Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

browsers & websites randomly opening [Solved]

Started by lanidrac , Jun 27 2012 05:07 PM

  • This topic is locked This topic is locked

#1
lanidrac
Posted 27 June 2012 - 05:07 PM

lanidrac

    Member

  • Member
  • PipPip
  • 18 posts
Hello,
Over the weekend, my laptop started having an issue where Firefox and Internet Explorer randomly started opening up with tabs to various websites (like "balivillanews.info" and "fmkex20.in"). The problem was particularly bad at first, and then I installed and ran full scans with a series of applications: Malwarebytes, AVG, Avast, Norton Antivirus, and Ad-Aware (in that order; I've since uninstalled AVG and Avast, and the rest of them are still on my laptop). Each scan found and deleted items; for example, Malwarebytes found the following:

Memory Processes Detected: 1
C:\Users\Eric\AppData\Roaming\Ms_dir_\msvcrt.exe (Backdoor.Agent) -> 4088 -> Delete on reboot.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|msvcrt_ (Backdoor.Agent) -> Data: C:\Users\Eric\AppData\Roaming\Ms_dir_\msvcrt.exe -> Quarantined and deleted successfully.

Files Detected: 5
C:\Users\Eric\AppData\Local\Temp\is1598539481\14082338_Setup.DAT (PUP.Installer.WH) -> No action taken.
C:\Users\Eric\Downloads\setupwavtomp3.exe (PUP.Installer.WH) -> No action taken.
C:\Users\Eric\AppData\Local\Temp\ms0cfg32.exe (Exploit.Drop.GS) -> Quarantined and deleted successfully.
C:\Program Files (x86)\mozjs.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Users\Eric\AppData\Roaming\Ms_dir_\msvcrt.exe (Backdoor.Agent) -> Delete on reboot.

2nd scan: Files Detected: 3
C:\Users\Eric\AppData\Local\Temp\is1598539481\14082338_Setup.DAT (PUP.Installer.WH) -> No action taken.
C:\Users\Eric\Downloads\setupwavtomp3.exe (PUP.Installer.WH) -> No action taken.
C:\Program Files (x86)\CPUCooL\instser.exe (Adware.Agent) -> Quarantined and deleted successfully.

3rd scan: Files Detected: 2
C:\Users\Eric\Downloads\setupwavtomp3.exe (PUP.Installer.WH) -> No action taken.
C:\Users\Eric\AppData\Local\Temp\is1598539481\14082338_Setup.DAT (PUP.Installer.WH) -> Quarantined and deleted successfully.

After running scans with these various programs, the problem is not as severe (for example, Internet Explorer is no longer randomly opening), but still once or twice a day Firefox will try to open on its own (the difference is that now, whenever this happens, Malwarebytes detects a malicious process (C:\Program Files (X86)\MOZJS.DLL and blocks it).

I ran OTL; the log is below. Thanks in advance for your help with this issue -- I appreciate it.


OTL logfile created on: 6/27/2012 6:34:06 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Eric\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 38.12% Memory free
7.80 Gb Paging File | 5.53 Gb Available in Paging File | 70.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.15 Gb Total Space | 9.12 Gb Free Space | 3.18% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 1.91 Gb Free Space | 19.58% Space Free | Partition Type: NTFS

Computer Name: AIR | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/27 18:32:33 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
PRC - [2012/06/14 18:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\firefox.exe
PRC - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/05/03 18:37:50 | 020,221,792 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccsvchst.exe
PRC - [2012/02/18 08:59:28 | 000,282,648 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/10/21 05:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/17 21:59:04 | 000,421,160 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2010/01/03 14:28:18 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\CPUCooL\CooLSRV.exe
PRC - [2009/09/09 22:37:10 | 000,132,464 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/09/08 21:10:24 | 000,242,976 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2009/09/08 21:10:22 | 000,124,192 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2009/09/08 20:59:10 | 000,397,312 | ---- | M] (TODO: <Company name>) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2009/09/08 20:59:08 | 000,335,872 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2009/09/04 18:58:06 | 000,015,872 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2009/08/28 18:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/08/26 19:32:16 | 000,816,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\Client Security Solution\password_manager.exe
PRC - [2009/08/19 20:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/08/03 23:00:14 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/08/03 23:00:00 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\AMT\LMS.exe
PRC - [2009/07/14 21:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/05/28 02:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/03/13 04:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/02/02 05:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/09/21 16:45:36 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe
PRC - [2007/04/02 18:21:54 | 000,131,072 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files (x86)\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
PRC - [2007/01/04 23:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/06/29 22:57:50 | 000,032,768 | ---- | M] () -- C:\Windows\SysWOW64\TpKmpSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/07 04:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 04:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 04:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012/06/07 04:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012/06/07 04:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 04:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 04:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/06/07 03:23:19 | 009,252,040 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
MOD - [2010/01/03 17:46:18 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2009/10/23 18:01:58 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/05/28 02:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
MOD - [2007/09/21 16:45:36 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe
MOD - [2006/06/29 22:57:48 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\ThinkPad\Utilities\TpKmapHk.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/09/01 03:36:04 | 002,498,296 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\SysNative\AtService.exe -- (ATService)
SRV:64bit: - [2009/09/01 03:36:02 | 000,117,760 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DTS.exe -- (dtsvc)
SRV:64bit: - [2009/09/01 03:35:58 | 000,130,048 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\ADMonitor.exe -- (ADMonitor)
SRV:64bit: - [2009/08/24 00:00:14 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/08/18 08:05:18 | 000,045,856 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009/07/14 21:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/03 05:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2009/07/01 22:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/06/29 17:51:04 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV - [2012/06/14 18:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe -- (NAV)
SRV - [2012/01/13 12:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/03 14:28:18 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CPUCooL\CooLSRV.exe -- (CPUCooLServer)
SRV - [2009/09/08 21:10:24 | 000,242,976 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2009/09/08 21:10:22 | 000,124,192 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/09/04 18:58:06 | 000,015,872 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/08/28 18:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/08/23 14:04:00 | 000,075,040 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/08/05 01:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/08/03 23:00:14 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/08/03 23:00:00 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/28 22:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/04/02 18:21:54 | 000,131,072 | ---- | M] (Sprint Spectrum, L.L.C) [Auto | Running] -- C:\Program Files (x86)\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe -- (SPCSUtilityService)
SRV - [2007/01/04 23:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/06/29 22:57:50 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\TpKmpSvc.exe -- (TpKmpSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/23 20:58:38 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/29 02:28:38 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/03/29 02:28:30 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/03/29 02:06:25 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/29 02:03:27 | 000,737,912 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/03/29 02:03:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/19 12:44:24 | 000,256,632 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/12/19 12:44:24 | 000,084,600 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/11/29 18:44:29 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\ccsetx64.sys -- (ccSet_NAV)
DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2011/08/15 18:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symds64.sys -- (SymDS)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/11/20 06:39:08 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{184E4FA0-DE8C26D4-06000000}_0)
DRV:64bit: - [2009/11/20 06:39:08 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06000000}_0)
DRV:64bit: - [2009/11/08 12:51:14 | 000,012,216 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ntiopnp.sys -- (ntiopnp)
DRV:64bit: - [2009/11/02 20:38:59 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009/09/22 21:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/22 21:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/22 21:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/22 21:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/09/01 05:44:16 | 000,551,936 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009/08/24 00:33:30 | 006,104,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/24 00:33:30 | 006,104,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2009/08/23 23:10:06 | 000,135,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/08/23 22:55:06 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2009/08/23 22:55:06 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/23 14:04:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2009/08/18 08:04:56 | 000,030,760 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2009/08/06 16:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/22 01:57:58 | 000,647,168 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/14 02:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/09 07:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/02 14:16:10 | 000,041,536 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2009/06/30 23:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/06/30 23:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/06/30 23:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/30 00:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/06/30 00:01:16 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/06/29 23:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/06/29 17:51:02 | 000,133,672 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2009/06/29 17:51:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009/06/25 04:04:00 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 03:38:00 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 03:13:00 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/22 23:50:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 19:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/04/28 22:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/04/07 02:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/05/12 05:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2007/02/22 17:27:56 | 000,086,528 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)
DRV:64bit: - [2007/01/12 14:32:54 | 000,115,712 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV:64bit: - [2006/06/18 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2012/06/27 15:43:56 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20120627.006\ex64.sys -- (NAVEX15)
DRV - [2012/06/27 15:43:56 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20120627.006\eng64.sys -- (NAVENG)
DRV - [2012/06/23 21:25:15 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/06/23 21:25:15 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/06/22 15:43:50 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20120626.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/06/19 00:03:24 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20120619.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9D6E94CC-75DA-4366-BCF8-97074E9C8FBF}
IE:64bit: - HKLM\..\SearchScopes\{9D6E94CC-75DA-4366-BCF8-97074E9C8FBF}: "URL" = http://www.bing.com/...c=IE-SearchBox;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {47BAA963-C290-4C24-965E-86F524CDD162}
IE - HKLM\..\SearchScopes\{47BAA963-C290-4C24-965E-86F524CDD162}: "URL" = http://www.bing.com/...c=IE-SearchBox;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://exchange.ucsf.edu/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.nih.gov/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {47BAA963-C290-4C24-965E-86F524CDD162}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-06-23 09:34:40&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files (x86)\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Eric\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Eric\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Eric\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/02/23 03:01:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\IPSFFPlgn\ [2012/06/23 20:58:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\components [2012/06/26 20:18:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\plugins [2011/09/16 14:58:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension [2011/08/10 22:42:07 | 000,000,000 | ---D | M]

[2009/11/09 18:55:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions
[2012/06/26 20:18:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zhno9yns.default\extensions
[2012/05/05 14:58:51 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zhno9yns.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2012/06/26 20:18:15 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zhno9yns.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/04/02 00:38:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zhno9yns.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/06/26 20:18:16 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zhno9yns.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U16 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Eric\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RockMelt Update (Enabled) = C:\Users\Eric\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Eric\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Move Media Player 7 (Enabled) = C:\Users\Eric\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: SiteAdvisor = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Skype Click to Call = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Poppit = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Lenovo ThinkVantage Toolbox) - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Program Files\PC-Doctor\ATLPcdToolbar544928.dll (PC-Doctor, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcWin7Hlpr.exe ()
O4:64bit: - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [picon] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files (x86)\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [googletalk] C:\Users\Eric\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Opera Software] C:\Users\Eric\AppData\Roaming\D4D4C3.exe File not found
O4 - HKCU..\Run: [RockMelt Update] C:\Users\Eric\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)
O4 - HKCU..\Run: [TPKMAPMN] C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe ()
F3:64bit: - HKCU WinNT: Load - (C:\Users\Eric\LOCALS~1\Temp\msrrahayj.exe) - File not found
F3 - HKCU WinNT: Load - (C:\Users\Eric\LOCALS~1\Temp\msrrahayj.exe) - File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E585A49-9236-40CA-83C9-70C4354E4AED}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\ATFUS: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 12:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{2219dd84-c80d-11de-bdf7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2219dd84-c80d-11de-bdf7-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 17:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/27 18:32:36 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2012/06/26 20:19:20 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\adaware
[2012/06/26 20:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/06/26 20:19:06 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012/06/26 20:18:54 | 000,256,632 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFw.sys
[2012/06/26 20:18:54 | 000,119,416 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFwIm.sys
[2012/06/26 20:18:53 | 000,057,976 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbredrv.sys
[2012/06/26 20:18:53 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012/06/26 20:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/06/26 20:18:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/06/26 20:18:28 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\adawarebp
[2012/06/26 20:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/06/26 20:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2012/06/26 20:18:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012/06/24 22:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dictionaries
[2012/06/24 22:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\defaults
[2012/06/24 21:52:46 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Ad-Aware Antivirus
[2012/06/24 01:16:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/24 01:16:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/24 01:14:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/23 21:37:43 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\CrashDumps
[2012/06/23 21:31:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/06/23 21:22:26 | 001,092,728 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symefa64.sys
[2012/06/23 21:22:26 | 000,737,912 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtsp64.sys
[2012/06/23 21:22:26 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symds64.sys
[2012/06/23 21:22:26 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symnets.sys
[2012/06/23 21:22:26 | 000,037,496 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtspx64.sys
[2012/06/23 21:22:25 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\ironx64.sys
[2012/06/23 21:22:25 | 000,167,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\ccsetx64.sys
[2012/06/23 21:21:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1307010.005
[2012/06/23 20:58:38 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/06/23 20:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/06/23 20:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/06/23 20:56:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64
[2012/06/23 20:56:30 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2012/06/23 20:56:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus
[2012/06/23 20:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/06/23 20:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/06/23 20:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/06/23 13:46:59 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/06/23 13:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/06/23 13:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/06/23 09:35:05 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\AVG2012
[2012/06/23 09:34:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/23 09:32:52 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/06/23 09:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/06/23 09:31:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/06/23 09:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/06/23 00:43:48 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Malwarebytes
[2012/06/23 00:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/23 00:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/23 00:43:32 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/23 00:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/22 22:00:09 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcr100.dll
[2012/06/22 22:00:09 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcp100.dll
[2012/06/22 22:00:08 | 000,157,608 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\maintenanceservice_installer.exe
[2012/06/22 22:00:08 | 000,113,120 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\maintenanceservice.exe
[2012/06/22 22:00:08 | 000,043,488 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozglue.dll
[2012/06/22 22:00:07 | 000,624,608 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\gkmedias.dll
[2012/06/22 22:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jssubloader
[2012/06/22 21:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/06/22 21:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/22 21:21:19 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Ms_dir_
[2012/06/22 21:21:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Ysun
[2012/06/22 21:21:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Xudyit
[2012/06/22 21:21:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Wueq
[2012/06/13 16:50:34 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\InterVideo
[2012/06/13 16:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\InterVideo
[2011/09/16 14:58:20 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\D3DCompiler_43.dll
[2011/09/16 14:58:20 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\d3dx9_43.dll
[2011/09/16 14:58:20 | 000,829,920 | ---- | C] (sqlite.org) -- C:\Program Files (x86)\mozsqlite3.dll
[2011/09/16 14:58:20 | 000,418,784 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libGLESv2.dll
[2011/09/16 14:58:20 | 000,079,840 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libEGL.dll
[2011/09/16 14:58:20 | 000,016,864 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\plugin-container.exe
[2011/09/16 14:58:20 | 000,016,352 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozalloc.dll
[2010/11/17 21:59:08 | 000,425,768 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesPhotoProcessor.exe
[2010/11/17 21:59:08 | 000,216,864 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesPhotoProcessor.dll
[2010/11/17 21:59:06 | 000,294,688 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll
[2010/11/17 21:59:04 | 000,421,160 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
[2010/11/17 21:59:04 | 000,387,368 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll
[2010/11/17 21:59:04 | 000,173,856 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.dll
[2010/11/17 21:59:00 | 009,777,448 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
[2010/11/17 21:58:56 | 018,906,912 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.dll
[2010/11/17 21:58:56 | 000,754,976 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_sdkmanager.dll
[2010/11/17 21:58:56 | 000,267,552 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_submit.dll
[2010/11/17 21:58:56 | 000,111,912 | ---- | C] (Apple Inc.) -- C:\Program Files\ITDetector.ocx
[2010/11/17 21:58:54 | 002,733,344 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_dsp.dll
[2010/11/17 21:58:54 | 000,197,920 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_musicid.dll
[2009/11/09 18:55:32 | 015,757,792 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xul.dll
[2009/11/09 18:55:32 | 000,913,888 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\firefox.exe
[2009/11/09 18:55:32 | 000,637,920 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nss3.dll
[2009/11/09 18:55:32 | 000,358,368 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssckbi.dll
[2009/11/09 18:55:32 | 000,265,184 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\updater.exe
[2009/11/09 18:55:32 | 000,258,528 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\freebl3.dll
[2009/11/09 18:55:32 | 000,170,464 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nspr4.dll
[2009/11/09 18:55:32 | 000,155,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\softokn3.dll
[2009/11/09 18:55:32 | 000,145,376 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\ssl3.dll
[2009/11/09 18:55:32 | 000,117,728 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\crashreporter.exe
[2009/11/09 18:55:32 | 000,095,712 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssdbm3.dll
[2009/11/09 18:55:32 | 000,092,640 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssutil3.dll
[2009/11/09 18:55:32 | 000,091,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\smime3.dll
[2009/11/09 18:55:32 | 000,021,472 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plc4.dll
[2009/11/09 18:55:32 | 000,020,960 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plds4.dll
[2009/11/09 18:55:32 | 000,019,424 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xpcom.dll
[2009/11/09 18:55:32 | 000,018,912 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\AccessibleMarshal.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/27 18:32:33 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2012/06/27 18:13:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2706443888-185234645-683904636-1004UA.job
[2012/06/27 18:08:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-2706443888-185234645-683904636-1004UA.job
[2012/06/27 10:27:19 | 000,017,408 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/27 10:27:19 | 000,017,408 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/27 10:20:13 | 000,001,024 | ---- | M] () -- C:\Users\Eric\.rnd
[2012/06/27 10:20:06 | 000,674,860 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/27 10:20:06 | 000,125,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/27 10:20:05 | 000,795,628 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/27 10:11:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/27 10:11:39 | 3139,457,024 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/26 23:08:05 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-2706443888-185234645-683904636-1004Core.job
[2012/06/26 20:24:56 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SBRC.dat
[2012/06/26 20:18:59 | 002,272,561 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\Cat.DB
[2012/06/26 20:13:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2706443888-185234645-683904636-1004Core.job
[2012/06/24 22:07:29 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/23 21:28:16 | 000,002,359 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2012/06/23 21:23:31 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\VT20120410.034
[2012/06/23 20:58:38 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/06/23 20:58:38 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/06/23 20:58:38 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/06/23 13:46:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/06/23 10:03:39 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/06/23 00:43:40 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/22 22:17:24 | 000,007,635 | ---- | M] () -- C:\Users\Eric\AppData\Local\Resmon.ResmonCfg
[2012/06/22 19:08:42 | 000,002,310 | ---- | M] () -- C:\Users\Eric\Desktop\RockMelt.lnk
[2012/06/21 12:21:13 | 002,136,567 | ---- | M] () -- C:\Users\Eric\Desktop\GirlsinWhiteDresses9780307700414.epub
[2012/06/14 18:20:18 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\softokn3.chk
[2012/06/14 18:20:17 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\nssdbm3.chk
[2012/06/14 18:20:16 | 000,829,920 | ---- | M] (sqlite.org) -- C:\Program Files (x86)\mozsqlite3.dll
[2012/06/14 18:20:15 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\mozjs.dll
[2012/06/14 18:20:13 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\freebl3.chk
[2012/06/14 18:20:12 | 000,001,704 | ---- | M] () -- C:\Program Files (x86)\precomplete
[2012/06/14 18:20:10 | 007,686,114 | ---- | M] () -- C:\Program Files (x86)\omni.ja
[2012/06/14 18:19:44 | 000,003,803 | ---- | M] () -- C:\Program Files (x86)\crashreporter.ini
[2012/06/14 18:19:44 | 000,000,583 | ---- | M] () -- C:\Program Files (x86)\crashreporter-override.ini
[2012/06/14 18:19:41 | 000,010,326 | ---- | M] () -- C:\Program Files (x86)\blocklist.xml
[2012/06/14 18:19:41 | 000,000,463 | ---- | M] () -- C:\Program Files (x86)\application.ini
[2012/06/14 18:19:41 | 000,000,142 | ---- | M] () -- C:\Program Files (x86)\platform.ini
[2012/06/14 18:19:41 | 000,000,132 | ---- | M] () -- C:\Program Files (x86)\update-settings.ini
[2012/06/14 18:19:40 | 000,001,045 | ---- | M] () -- C:\Program Files (x86)\updater.ini
[2012/06/14 18:19:40 | 000,000,130 | ---- | M] () -- C:\Program Files (x86)\dependentlibs.list
[2012/06/14 16:35:56 | 000,035,524 | ---- | M] () -- C:\Program Files (x86)\removed-files
[2012/06/12 21:33:22 | 000,456,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/08 23:11:54 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/06 01:26:49 | 000,061,649 | ---- | M] () -- C:\Users\Eric\Documents\seafood 2019820337-90723116-tickets.pdf
[2012/06/03 00:40:06 | 000,040,141 | ---- | M] () -- C:\Users\Eric\Documents\MyContacts.csv
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/26 20:24:56 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SBRC.dat
[2012/06/24 21:45:17 | 002,042,848 | ---- | C] () -- C:\Program Files (x86)\mozjs.dll
[2012/06/23 21:27:11 | 002,272,561 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\Cat.DB
[2012/06/23 21:25:43 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\VT20120410.034
[2012/06/23 21:22:26 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symds64.cat
[2012/06/23 21:22:26 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtspx64.cat
[2012/06/23 21:22:26 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symefa64.cat
[2012/06/23 21:22:26 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symnet64.cat
[2012/06/23 21:22:26 | 000,003,434 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symefa.inf
[2012/06/23 21:22:26 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symds.inf
[2012/06/23 21:22:26 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symnet.inf
[2012/06/23 21:22:26 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtsp64.inf
[2012/06/23 21:22:26 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtspx64.inf
[2012/06/23 21:22:25 | 000,007,468 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\ccsetx64.cat
[2012/06/23 21:22:25 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtsp64.cat
[2012/06/23 21:22:25 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\iron.cat
[2012/06/23 21:22:25 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\ccsetx64.inf
[2012/06/23 21:22:25 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\iron.inf
[2012/06/23 21:21:32 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\isolate.ini
[2012/06/23 20:58:38 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/06/23 20:58:38 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/06/23 20:58:31 | 000,002,359 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2012/06/23 20:21:32 | 000,001,024 | ---- | C] () -- C:\Users\Eric\.rnd
[2012/06/23 13:46:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/06/23 00:43:40 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/22 22:17:24 | 000,007,635 | ---- | C] () -- C:\Users\Eric\AppData\Local\Resmon.ResmonCfg
[2012/06/22 22:00:10 | 000,000,132 | ---- | C] () -- C:\Program Files (x86)\update-settings.ini
[2012/06/21 12:21:13 | 002,136,567 | ---- | C] () -- C:\Users\Eric\Desktop\GirlsinWhiteDresses9780307700414.epub
[2012/06/06 01:26:49 | 000,061,649 | ---- | C] () -- C:\Users\Eric\Documents\seafood 2019820337-90723116-tickets.pdf
[2012/06/03 00:31:51 | 000,040,141 | ---- | C] () -- C:\Users\Eric\Documents\MyContacts.csv
[2012/02/04 02:01:47 | 007,686,114 | ---- | C] () -- C:\Program Files (x86)\omni.ja
[2012/01/20 12:59:52 | 000,072,080 | ---- | C] () -- C:\Users\Eric\g2mdlhlpx.exe
[2011/09/16 14:58:20 | 000,035,524 | ---- | C] () -- C:\Program Files (x86)\removed-files
[2011/09/16 14:58:20 | 000,001,704 | ---- | C] () -- C:\Program Files (x86)\precomplete
[2011/09/16 14:58:20 | 000,000,130 | ---- | C] () -- C:\Program Files (x86)\dependentlibs.list
[2010/11/17 19:52:00 | 000,064,083 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf
[2010/08/22 12:33:08 | 000,714,182 | ---- | C] () -- C:\Users\Eric\ELai - Dissertation.pdf
[2010/08/08 11:13:31 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2009/11/09 18:55:33 | 000,001,045 | ---- | C] () -- C:\Program Files (x86)\updater.ini
[2009/11/09 18:55:32 | 000,010,326 | ---- | C] () -- C:\Program Files (x86)\blocklist.xml
[2009/11/09 18:55:32 | 000,003,803 | ---- | C] () -- C:\Program Files (x86)\crashreporter.ini
[2009/11/09 18:55:32 | 000,000,583 | ---- | C] () -- C:\Program Files (x86)\crashreporter-override.ini
[2009/11/09 18:55:32 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\softokn3.chk
[2009/11/09 18:55:32 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\nssdbm3.chk
[2009/11/09 18:55:32 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\freebl3.chk
[2009/11/09 18:55:32 | 000,000,463 | ---- | C] () -- C:\Program Files (x86)\application.ini
[2009/11/09 18:55:32 | 000,000,142 | ---- | C] () -- C:\Program Files (x86)\platform.ini

