCOMP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 448663727

Error - 16/08/2011 11:01:50 PM | Computer Name = BOSSCOMP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 448663727

Error - 17/08/2011 4:05:10 PM | Computer Name = BOSSCOMP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 17/08/2011 4:05:10 PM | Computer Name = BOSSCOMP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 58736561

Error - 17/08/2011 4:05:10 PM | Computer Name = BOSSCOMP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 58736561

[ System Events ]
Error - 13/09/2011 8:58:04 PM | Computer Name = BOSSCOMP | Source = Service Control Manager | ID = 7024
Description =

Error - 13/09/2011 8:58:04 PM | Computer Name = BOSSCOMP | Source = Service Control Manager | ID = 7001
Description =

Error - 13/09/2011 11:00:34 PM | Computer Name = BOSSCOMP | Source = Service Control Manager | ID = 7000
Description =

Error - 13/09/2011 11:00:34 PM | Computer Name = BOSSCOMP | Source = Service Control Manager | ID = 7001
Description =

Error - 13/09/2011 11:00:34 PM | Computer Name = BOSSCOMP | Source = Service Control Manager | ID = 7024
Description =

Error - 13/09/2011 11:00:34 PM | Computer Name = BOSSCOMP | Source = Service Control Manager | ID = 7009
Description =

Error - 13/09/2011 11:00:34 PM | Computer Name = BOSSCOMP | Source = Service Control Manager | ID = 7000
Description =

Error - 13/09/2011 11:00:34 PM | Computer Name = BOSSCOMP | Source = Service Control Manager | ID = 7001
Description =

Error - 14/09/2011 12:49:23 AM | Computer Name = BOSSCOMP | Source = PlugPlayManager | ID = 12
Description = The device 'Realtek RTL8102/8103 Family PCI-E FE NIC' (PCI\VEN_10EC&DEV_8136&SUBSYS_FF001179&REV_02\4&492937f&0&00E2)
disappeared from the system without first being prepared for removal.

Error - 14/09/2011 2:53:55 PM | Computer Name = BOSSCOMP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.102 for the Network Card with network
address 001E6546F746 has been denied by the DHCP server 1.1.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >
  • 0

#24
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Using Windows Explorer please navigate to C:\Qoobox and look if there is some files named combofix.txt, combofix2.txt and similar and attach them if they exist in your next reply.

Do also this:

  • Download AntiZeroAccess to Desktop
  • Double click on it to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Type y and press enter to run the scan
  • Please post AntiZeroAccess_Log.txt contents in your next post. This file is saved in the same location as AntiZeroAccess program.

  • 0

#25
karenld

karenld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I didn't find this under qoobox, I found it under the actual combofix file in my c drive. there were no text files I could find in qoobox.
  • 0

Advertisements


#26
karenld

karenld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
As soon as I click run the entire thing disappears. My computer is not allowing me to download any new programs although I can still run the ones I already have downloaded.
  • 0

#27
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

So you didn't remove AVG before Combofix scan? You should remove it then try again with Combofix please.

Step 1

We need to temporarily remove your Anti-Virus, as it interes with the fix I want to run. You can reinstall it again later. If you are not happy about doing this, please let me know before proceding

Download AppRemover and run it.

Click Next >>
Posted Image


Ensure "Remove Security Application" is collected and click Next >>
Posted Image


AppRemover will scan all the security applications on your PC
Posted Image

Select Any AVG entries from the applications offered and click Next >> twice.
Posted Image

Follow any further on-screen instructions. If asked to reboot,please do so.

Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed


Step 2

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection
  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.
  • 0

#28
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP