Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow computer and internet [Closed]


  • This topic is locked This topic is locked

#1
sciread77

sciread77

    Member

  • Member
  • PipPip
  • 14 posts
Hi, and thanks in advance for the help. My computer is running very slow, especially on the Internet where videos and sound only play in broken pieces. The processor almost always runs at 100% capacity and I have 113 processes running at startup. The computer sometimes takes over a minute to respond to mouse clicks and instructions to change the sound can take several minutes to register as well. A quick scan with MBAM didn't find any infections. My OTL log is posted below.

OTL logfile created on: 6/3/2012 11:17:51 AM - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\brooneterz\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 48.66% Memory free
5.96 Gb Paging File | 4.40 Gb Available in Paging File | 73.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.37 Gb Total Space | 32.24 Gb Free Space | 22.97% Space Free | Partition Type: NTFS

Computer Name: BROONETERZ-PC | User Name: brooneterz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/03 11:15:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\brooneterz\Desktop\OTL.exe
PRC - [2012/05/13 15:48:41 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2012/01/17 21:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011/12/10 11:25:36 | 002,756,608 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/06/16 03:53:39 | 000,864,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/16 03:53:38 | 001,355,968 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/02/24 21:08:32 | 007,034,272 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011/02/24 21:08:32 | 001,770,400 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2009/09/29 16:21:08 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2009/09/29 16:15:44 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2009/09/29 14:29:00 | 000,356,352 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe
PRC - [2009/09/29 14:28:26 | 001,011,712 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2009/09/29 14:03:26 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2009/09/29 14:03:02 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2009/06/03 11:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files\Common Files\Teleca Shared\logger.exe
PRC - [2009/05/27 16:46:52 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
PRC - [2009/04/14 14:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/04 16:46:38 | 001,242,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
PRC - [2008/08/04 16:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2008/07/18 22:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/02 15:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/05/09 13:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/24 15:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/17 02:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 02:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 19:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/08 17:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 15:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/02/06 15:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/13 15:48:39 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/13 15:37:36 | 008,797,856 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/05/10 04:27:01 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 04:25:17 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 04:24:41 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll
MOD - [2012/05/10 04:24:18 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll
MOD - [2012/05/10 04:14:02 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 04:13:01 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/06/16 03:54:29 | 000,185,880 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
MOD - [2011/02/24 21:08:36 | 000,022,944 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2011/02/24 20:39:00 | 000,658,432 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2011/02/15 13:16:44 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2011/02/15 13:15:58 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2011/02/15 13:15:52 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2011/02/15 13:15:52 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2011/02/15 12:25:30 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/12/11 00:01:27 | 000,139,264 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/09/29 14:24:24 | 000,139,264 | R--- | M] () -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll
MOD - [2009/07/14 22:30:51 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2009/07/06 18:04:56 | 000,185,856 | R--- | M] () -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll
MOD - [2009/07/06 18:04:56 | 000,185,856 | R--- | M] () -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll
MOD - [2008/03/06 12:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2007/12/25 14:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007/12/14 23:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2007/01/11 19:33:20 | 000,106,496 | R--- | M] () -- C:\Program Files\Common Files\Teleca Shared\boost_log-vc80-mt-1_33.dll
MOD - [2006/10/10 13:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 13:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/13 16:39:43 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/13 15:48:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011/06/16 03:53:38 | 001,355,968 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/04 16:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2008/07/18 22:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/05/28 18:20:16 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 17:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/02/06 15:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 21:34:00 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - [2012/04/13 23:39:26 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/27 19:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/29 13:03:35 | 000,024,576 | ---- | M] (HTC1124 Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2010/11/08 16:29:52 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/11/08 16:29:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/06/23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/06/05 11:25:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/04/10 23:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2008/07/28 17:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/18 20:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 18:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/03/12 01:38:27 | 000,028,728 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2008/01/20 21:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008/01/20 21:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR)
DRV - [2008/01/20 21:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2008/01/20 21:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:32:51 | 000,041,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2008/01/20 21:32:51 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV - [2008/01/20 21:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:32:50 | 000,022,072 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2008/01/20 21:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:32:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2008/01/20 21:32:49 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2008/01/20 21:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:32:48 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2008/01/20 21:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:32:47 | 000,094,776 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:32:45 | 000,105,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2008/01/20 21:32:45 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2008/01/20 21:32:45 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2008/01/20 21:32:45 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2008/01/20 21:32:23 | 000,030,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2008/01/20 21:32:22 | 000,248,832 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/01/20 21:32:22 | 000,049,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/01/20 21:32:22 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008/01/20 21:32:21 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2008/01/20 21:32:21 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2008/01/20 21:32:21 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2008/01/20 21:32:21 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2008/01/20 21:32:21 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2008/01/20 21:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:32:21 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide)
DRV - [2008/01/20 21:32:21 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2008/01/20 21:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/20 21:32:21 | 000,016,440 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)
DRV - [2008/01/20 21:32:21 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2008/01/20 21:32:21 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev)
DRV - [2008/01/18 11:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/14 13:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2006/11/02 04:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 03:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 03:55:16 | 000,062,080 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2006/11/02 03:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006/11/02 03:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2006/11/02 03:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV - [2006/11/02 03:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 03:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006/11/02 03:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2006/11/02 03:51:30 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\parport.sys -- (Parport)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSHB&bmod=TSHB
IE - HKLM\..\SearchScopes,DefaultScope = {F6CAAED4-C733-4761-BD4F-CFEA33552E62}
IE - HKLM\..\SearchScopes\{F6CAAED4-C733-4761-BD4F-CFEA33552E62}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {F6CAAED4-C733-4761-BD4F-CFEA33552E62}
IE - HKCU\..\SearchScopes\{21C8BC47-1745-402A-B593-7387113170A2}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{F6CAAED4-C733-4761-BD4F-CFEA33552E62}: "URL" = http://www.google.co...1I7TSHB_enUS336
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/05 11:46:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/13 15:48:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/13 22:34:00 | 000,000,000 | ---D | M]