========== LOP Check ==========

[2012/06/27 06:36:20 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Ad-Aware Antivirus
[2009/12/19 21:30:05 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Amazon
[2012/06/23 09:35:05 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\AVG2012
[2012/06/22 22:08:13 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\BitTorrent
[2009/11/24 21:08:07 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\CoffeeCup Software
[2012/01/30 21:31:20 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\com.prakaz.project.photogettr.FBAB9E68ED32BC183252F597C39DBF71CF315A79.1
[2011/08/07 23:35:10 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Elluminate
[2010/05/02 19:16:45 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Facebook
[2012/06/18 20:36:22 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\FileZilla
[2012/06/13 16:50:34 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\InterVideo
[2009/12/29 00:52:20 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\KompoZer
[2009/11/09 19:33:35 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Lenovo
[2012/06/23 00:59:23 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Ms_dir_
[2009/12/17 21:43:27 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\NCH Swift Sound
[2011/01/11 22:43:19 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Opera
[2009/12/29 01:03:33 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\PixelMetrics
[2010/08/08 11:13:16 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Research In Motion
[2009/11/11 02:43:27 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Scientific Software
[2012/06/23 11:00:48 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Wueq
[2009/12/17 21:29:49 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Xilisoft Corporation
[2012/06/23 12:55:28 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Xudyit
[2012/06/22 21:21:11 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Ysun
[2012/06/08 23:11:54 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/26 23:08:05 | 000,000,872 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-2706443888-185234645-683904636-1004Core.job
[2012/06/27 18:08:01 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-2706443888-185234645-683904636-1004UA.job
[2012/05/13 09:43:20 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/23 10:03:39 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Crowbar
Posted 28 June 2012 - 03:48 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hello lanidrac and welcome to Geeks To Go !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.
Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them.
You get an advantage as you have 2 people examining your issue.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
  • Please follow the steps exactly as written, in the same order.
  • If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

Hi, I am going over your log file now, in the meantime please run another scan for me

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it
Posted Image

Click the [Scan] button to start scan
Posted Image

On completion of the scan click [Save log], save it to your desktop and post in your next reply
  • 0