[2011/01/12 18:40:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\brooneterz\AppData\Roaming\Mozilla\Extensions
[2012/06/01 23:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\brooneterz\AppData\Roaming\Mozilla\Firefox\Profiles\krho621d.default\extensions
[2012/03/21 21:53:11 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\brooneterz\AppData\Roaming\Mozilla\Firefox\Profiles\krho621d.default\extensions\[email protected]
[2011/11/02 19:51:54 | 000,000,917 | ---- | M] () -- C:\Users\brooneterz\AppData\Roaming\Mozilla\Firefox\Profiles\krho621d.default\searchplugins\bingsearch.xml
[2012/01/20 19:26:28 | 000,002,281 | ---- | M] () -- C:\Users\brooneterz\AppData\Roaming\Mozilla\Firefox\Profiles\krho621d.default\searchplugins\s-amazon.xml
[2012/05/13 15:48:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/10 23:28:57 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/13 15:48:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/13 22:45:40 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/12 20:47:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/12 20:47:33 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKAIO2StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0}: DhcpNameServer = 10.1.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33A008A6-E696-464A-8C85-F41BB59A2309}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\brooneterz\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\brooneterz\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5ea94ab0-984a-11de-be11-001e33b9429f}\Shell - "" = AutoRun
O33 - MountPoints2\{5ea94ab0-984a-11de-be11-001e33b9429f}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{5ecfc04d-e561-11df-a0ba-001e33b9429f}\Shell - "" = AutoRun
O33 - MountPoints2\{5ecfc04d-e561-11df-a0ba-001e33b9429f}\Shell\AutoRun\command - "" = G:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/03 11:15:46 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\brooneterz\Desktop\OTL.exe
[2012/05/21 18:12:10 | 000,000,000 | ---D | C] -- C:\Users\brooneterz\Documents\05-21-2012
[2012/05/13 15:48:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/13 15:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/10 03:11:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/08 20:32:29 | 000,000,000 | ---D | C] -- C:\Users\brooneterz\Desktop\Taxes 2009 Courtney
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\brooneterz\Documents\*.tmp files -> C:\Users\brooneterz\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/03 11:20:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/03 11:20:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/03 11:15:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\brooneterz\Desktop\OTL.exe
[2012/06/03 10:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/03 10:36:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/03 09:27:34 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/03 09:25:47 | 099,696,927 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/06/03 09:24:07 | 000,357,381 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/06/03 09:20:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/01 23:11:30 | 3080,769,536 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/01 16:29:13 | 000,328,809 | ---- | M] () -- C:\Users\brooneterz\Desktop\outside.jpg
[2012/06/01 16:20:07 | 000,046,666 | ---- | M] () -- C:\Users\brooneterz\Desktop\pretty design for dresser.jpg
[2012/05/31 12:39:07 | 000,277,525 | ---- | M] () -- C:\Users\brooneterz\Desktop\Courtney La Chance-Denton Resume.pdf
[2012/05/31 12:30:53 | 000,076,010 | ---- | M] () -- C:\Users\brooneterz\Desktop\Courtney La Chance-Denton Maplewood-Richmond Heights School District CV.pdf
[2012/05/21 17:43:59 | 000,643,562 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/21 17:43:59 | 000,119,722 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/16 22:22:38 | 000,030,162 | ---- | M] () -- C:\Users\brooneterz\Desktop\monogram.jpg
[2012/05/16 22:16:00 | 000,175,476 | ---- | M] () -- C:\Users\brooneterz\Desktop\gunna make this picture.jpg
[2012/05/16 22:09:00 | 000,154,119 | ---- | M] () -- C:\Users\brooneterz\Desktop\living room.jpg
[2012/05/16 22:07:12 | 000,064,300 | ---- | M] () -- C:\Users\brooneterz\Desktop\foyer.jpg
[2012/05/15 21:37:52 | 000,013,421 | ---- | M] () -- C:\Users\brooneterz\Desktop\pretty curtain.jpg
[2012/05/15 21:37:29 | 000,015,413 | ---- | M] () -- C:\Users\brooneterz\Desktop\bedroom pelmet.jpg
[2012/05/15 21:36:33 | 000,062,986 | ---- | M] () -- C:\Users\brooneterz\Desktop\kitchen pelmet box.JPG
[2012/05/15 21:35:40 | 000,122,267 | ---- | M] () -- C:\Users\brooneterz\Desktop\pelmet box.jpg
[2012/05/13 18:42:10 | 000,111,811 | ---- | M] () -- C:\Users\brooneterz\Documents\2011 Tastefully Simple Profit Loss.pdf
[2012/05/10 04:07:43 | 000,424,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\brooneterz\Documents\*.tmp files -> C:\Users\brooneterz\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/01 16:29:01 | 000,328,809 | ---- | C] () -- C:\Users\brooneterz\Desktop\outside.jpg
[2012/06/01 16:13:47 | 000,046,666 | ---- | C] () -- C:\Users\brooneterz\Desktop\pretty design for dresser.jpg
[2012/05/31 12:39:07 | 000,277,525 | ---- | C] () -- C:\Users\brooneterz\Desktop\Courtney La Chance-Denton Resume.pdf
[2012/05/31 12:30:53 | 000,076,010 | ---- | C] () -- C:\Users\brooneterz\Desktop\Courtney La Chance-Denton Maplewood-Richmond Heights School District CV.pdf
[2012/05/16 22:22:22 | 000,030,162 | ---- | C] () -- C:\Users\brooneterz\Desktop\monogram.jpg
[2012/05/16 22:15:55 | 000,175,476 | ---- | C] () -- C:\Users\brooneterz\Desktop\gunna make this picture.jpg
[2012/05/16 22:08:53 | 000,154,119 | ---- | C] () -- C:\Users\brooneterz\Desktop\living room.jpg
[2012/05/16 22:07:02 | 000,064,300 | ---- | C] () -- C:\Users\brooneterz\Desktop\foyer.jpg
[2012/05/15 21:37:50 | 000,013,421 | ---- | C] () -- C:\Users\brooneterz\Desktop\pretty curtain.jpg
[2012/05/15 21:37:28 | 000,015,413 | ---- | C] () -- C:\Users\brooneterz\Desktop\bedroom pelmet.jpg
[2012/05/15 21:36:24 | 000,062,986 | ---- | C] () -- C:\Users\brooneterz\Desktop\kitchen pelmet box.JPG
[2012/05/15 21:34:58 | 000,122,267 | ---- | C] () -- C:\Users\brooneterz\Desktop\pelmet box.jpg
[2012/05/13 18:40:52 | 000,111,811 | ---- | C] () -- C:\Users\brooneterz\Documents\2011 Tastefully Simple Profit Loss.pdf
[2012/05/13 15:37:47 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/12/02 13:52:24 | 000,001,056 | ---- | C] () -- C:\Windows\System32\EKaio2WiaCoInst.ini
[2011/08/01 13:22:15 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/04/16 19:55:56 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/01/12 18:39:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/12 16:00:28 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/12/12 15:47:58 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll

========== LOP Check ==========

[2009/07/22 22:32:18 | 000,000,000 | ---D | M] -- C:\Users\brooneterz\AppData\Roaming\acccore
[2010/12/12 15:27:46 | 000,000,000 | ---D | M] -- C:\Users\brooneterz\AppData\Roaming\Atari
[2010/10/31 21:00:15 | 000,000,000 | ---D | M] -- C:\Users\brooneterz\AppData\Roaming\AVG10
[2010/10/05 10:46:12 | 000,000,000 | ---D | M] -- C:\Users\brooneterz\AppData\Roaming\CoffeeCup Software
[2009/10/12 09:21:47 | 000,000,000 | ---D | M] -- C:\Users\brooneterz\AppData\Roaming\Enki Games
[2011/03/23 23:37:16 | 000,000,000 | ---D | M] -- C:\Users\brooneterz\AppData\Roaming\GetRightToGo
[2010/12/12 15:48:03 | 000,000,000 | ---D | M] -- C:\Users\brooneterz\AppData\Roaming\Leadertech
[2011/05/08 21:04:06 | 000,000,000 | ---D | M] -- C:\Users\brooneterz\AppData\Roaming\OpenOffice.org
[2009/07/22 22:32:39 | 000,000,000 | ---D | M] -- C:\Users\brooneterz\AppData\Roaming\QQ Games Plugin
[2010/11/29 13:35:11 | 000,000,000 | ---D | M] -- C:\Users\brooneterz\AppData\Roaming\Teleca
[2012/01/02 13:07:31 | 000,000,000 | ---D | M] -- C:\Users\brooneterz\AppData\Roaming\Temp
[2009/10/01 16:17:09 | 000,000,000 | ---D | M] -- C:\Users\brooneterz\AppData\Roaming\Template
[2012/03/18 13:12:02 | 000,000,000 | ---D | M] -- C:\Users\brooneterz\AppData\Roaming\uTorrent
[2009/07/14 19:43:49 | 000,000,000 | ---D | M] -- C:\Users\brooneterz\AppData\Roaming\WildTangent
[2012/06/01 22:57:20 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/15 05:06:02 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3031D7E3-AB3B-4057-AD92-1A79CCB20545}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:6017A808
@Alternate Data Stream - 1355 bytes -> C:\ProgramData\TEMP:EA27AABF
@Alternate Data Stream - 1291 bytes -> C:\ProgramData\TEMP:8221B684
@Alternate Data Stream - 1269 bytes -> C:\ProgramData\TEMP:254C101B

< End of report >
  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Geeks to Go. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Vista Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Security Application Check:

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1
Link 2

  • Right-click SecurityCheck.exe and select Run as Administrator then follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document in your next reply.
Re-scan with OTL:

Please delete your current version of OTL and all logs, then empty the Recycle Bin.

Then download a new version of OTL and save it to your Desktop.

Alternate downloads are here and here.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • SecurityCheck Log.
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#3
sciread77

sciread77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
The computer is still running very slow, and on occasion I have to just restart it to get anything done (like running the scans). It has been somewhat better after disabling automatic updates in Windows but is still almost unusably slow.

Checkup.txt

Results of screen317's Security Check version 0.99.41
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 31
Java™ 6 Update 6
Java version out of date!
Adobe Flash Player 11.3.300.257
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (13.0)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````
  • 0

#4
sciread77

sciread77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL.txt

OTL logfile created on: 6/15/2012 11:50:15 PM - Run 3
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\brooneterz\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 54.21% Memory free
5.96 Gb Paging File | 4.71 Gb Available in Paging File | 78.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.37 Gb Total Space | 37.71 Gb Free Space | 26.87% Space Free | Partition Type: NTFS

Computer Name: BROONETERZ-PC | User Name: brooneterz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\brooneterz\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\brooneterz\Desktop\SecurityCheck.exe ()
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)
PRC - C:\Program Files\Common Files\Teleca Shared\Generic.exe (Teleca AB)
PRC - C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe (Teleca)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe (Teleca Sweden AB)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe (Teleca Sweden AB)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe (TODO: <Company name>)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe (Teleca AB)
PRC - C:\Program Files\Common Files\Teleca Shared\logger.exe (Popwire AB)
PRC - C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
PRC - C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe (Teleca Sweden AB)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Users\brooneterz\Desktop\SecurityCheck.exe ()
MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()
MOD - C:\Windows\System32\CmdLineExt03.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll ()
MOD - C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll ()
MOD - C:\Program Files\Toshiba\FlashCards\BlackPng.dll ()
MOD - C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll ()
MOD - C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Program Files\Common Files\Teleca Shared\boost_log-vc80-mt-1_33.dll ()
MOD - C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater11.1.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (AffinegyService) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (TMachInfo) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ConfigFree Service) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (jswpsapi) -- C:\Program Files\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (IO_Memory) -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC1124 Inc)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
DRV - (SVRPEDRV) -- C:\Windows\System32\sysprep\PEDRV.SYS (Inventec Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSHB&bmod=TSHB
IE - HKLM\..\SearchScopes,DefaultScope = {F6CAAED4-C733-4761-BD4F-CFEA33552E62}
IE - HKLM\..\SearchScopes\{F6CAAED4-C733-4761-BD4F-CFEA33552E62}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4229604500-3487303875-4101604920-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE - HKU\S-1-5-21-4229604500-3487303875-4101604920-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
IE - HKU\S-1-5-21-4229604500-3487303875-4101604920-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4229604500-3487303875-4101604920-1000\..\SearchScopes,DefaultScope = {F6CAAED4-C733-4761-BD4F-CFEA33552E62}
IE - HKU\S-1-5-21-4229604500-3487303875-4101604920-1000\..\SearchScopes\{21C8BC47-1745-402A-B593-7387113170A2}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKU\S-1-5-21-4229604500-3487303875-4101604920-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-06-10 13:08:13&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-4229604500-3487303875-4101604920-1000\..\SearchScopes\{F6CAAED4-C733-4761-BD4F-CFEA33552E62}: "URL" = http://www.google.co...1I7TSHB_enUS336
IE - HKU\S-1-5-21-4229604500-3487303875-4101604920-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..keyword.URL: "http://isearch.avg.c...8:13&sap=ku&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/06/11 10:30:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/10 13:06:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/06/10 13:08:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/07 12:32:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/10 11:51:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/07 12:32:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/10 11:51:37 | 000,000,000 | ---D | M]

[2011/01/12 18:40:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\brooneterz\AppData\Roaming\Mozilla\Extensions
[2012/06/01 23:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\brooneterz\AppData\Roaming\Mozilla\Firefox\Profiles\krho621d.default\extensions
[2012/03/21 21:53:11 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\brooneterz\AppData\Roaming\Mozilla\Firefox\Profiles\krho621d.default\extensions\[email protected]
[2011/11/02 19:51:54 | 000,000,917 | ---- | M] () -- C:\Users\brooneterz\AppData\Roaming\Mozilla\Firefox\Profiles\krho621d.default\searchplugins\bingsearch.xml
[2012/01/20 19:26:28 | 000,002,281 | ---- | M] () -- C:\Users\brooneterz\AppData\Roaming\Mozilla\Firefox\Profiles\krho621d.default\searchplugins\s-amazon.xml
[2012/05/13 15:48:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/10 23:28:57 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/10 13:06:17 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/06/10 13:08:30 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7
[2012/06/07 12:32:19 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/13 22:45:40 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/10 13:07:58 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/12 20:47:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/12 20:47:33 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-4229604500-3487303875-4101604920-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-4229604500-3487303875-4101604920-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKAIO2StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4229604500-3487303875-4101604920-1000..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-4229604500-3487303875-4101604920-1000..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33A008A6-E696-464A-8C85-F41BB59A2309}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\brooneterz\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\brooneterz\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5ea94ab0-984a-11de-be11-001e33b9429f}\Shell - "" = AutoRun
O33 - MountPoints2\{5ea94ab0-984a-11de-be11-001e33b9429f}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{5ecfc04d-e561-11df-a0ba-001e33b9429f}\Shell - "" = AutoRun
O33 - MountPoints2\{5ecfc04d-e561-11df-a0ba-001e33b9429f}\Shell\AutoRun\command - "" = G:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/15 23:54:42 | 000,000,000 | ---D | C] -- C:\Users\brooneterz\AppData\Local\Macromedia
[2012/06/11 10:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/06/10 13:11:32 | 000,000,000 | ---D | C] -- C:\Users\brooneterz\AppData\Roaming\AVG2012
[2012/06/10 13:09:06 | 000,000,000 | ---D | C] -- C:\Users\brooneterz\AppData\Local\AVG Secure Search
[2012/06/10 13:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/06/10 13:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/06/10 13:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/06/10 13:06:09 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/06/10 13:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/06/03 17:10:08 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/05/21 18:12:10 | 000,000,000 | ---D | C] -- C:\Users\brooneterz\Documents\05-21-2012
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\brooneterz\Documents\*.tmp files -> C:\Users\brooneterz\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/15 23:39:25 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/15 23:39:05 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/15 23:38:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 23:38:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 23:38:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/15 23:38:36 | 3082,817,536 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/15 23:36:21 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/15 23:05:19 | 100,470,954 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/06/15 23:04:02 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/15 23:04:02 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/15 07:00:30 | 000,853,862 | ---- | M] () -- C:\Users\brooneterz\Desktop\SecurityCheck.exe
[2012/06/12 20:52:38 | 000,020,813 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/06/12 14:13:33 | 000,055,096 | ---- | M] () -- C:\Users\brooneterz\Desktop\graduation_commentbuddy_021.gif
[2012/06/11 10:30:40 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/10 11:51:37 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/06/07 13:01:13 | 261,339,223 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/06 17:35:05 | 000,074,623 | ---- | M] () -- C:\Users\brooneterz\Desktop\Courtney La Chance-Denton Ritenour CL.pdf
[2012/06/05 11:18:56 | 000,069,924 | ---- | M] () -- C:\Users\brooneterz\Desktop\Tina Croghan LOR.pdf
[2012/06/03 17:10:08 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/06/01 16:29:13 | 000,328,809 | ---- | M] () -- C:\Users\brooneterz\Desktop\outside.jpg
[2012/06/01 16:20:07 | 000,046,666 | ---- | M] () -- C:\Users\brooneterz\Desktop\pretty design for dresser.jpg
[2012/05/31 12:39:07 | 000,277,525 | ---- | M] () -- C:\Users\brooneterz\Desktop\Courtney La Chance-Denton Resume.pdf
[2012/05/31 12:30:53 | 000,076,010 | ---- | M] () -- C:\Users\brooneterz\Desktop\Courtney La Chance-Denton Maplewood-Richmond Heights School District CV.pdf
[2012/05/21 17:43:59 | 000,643,562 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/21 17:43:59 | 000,119,722 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\brooneterz\Documents\*.tmp files -> C:\Users\brooneterz\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/15 06:59:52 | 000,853,862 | ---- | C] () -- C:\Users\brooneterz\Desktop\SecurityCheck.exe
[2012/06/12 14:13:18 | 000,055,096 | ---- | C] () -- C:\Users\brooneterz\Desktop\graduation_commentbuddy_021.gif
[2012/06/10 13:08:37 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/06 17:34:53 | 000,074,623 | ---- | C] () -- C:\Users\brooneterz\Desktop\Courtney La Chance-Denton Ritenour CL.pdf
[2012/06/05 11:18:56 | 000,069,924 | ---- | C] () -- C:\Users\brooneterz\Desktop\Tina Croghan LOR.pdf
[2012/06/01 16:29:01 | 000,328,809 | ---- | C] () -- C:\Users\brooneterz\Desktop\outside.jpg
[2012/06/01 16:13:47 | 000,046,666 | ---- | C] () -- C:\Users\brooneterz\Desktop\pretty design for dresser.jpg
[2012/05/31 12:39:07 | 000,277,525 | ---- | C] () -- C:\Users\brooneterz\Desktop\Courtney La Chance-Denton Resume.pdf
[2012/05/31 12:30:53 | 000,076,010 | ---- | C] () -- C:\Users\brooneterz\Desktop\Courtney La Chance-Denton Maplewood-Richmond Heights School District CV.pdf
[2011/12/02 13:52:24 | 000,001,056 | ---- | C] () -- C:\Windows\System32\EKaio2WiaCoInst.ini
[2011/08/01 13:22:15 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/04/16 19:55:56 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/01/12 18:39:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/12 16:00:28 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/12/12 15:47:58 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:6017A808
@Alternate Data Stream - 1355 bytes -> C:\ProgramData\TEMP:EA27AABF
@Alternate Data Stream - 1291 bytes -> C:\ProgramData\TEMP:8221B684
@Alternate Data Stream - 1269 bytes -> C:\ProgramData\TEMP:254C101B

< End of report >
  • 0

#5
sciread77

sciread77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Extras.txt

OTL Extras logfile created on: 6/15/2012 7:10:11 AM - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\brooneterz\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 38.62% Memory free
5.97 Gb Paging File | 3.85 Gb Available in Paging File | 64.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.37 Gb Total Space | 38.49 Gb Free Space | 27.42% Space Free | Partition Type: NTFS