#3
lanidrac
Posted 29 June 2012 - 08:13 PM

lanidrac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi,
Here is the log from aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-29 22:09:20
-----------------------------
22:09:20.679 OS Version: Windows x64 6.1.7600
22:09:20.680 Number of processors: 2 586 0x170A
22:09:20.680 ComputerName: AIR UserName:
22:09:23.919 Initialize success
22:09:43.099 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:09:43.100 Disk 0 Vendor: WDC_WD32 14.0 Size: 305245MB BusType: 3
22:09:43.116 Disk 0 MBR read successfully
22:09:43.118 Disk 0 MBR scan
22:09:43.119 Disk 0 unknown MBR code
22:09:43.129 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
22:09:43.139 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 294042 MB offset 2459648
22:09:43.171 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 604659712
22:09:43.198 Disk 0 scanning C:\Windows\system32\drivers
22:10:12.322 Service scanning
22:11:04.189 Modules scanning
22:11:04.195 Disk 0 trace - called modules:
22:11:04.233 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
22:11:04.237 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005d0a060]
22:11:04.565 3 CLASSPNP.SYS[fffff88000e8043f] -> nt!IofCallDriver -> [0xfffffa8004c57700]
22:11:04.569 5 ACPI.sys[fffff88000f6f781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c5a050]
22:11:04.573 Scan finished successfully
22:11:29.990 Disk 0 MBR has been saved successfully to "C:\Users\Eric\Desktop\MBR.dat"
22:11:29.995 The log file has been saved successfully to "C:\Users\Eric\Desktop\aswMBR.txt"

Thanks to both of you for your help!
  • 0

#4
Crowbar
Posted 30 June 2012 - 12:44 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi lanidrac,
The first thing I noticed about your computer is that you have several anti-virus programs installed. In this case, more is not better.
You should only have one Anti-virus installed. Please choose one of them and I will help you to get rid of the rest. Myself, I use Microsoft Security Essentials, but I also recommend Avast, the important point is that you only have ONE installed.

Your computer only has about %3 free space left on your c: drive. You should have %15-20 available free space. You are going to have to free up some space, by:
  • move some pictures off of your drive
  • move some music files off of your drive
  • uninstall programs that you do not use
I will empty your temporary folders and we will see how much that frees up.

Also, it seems that you have installed a few programs directly into your program files(x86) folder, can you tell me anything about this?
for example, the default installation folder for Itunes is c:\program files(x86)\Itunes but you seem to have installed itunes in c:\program files(x86)

Step 1
File Scanner
There are some files I need you to upload for checking

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • C:\Users\Eric\AppData\Roaming\D4D4C3.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.


Step 2
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
[createrestorepoint]

:OTL
F3:64bit: - HKCU WinNT: Load - (C:\Users\Eric\LOCALS~1\Temp\msrrahayj.exe) - File not found
F3 - HKCU WinNT: Load - (C:\Users\Eric\LOCALS~1\Temp\msrrahayj.exe) - File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
:Commands
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Step 3
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • Post the log it produces in your next reply.

In your next reply I would like to see:
  • OTL fix log
  • the new OTL custom scan log
  • still having the same browser problem?
  • answers to my questions and anti-virus program choice

  • 0

#5
lanidrac
Posted 01 July 2012 - 11:23 AM

lanidrac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi,
I originally only had Microsoft Security Essentials on the computer; however, once the browser issue started I tried the other anti-virus programs in an attempt to get the problem under control, as I mentioned in my original post. I already had uninstalled Avast and AVG; today, I also uninstalled Norton and Ad-Aware. The only programs remaining now are Microsoft Security Essentials and Malwarebytes (which, per your instructions, I disabled during the OTL scan/fix).

I actually don't know why there are programs installed in the C:\program files(x86) folder; when I install things I just accept their default settings, so I didn't even realize some had been installed where they are.

As for the steps:

Step 1:
I follow your instructions here, but I got the error message "D4D4C3.exe, File not found." I ran a search for the file on my C: drive, but no results were found. So I ended up just moving on to the next step.

Step 2 log:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Eric\LOCALS~1\Temp\msrrahayj.exe scheduled to be deleted on reboot.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Eric\LOCALS~1\Temp\msrrahayj.exe deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Eric
->Temp folder emptied: 3786575647 bytes
->Temporary Internet Files folder emptied: 182062051 bytes
->Java cache emptied: 92086177 bytes
->FireFox cache emptied: 51090463 bytes
->Google Chrome cache emptied: 125347640 bytes
->Opera cache emptied: 18028846 bytes
->Flash cache emptied: 19749695 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 525792 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 423346342 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36031282 bytes
RecycleBin emptied: 17511461858 bytes

Total Files Cleaned = 21,216.00 mb


OTL by OldTimer - Version 3.2.53.0 log created on 07012012_124048

Files\Folders moved on Reboot...
C:\Users\Eric\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SFJHEOYR\fastbutton[1].htm moved successfully.
C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NCW64Q9I\319366-browsers-websites-randomly-opening[1].htm moved successfully.
C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NCW64Q9I\ads[1].htm moved successfully.
C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L1TFF6SH\virscan_org[1].htm moved successfully.
C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6O3FIRMR\si[1].htm moved successfully.

PendingFileRenameOperations files...
File C:\Users\Eric\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SFJHEOYR\fastbutton[1].htm not found!
File C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NCW64Q9I\319366-browsers-websites-randomly-opening[1].htm not found!
File C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NCW64Q9I\ads[1].htm not found!
File C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L1TFF6SH\virscan_org[1].htm not found!
File C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6O3FIRMR\si[1].htm not found!

Registry entries deleted on Reboot...
64bit-Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Eric\LOCALS~1\Temp\msrrahayj.exe deleted successfully.


Step 3 log:
OTL logfile created on: 7/1/2012 12:50:32 PM - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Eric\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 51.76% Memory free
7.80 Gb Paging File | 5.85 Gb Available in Paging File | 75.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.15 Gb Total Space | 36.06 Gb Free Space | 12.56% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 1.91 Gb Free Space | 19.58% Space Free | Partition Type: NTFS

Computer Name: AIR | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/27 18:32:33 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/02/21 00:03:23 | 000,136,336 | ---- | M] (RockMelt Inc.) -- C:\Users\Eric\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
PRC - [2012/02/18 08:59:28 | 000,282,648 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/21 05:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/17 21:59:04 | 000,421,160 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2010/01/03 14:28:18 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\CPUCooL\CooLSRV.exe
PRC - [2009/09/09 22:37:10 | 000,132,464 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/09/08 21:10:24 | 000,242,976 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2009/09/08 21:10:22 | 000,124,192 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2009/09/08 20:59:10 | 000,397,312 | ---- | M] (TODO: <Company name>) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2009/09/08 20:59:08 | 000,335,872 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2009/09/04 18:58:06 | 000,015,872 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2009/08/28 18:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/08/26 19:32:16 | 000,816,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\Client Security Solution\password_manager.exe
PRC - [2009/08/19 20:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/08/03 23:00:14 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/08/03 23:00:00 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\AMT\LMS.exe
PRC - [2009/07/14 21:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/05/28 02:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/03/13 04:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/02/02 05:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/09/21 16:45:36 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe
PRC - [2007/04/02 18:21:54 | 000,131,072 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files (x86)\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
PRC - [2007/01/04 23:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/06/29 22:57:50 | 000,032,768 | ---- | M] () -- C:\Windows\SysWOW64\TpKmpSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/28 06:28:56 | 000,438,296 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppgooglenaclpluginchrome.dll
MOD - [2012/06/28 06:28:54 | 003,972,120 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
MOD - [2012/06/28 06:27:40 | 000,554,520 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\20.0.1132.47\libglesv2.dll
MOD - [2012/06/28 06:27:38 | 000,117,784 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\20.0.1132.47\libegl.dll
MOD - [2012/06/28 06:27:29 | 000,140,328 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\20.0.1132.47\avutil-51.dll
MOD - [2012/06/28 06:27:28 | 000,262,184 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\20.0.1132.47\avformat-54.dll
MOD - [2012/06/28 06:27:26 | 002,386,984 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll
MOD - [2010/01/03 17:46:18 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2009/10/23 18:01:58 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/05/28 02:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
MOD - [2007/09/21 16:45:36 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe
MOD - [2006/06/29 22:57:48 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\ThinkPad\Utilities\TpKmapHk.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/09/01 03:36:04 | 002,498,296 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\SysNative\AtService.exe -- (ATService)
SRV:64bit: - [2009/09/01 03:36:02 | 000,117,760 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DTS.exe -- (dtsvc)
SRV:64bit: - [2009/09/01 03:35:58 | 000,130,048 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\ADMonitor.exe -- (ADMonitor)
SRV:64bit: - [2009/08/24 00:00:14 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/08/18 08:05:18 | 000,045,856 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009/07/14 21:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/03 05:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2009/07/01 22:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/06/29 17:51:04 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV - [2012/06/14 18:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/13 12:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/03 14:28:18 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CPUCooL\CooLSRV.exe -- (CPUCooLServer)
SRV - [2009/09/08 21:10:24 | 000,242,976 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2009/09/08 21:10:22 | 000,124,192 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/09/04 18:58:06 | 000,015,872 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/08/28 18:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/08/23 14:04:00 | 000,075,040 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/