Computer Name: BROONETERZ-PC | User Name: brooneterz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4229604500-3487303875-4101604920-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A3A8D0-E0F1-4665-A04C-51B6C1212FE0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0ABB5DAA-52B1-4731-B339-CA77B69A3266}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{0B95C30D-0606-4B0D-840E-3BEBDEFFEDBE}" = lport=445 | protocol=6 | dir=in | app=system |
"{12C123DB-87A0-4227-86D9-FAF40CEFABC8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{19F2317B-9055-4C39-8DC9-A525321830E7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{1EE2B4D7-4DCC-4ED8-AC65-B4C097ADD8C9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{23993105-0A71-4160-902F-06DA2DACE363}" = lport=138 | protocol=17 | dir=in | app=system |
"{2B4C5340-AB01-4205-A8C7-6D81A96E51AC}" = lport=139 | protocol=6 | dir=in | app=system |
"{363CA10C-26A1-4242-AF6D-56BC70721568}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{45BCF872-EB95-4D52-8027-299312BC24B6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45D2F6EE-A0FA-4AF1-9132-9176E51F980D}" = rport=139 | protocol=6 | dir=out | app=system |
"{4968FAEB-6FC2-4816-9045-BAFEB6FC70EF}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{50806FAD-EE55-4786-9DB3-FB46647CD86F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{54F4E04A-8632-4FE4-88C3-C3F42FD3DE82}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{73195A3F-1B3F-459F-B0D8-7C9CE9F7E640}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F286543-9FD9-46D6-A69E-C459A7B134B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{99700CB9-050E-488D-86E2-6E4DB8ED0F7E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6A670C0-5541-4435-AF15-C1DA3CFB2890}" = rport=138 | protocol=17 | dir=out | app=system |
"{C7A0A274-2617-4959-81DB-0B8764C20C81}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C9C5EACF-05C5-41DD-88D5-47FC6AA1975E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CFEB8DCC-C837-4403-956B-E297856E5373}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D0D1FFA3-63D0-40DD-8062-19FCF4A19380}" = rport=137 | protocol=17 | dir=out | app=system |
"{DE9B3630-A929-4651-882C-B7C4DC154BAD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{DEB269E1-9686-4432-AC9D-50E8EA622AA0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F9E7B1F8-ACB2-4549-A46E-5FA0CA65E438}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FACD426A-EA7D-460D-B17C-9C1AA7C2E93C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FBA3D703-868C-4DB0-B531-82C8186B605E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FBBA0ADD-28B5-4117-B1B5-60E02DBD1DB1}" = rport=445 | protocol=6 | dir=out | app=system |
"{FBF874AF-5690-43C7-A09A-89E9021490F8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FEB4C758-0049-422A-B4B6-32139CDA9423}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FEC4BF08-CCFB-4716-A1BA-A8719C8D22E0}" = lport=137 | protocol=17 | dir=in | app=system |
"{FEC92F1E-A300-4524-97A2-868EC1D2BFB0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C247C0-2D82-45FB-BD04-0F7DA6CD0B21}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{02356206-49EE-41B7-87D3-C6325217BECF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{080DC0C9-7B99-4C64-AFA4-4E1E824E5668}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{0BFF1AAB-1296-46E2-9B28-8BEFE07CC706}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{0DFBC872-44AA-4FD3-8827-65313655983D}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{15C4D956-0EF7-41DA-BB8E-C8529B6C1330}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{189B4931-804E-4848-B4EF-E80DFC8729FD}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{1FAA6D96-3786-4053-8591-200B182C629B}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{2531392C-C96B-402B-9877-040E6CF69507}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{25EBC8EF-3438-4F41-BB86-6AF3934A1C11}" = protocol=1 | dir=in | [email protected],-28543 |
"{268168BC-E82E-4C75-A248-AE1A1018E586}" = protocol=58 | dir=out | [email protected],-28546 |
"{318A8E88-79E6-47E0-8A4E-D7487A9CDA30}" = protocol=58 | dir=in | [email protected],-28545 |
"{32A23758-7347-48F1-B540-D575A5E8210E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{39EBB4C7-62AF-4211-AE0B-EC616E6536BC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{39F0E570-2DA4-4BE1-A582-F2CA5DB0289A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{3EF88841-B341-4A5D-B3FF-28D7991A3EBF}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{494C44E6-275B-4737-A442-64F39E472271}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{4AEC6F8B-DAF7-4F04-9D9C-CCD9CA481909}" = protocol=1 | dir=out | [email protected],-28544 |
"{4B2E641C-0D64-45A0-8641-3CE50A6D3ED1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4E5581C8-A512-4596-A8BB-867583E67E83}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{4F19F2A4-9B58-4EF1-AD53-82ADD5C81A2F}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{515540C3-5113-4C4D-A20D-0F0760CA1D0E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{51E295B9-E4DD-441F-848A-4EB3A108F401}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{51FA7C5F-C02B-45F3-8263-F238F505FD3E}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{657C94E5-9DA1-4692-9742-14E3C30A3260}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6B04314B-155E-4617-80DA-C5225EC3E4E8}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{6D2DD4BF-7BD1-4A32-BE6A-B576F466ADD7}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{70E4D1E3-5957-4B74-84E8-7A5B8F48A38A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{70F9EA12-6EE7-4274-A641-9886BBC56081}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{72B74685-2B3C-471F-A144-B26F447EEBBD}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{73256402-1CA9-4EE5-B961-43087EB1AAF0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75A1FB3C-E304-4672-A2AF-43F57FE1B1FC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{75B4F77D-7C4A-4703-89AC-6E2F5A77BF14}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{78C8605E-6946-4E2B-8712-03A4028B26B5}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{7C88D842-9B4F-4E02-957F-24BB250E6EF7}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{842A1812-0181-49A5-B607-F22D4D1983CE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92A2DC97-ABED-4FDF-871D-7DAE8D9B75F0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{935A13C9-CE4A-4505-8B40-6228DA4BBC0B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{98F85EE0-37D4-4729-908A-CC233D7093C0}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A92A556A-BA57-44AA-9F86-DB05070AF21F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{ABFF9436-1CB4-4787-959F-452CA6E798CA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD3DE81B-5F0D-4906-86BB-E268E0CA13F2}" = protocol=6 | dir=out | app=system |
"{AEA4FBC8-1C38-4B36-8A6B-1835EAE73B2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AFE4DA38-44C0-4671-B19D-1500BE9AF870}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B42C7674-76F2-40DA-94AB-71AA0EB859F5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{BA705A4F-D311-4611-A8D8-8935BBEE335D}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{C058589F-62A3-41EC-B1B4-CBE93E04B63B}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{CA8C8513-986C-453E-A9D0-F13937231B9A}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{CDDECC30-7A2F-4F89-8D1F-4D5063B683F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CFDF0928-B430-475D-A793-308E9E9958DA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{D1FC7560-83FC-4A1B-92A2-05AC996F3884}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{D3AF86B8-D328-47D4-8ED4-D37045F1450F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{D5C5AEF1-EE54-410E-AA28-34B21909A844}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{D80C376D-FEF8-4712-B5E9-C460E55A372A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E06B9ACA-A1C8-4615-A41C-101A23F94D34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E3F0AC75-7848-47DA-8CAE-BB7123BB3C22}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E476BB72-7B7A-4575-AC55-5B01B158FEDA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EDCDD019-8526-4807-92AC-53E19C62871F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EDFCAC7A-01C5-4F7B-AC1E-377A7076D5D6}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{F39441B2-6FC3-4F62-B10A-7BF2097E7412}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{F3A78CC4-F631-4B76-A126-220A5D58CB18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F487A31D-6AE7-4E43-8C0F-892A8082B7C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8121E0E-C8A4-40D7-892C-1D6D8C125555}" = dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{F8FAC68E-9A83-492D-A5C4-E0452BE428E6}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{FC5C683D-4F2A-44DA-BFE6-07554B298E46}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{FFA3BAA7-E9BE-4092-94B4-9177A37AB66E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"TCP Query User{4F4CF1FD-3E8A-49CF-8F4B-0195F4DD6503}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{7D251E32-9B0C-4763-A56B-247090B4DCAA}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{E23CA1B0-F4D9-4976-A7EE-FA022F14D6CC}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{053929AA-6FC7-4ED3-B524-840EE84CF5BE}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{69D44474-85C3-4000-9B22-E194BC5DA2F3}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{6CD31605-7DF0-45B9-ADCE-F9C5B0575108}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CC21836-A5D6-4641-B4AE-6FA01D021E41}" = The Sims Medieval Pirates and Nobles
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0DD87998-B8EA-4CE1-B636-8D2B68B0D498}" = eBook: Speech Communication: Content Knowledge Study Guide
"{0EB768CD-EF48-4C66-8BCB-2DA8166B2654}" = GradeQuick Web Plugin
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BC2218D-83D1-4D76-9560-032FEBEA830A}" = eBook: Principles of Learning and Teaching (PLT) Study Guide
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7CC0FE6B-D32D-4536-A7A8-992596A572B4}" = eBook: English Language, Literature, and Composition Content Knowledge Practice Test
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99D518AB-77F2-405B-B52A-18FC22394CF8}" = NetZero Internet Access Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACC6A520-8D5A-44C0-B163-0EB50E9DF942}" = eBook: English Language, Literature, and Composition: Content Knowledge
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{BCF75973-29C2-4245-80E3-B3C2B7E7548B}" = AVG 2012
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C6A09671-93A6-4548-9FAE-3BF21EB9C921}" = AVG 2012
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5AF36E3-D72D-4E30-AB64-48A98BDDEE73}" = HTC Sync
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{EB429B99-EC3C-4825-9B90-2B50FA361B02}" = eBook: The Praxis Series Official Guide, Second Edition
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG" = AVG 2012
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"BFGC" = Big Fish Games Client
"BFG-Reincarnations - Awakening" = Reincarnations: Awakening
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FormatFactory" = FormatFactory 2.70
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Rosetta Stone" = The Rosetta Stone
"Titanic" = Titanic
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.1
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 beta 2 (32-bit)
"Yahoo! Mail" = att.net Internet Mail
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4229604500-3487303875-4101604920-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WeatherTAP.com - RadarLab HD" = WeatherTAP.com - RadarLab HD

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/7/2012 1:27:13 PM | Computer Name = brooneterz-PC | Source = VSS | ID = 8193
Description =

Error - 6/7/2012 1:27:13 PM | Computer Name = brooneterz-PC | Source = EventSystem | ID = 4609
Description =

Error - 6/7/2012 1:27:13 PM | Computer Name = brooneterz-PC | Source = VSS | ID = 19
Description =

Error - 6/7/2012 1:27:13 PM | Computer Name = brooneterz-PC | Source = VSS | ID = 8193
Description =

Error - 6/7/2012 1:37:00 PM | Computer Name = brooneterz-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/7/2012 1:46:16 PM | Computer Name = brooneterz-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/7/2012 1:48:38 PM | Computer Name = brooneterz-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/7/2012 2:02:02 PM | Computer Name = brooneterz-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/10/2012 1:32:42 PM | Computer Name = brooneterz-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 6/10/2012 1:52:07 PM | Computer Name = brooneterz-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 2/25/2010 5:17:33 AM | Computer Name = brooneterz-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 470302
seconds with 420 seconds of active time. This session ended with a crash.

Error - 7/21/2010 8:37:00 PM | Computer Name = brooneterz-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 414846
seconds with 14700 seconds of active time. This session ended with a crash.

Error - 11/29/2010 2:35:44 PM | Computer Name = brooneterz-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/7/2012 1:59:36 PM | Computer Name = brooneterz-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 6/7/2012 1:59:36 PM | Computer Name = brooneterz-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 6/7/2012 1:59:36 PM | Computer Name = brooneterz-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 6/7/2012 1:59:36 PM | Computer Name = brooneterz-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 6/7/2012 1:59:43 PM | Computer Name = brooneterz-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 6/7/2012 2:01:35 PM | Computer Name = brooneterz-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:59:40 PM on 6/7/2012 was unexpected.

Error - 6/10/2012 12:51:15 PM | Computer Name = brooneterz-PC | Source = DCOM | ID = 10005
Description =

Error - 6/10/2012 12:51:15 PM | Computer Name = brooneterz-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 6/10/2012 12:51:15 PM | Computer Name = brooneterz-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/14/2012 10:03:49 AM | Computer Name = brooneterz-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >
  • 0

#6
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

The computer is still running very slow, and on occasion I have to just restart it to get anything done (like running the scans).

OK.

It has been somewhat better after disabling automatic updates in Windows but is still almost unusably slow.

Normally this would be far from ideal but in this instance not a problem, do however ensure you re-enable once I give the all clear.

Peer to Peer Advice:

I see you have µTorrent installed...

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
It's also very important to avoid any "cracks" or "Keygens" that allow unauthorized use of programs. Besides being illegal, these files also are loaded with "planted" malware.

My advice would be to uninstall µTorrent. However if you opt not to please refrain from using it for the duration of the malware removal process, thank you.

Ensure Windows Defender is Disabled:

  • Launch Windows Defender via Start(Vista Orb), Control Panel, Windows Defender and go to Tools >> Options.
  • There will be a list of configuration options.
  • Scroll down to the end of the list to Administrator options.
  • Deselect the Use Windows Defender box and press the Save button.
  • Now you will receive a notification saying that Windows Defender is turned off.
  • Click on Save then Close on the Notification that appears.
A graphical tutorial explaining the above can be viewed here.

You may re-enable this when I give the all clear, though personally I would leave it disabled as it is not a particularly effective application and unfortunately it cannot be uninstalled because it is a integral part of the Vista Operating System.

Next:

Now please go to Start(Vista Orb) >> Control Panel >> Programs and Features and remove the following (if present):

Ad-Aware <-- Far from effective and a waste of installation space.
Ad-Aware Email Scanner for Outlook <-- As above, plus you do have AVG installed anyway.
Adobe Reader 9.5.1 <-- We will update this in due course.
Java™ 6 Update 6 <-- As above.
Java™ 6 Update 31
Viewpoint <-- Has undesirable characteristics. If not present in Programs and Features, merely inform myself of such.

To do so click once on each of the above to highlight, then click on Uninstall/Change and follow the prompts.

Reset Vista SP2 Firewall:

Click on Start(Vista Orb) >> Run... and cut/paste in the following and click on OK
firewall.cpl
Or Start(Vista Orb) >> Control Panel >> Windows Firewall

Click on the Change Settings >> Advanced >> Restore Defaults >> At the prompt click on Yes >> OK

Now click back on Change Settings again >> General >> and select On(recommended) >> Apply >> OK.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Right-click TFC.exe and select Run as Administrator to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Check Hard Disk For Errors:

  • Open Notepad.
  • Copy and Paste everything from the Quote Box(do not copy the word quote) below into Notepad: <-- Start >> Run... type in notepad and select OK

@echo off
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
del %0

  • Go to File >> Save As
  • Save File name as "Dakeyras.bat" <-- Make sure to include the quotes.
  • Change Save as Type to All Files and save the file to your Desktop.
  • It should look similar to this: Posted Image
Now right-click on the desktop Dakeyras.bat and select Run as Administrator to run the batch file. It will self-delete when completed.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file in your next reply.

Scan with RogueKiller:

Please download RogueKiller to your desktop

Alternate download is here.

  • Quit all running programs
  • Right-click on RogueKiller.exe and select Run as Administrator to start the application.
  • Let the pre-scan complete, then click on the Scan tab
  • The RKreport.txt shall be generated next to the executable along with a zip file named RK_Quarantine.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
  • 0

#7
sciread77

sciread77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I am having difficulty removing the listed programs. When I try to uninstall I get a popup that states that "The system administrator has set policies to prevent this installation." Any suggestions as to how I should proceed?

Thanks.
  • 0

#8
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

I am having difficulty removing the listed programs. When I try to uninstall I get a popup that states that "The system administrator has set policies to prevent this installation." Any suggestions as to how I should proceed?

This particular error can be due to a myriad of issues unfortunately, we will try two quick relatively easy methods for now and then once I am satisfied malware is not a issue with your machine we can come back and address this particular problem in its entirety.

So firstly, try booting your machine into Safe Mode and then check if you can uninstall what I advised.

How to boot into Safe Mode:

Reboot(restart) your machine and during the POST(Power On Self Test) sequence continually depress Function Key 8(F8) to bring up the Advanced Boot Options screen.

Use the arrow keys to scroll down and select Safe Mode and hit the Enter/Return key.

Next:

If no success via Safe Mode carry out the below:-

Create the below two batch files and save them to your Desktop...

  • Open Notepad.
  • Copy and Paste everything from the Quote-Box(do not copy the word quote) below into Notepad: <-- Start >> Run... type in notepad and select OK

@echo off
net user administrator /active:yes
del %0

  • Go to File >> Save As
  • Save File name as "Admin1.bat" <-- Make sure to include the quotes.
  • Change Save as Type to All Files and save the file to your Desktop.
Then:-

  • Open Notepad again.
  • Copy and Paste everything from the Quote-Box(do not copy the word quote) below into Notepad:

@echo off
net user administrator /active:no
del %0

  • Go to File >> Save As
  • Save File name as "Admin2.bat" <-- Make sure to include the quotes.
  • Change Save as Type to All Files and save the file to your Desktop.
Now right-click on the desktop Admin1.bat and select Run as Administrator to run the batch file. It will self-delete when completed.

Then click on Start(Vista Orb) >> Log off

You should see two users accounts available, yours and one named Administrator, logon to the Administrator account...

Once the Administrator account has loaded up, uninstall what I advised prior, then click on Start(Vista Orb) >> Log off

Log back into your user account and...

Right-click on the desktop Admin2.bat and select Run as Administrator to run the batch file. It will self-delete when completed.

Next:

If either of the above proved to be successful with uninstalling, proceed with my prior instructions in post #6 from Reset Vista SP2 Firewall onwards.

However do let myself know in your next reply which methodology worked for uninstalling as this will bare some relevance for when we come to address the issue overall.

Note: In the event neither of the above proved successful, merely carry on with my prior instructions in post #6 from Reset Vista SP2 Firewall onwards and inform myself in your next reply the aforementioned did not work etc.
  • 0

#9
sciread77

sciread77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
checkhd.txt

The type of the file system is NTFS.
Volume label is SQ004981V02.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
1360 large file records processed.

0 bad file records processed.

0 EA records processed.

77 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...



------

RKreport

RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: Scan -- Date: 06/19/2012 22:24:30

¤¤¤ Bad processes: 1 ¤¤¤
[RANDOMNAME] EKAiO2MUI.exe -- C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 3 ¤¤¤
[RANDOMNAME] HKLM\[...]\Run : EKAIO2StatusMonitor (C:\Windows\system32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[181] : NtNotifyChangeKey @ 0x821D0609 -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0x974B8004)
SSDT[182] : NtNotifyChangeMultipleKeys @ 0x821CFA81 -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0x974B80D4)
SSDT[194] : NtOpenProcess @ 0x82231FAE -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0x974B7D76)
SSDT[334] : NtTerminateProcess @ 0x82202143 -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0x974B7E1E)
SSDT[335] : NtTerminateThread @ 0x8222D534 -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0x974B7EBA)
SSDT[358] : NtWriteVirtualMemory @ 0x8221E92D -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0x974B7F56)
S_SSDT[397] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0x974B859E)
S_SSDT[428] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0x974B850A)
S_SSDT[430] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0x974B854A)
S_SSDT[573] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0x974B849C)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543216L9SA00 +++++
--- User ---
[MBR] 83e084d363d02dd91b3edf71f963059c
[BSP] c8df17ab07f696c9e7a3154dd4e3b14c : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 143737 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 297447424 | Size: 7389 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#10
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

My apologies for the delay on my behalf....

It would be of assistance for myself if you actually did inform me what methodology worked for uninstalling etc.

Next:

OTL has been recently updated so please delete the version you have and all logs then empty the Recycle Bin and we will go from there, thank you.

Note: For downloading and how to run OTL follow my prior instructions in post #2(Re-scan with OTL).
  • 0

Advertisements


#11
sciread77

sciread77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
To uninstall I had to create the new administrator profile, then I used the usual Windows programs and features for the uninstall. I apologize for the delay myself, we just moved and had internet service installed today.

OTL.txt

OTL logfile created on: 6/23/2012 6:09:01 PM - Run 4
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\Administrator\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 50.04% Memory free
5.96 Gb Paging File | 4.29 Gb Available in Paging File | 72.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.37 Gb Total Space | 37.28 Gb Free Space | 26.56% Space Free | Partition Type: NTFS

Computer Name: BROONETERZ-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe (Eastman Kodak Company)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
PRC - C:\Program Files\Common Files\Teleca Shared\Generic.exe (Teleca AB)
PRC - C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe (Teleca)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe (Teleca Sweden AB)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe (Teleca Sweden AB)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe (TODO: <Company name>)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe (Teleca AB)
PRC - C:\Program Files\Common Files\Teleca Shared\logger.exe (Popwire AB)
PRC - C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
PRC - C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe (Teleca Sweden AB)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\mcbuilder.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wsqmcons.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()
MOD - C:\Windows\System32\CmdLineExt03.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll ()
MOD - C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll ()
MOD - C:\Program Files\Toshiba\FlashCards\BlackPng.dll ()
MOD - C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll ()
MOD - C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Program Files\Common Files\Teleca Shared\boost_log-vc80-mt-1_33.dll ()
MOD - C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater11.1.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (AffinegyService) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (TMachInfo) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ConfigFree Service) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (jswpsapi) -- C:\Program Files\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (IO_Memory) -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys File not found
DRV - (TrueSight) -- C:\Windows\System32\drivers\TrueSight.sys ()
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC1124 Inc)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
DRV - (SVRPEDRV) -- C:\Windows\System32\sysprep\PEDRV.SYS (Inventec Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSHB&bmod=TSHB
IE - HKLM\..\SearchScopes,DefaultScope = {F6CAAED4-C733-4761-BD4F-CFEA33552E62}
IE - HKLM\..\SearchScopes\{F6CAAED4-C733-4761-BD4F-CFEA33552E62}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4229604500-3487303875-4101604920-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE - HKU\S-1-5-21-4229604500-3487303875-4101604920-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSHB&bmod=TSHB
IE - HKU\S-1-5-21-4229604500-3487303875-4101604920-500\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-4229604500-3487303875-4101604920-500\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-06-10 13:08:13&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-4229604500-3487303875-4101604920-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/06/11 10:30:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/10 13:06:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/06/10 13:08:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/18 00:24:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/10 11:51:37 | 000,000,000 | ---D | M]

[2012/06/19 20:33:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2012/06/23 18:00:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wbyvusld.default\extensions
[2012/05/13 15:48:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/10 23:28:57 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/18 00:24:44 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/13 22:45:40 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/10 13:07:58 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/12 20:47:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/12 20:47:33 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKAIO2StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4229604500-3487303875-4101604920-500..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O7 - HKU\S-1-5-21-4229604500-3487303875-4101604920-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33A008A6-E696-464A-8C85-F41BB59A2309}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/23 18:07:46 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/06/23 17:58:28 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/23 17:58:27 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/23 17:57:06 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/23 17:57:06 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/19 22:33:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Eastman Kodak Company
[2012/06/19 22:10:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\RK_Quarantine
[2012/06/19 21:33:33 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\TFC.exe
[2012/06/19 21:06:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2012/06/19 20:33:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2012/06/19 20:33:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Macromedia
[2012/06/19 20:33:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2012/06/19 20:33:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Mozilla
[2012/06/19 20:32:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012/06/19 20:22:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\AVG Secure Search
[2012/06/19 20:22:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\AVG2012
[2012/06/19 20:22:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2012/06/19 20:22:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Toshiba
[2012/06/19 20:21:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Teleca
[2012/06/19 20:21:39 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/06/19 20:21:39 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2012/06/19 20:21:39 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/06/19 20:21:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2012/06/19 20:21:24 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2012/06/19 20:21:09 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2012/06/19 20:21:09 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Templates
[2012/06/19 20:21:09 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Start Menu
[2012/06/19 20:21:09 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo
[2012/06/19 20:21:09 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent
[2012/06/19 20:21:09 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrintHood
[2012/06/19 20:21:09 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\NetHood
[2012/06/19 20:21:09 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Videos
[2012/06/19 20:21:09 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Pictures
[2012/06/19 20:21:09 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Music
[2012/06/19 20:21:09 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\My Documents
[2012/06/19 20:21:09 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Local Settings
[2012/06/19 20:21:09 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History
[2012/06/19 20:21:09 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies
[2012/06/19 20:21:09 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Application Data
[2012/06/19 20:21:09 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data
[2012/06/19 20:21:07 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2012/06/19 20:21:07 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos
[2012/06/19 20:21:07 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games
[2012/06/19 20:21:07 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures
[2012/06/19 20:21:07 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music
[2012/06/19 20:21:07 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/06/19 20:21:07 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links
[2012/06/19 20:21:07 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites
[2012/06/19 20:21:07 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads
[2012/06/19 20:21:07 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents
[2012/06/19 20:21:07 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop
[2012/06/19 20:21:07 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/06/19 20:21:07 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData
[2012/06/19 20:21:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp
[2012/06/19 20:21:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Help
[2012/06/19 20:21:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2012/06/11 10:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/06/10 13:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/06/10 13:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/06/10 13:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/06/10 13:06:09 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/06/10 13:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012

========== Files - Modified Within 30 Days ==========

[2012/06/23 18:07:52 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/06/23 17:58:55 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/23 17:56:29 | 100,666,483 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/06/23 17:52:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/23 17:52:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/23 17:52:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/23 17:52:15 | 3082,817,536 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/20 16:36:08 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/20 15:39:25 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/19 22:10:12 | 000,014,080 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012/06/19 21:58:48 | 001,521,152 | ---- | M] () -- C:\Users\Administrator\Desktop\RogueKiller.exe
[2012/06/19 21:56:24 | 000,000,093 | ---- | M] () -- C:\Users\Administrator\Desktop\Dakeryas.bat
[2012/06/19 21:33:39 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\TFC.exe
[2012/06/15 23:04:02 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/15 23:04:02 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/12 20:52:38 | 000,020,813 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/06/11 10:30:40 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/10 11:51:37 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/06/07 13:01:13 | 261,339,223 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/02 17:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/02 17:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

========== Files Created - No Company Name ==========

[2012/06/19 22:10:12 | 000,014,080 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012/06/19 21:58:43 | 001,521,152 | ---- | C] () -- C:\Users\Administrator\Desktop\RogueKiller.exe
[2012/06/19 21:56:24 | 000,000,093 | ---- | C] () -- C:\Users\Administrator\Desktop\Dakeryas.bat
[2012/06/19 20:21:41 | 000,000,960 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/06/19 20:21:38 | 000,000,955 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/06/19 20:21:23 | 000,000,926 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/06/19 20:21:07 | 000,001,966 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/19 20:21:07 | 000,000,258 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/06/19 20:21:07 | 000,000,240 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/06/19 18:20:49 | 3082,817,536 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/10 13:08:37 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/12/02 13:52:24 | 000,001,056 | ---- | C] () -- C:\Windows\System32\EKaio2WiaCoInst.ini
[2011/08/01 13:22:15 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/04/16 19:55:56 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/01/12 18:39:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/12 16:00:28 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/12/12 15:47:58 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/07/15 18:17:42 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:6017A808
@Alternate Data Stream - 1355 bytes -> C:\ProgramData\TEMP:EA27AABF
@Alternate Data Stream - 1291 bytes -> C:\ProgramData\TEMP:8221B684
@Alternate Data Stream - 1269 bytes -> C:\ProgramData\TEMP:254C101B

< End of report >
  • 0

#12
sciread77

sciread77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Extras.txt
  • 0

#13
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

To uninstall I had to create the new administrator profile, then I used the usual Windows programs and features for the uninstall

OK.

I apologize for the delay myself, we just moved and had internet service installed today.

Not a problem.

Extras.txt

No actual log posted, however we can still proceed as follows...

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the Quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:OTL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:6017A808
@Alternate Data Stream - 1355 bytes -> C:\ProgramData\TEMP:EA27AABF
@Alternate Data Stream - 1291 bytes -> C:\ProgramData\TEMP:8221B684
@Alternate Data Stream - 1269 bytes -> C:\ProgramData\TEMP:254C101B

:Files
ipconfig /flushdns /c
C:\Program Files\Viewpoint
C:\Windows\System32\drivers\Lbd.sys

:Commands
[ResetHosts]
[EmptyTemp]
[Reboot]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Note: Remember to right click MBAM and select Run As Administrator.

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.

  • 0

#14
sciread77

sciread77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL not found.
File move failed. C:\Windows\System32\cmd.exe scheduled to be moved on reboot.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Unable to delete ADS C:\ProgramData\TEMP:6017A808 .
Unable to delete ADS C:\ProgramData\TEMP:EA27AABF .
Unable to delete ADS C:\ProgramData\TEMP:8221B684 .
Unable to delete ADS C:\ProgramData\TEMP:254C101B .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Administrator\Desktop\cmd.bat deleted successfully.
C:\Users\Administrator\Desktop\cmd.txt deleted successfully.
File\Folder C:\Program Files\Viewpoint not found.
File\Folder C:\Windows\System32\drivers\Lbd.sys not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1105623 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 23036598 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: brooneterz
->Temp folder emptied: 266619 bytes
->Temporary Internet Files folder emptied: 33438 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43923092 bytes
->Flash cache emptied: 743 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 78905 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 65.00 mb


OTL by OldTimer - Version 3.2.52.0 log created on 06252012_064621

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\cmd.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#15
sciread77

sciread77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
MBAM log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.24.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: BROONETERZ-PC [administrator]

Protection: Enabled

6/24/2012 1:16:05 PM
mbam-log-2012-06-24 (13-16-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229115
Time elapsed: 10 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP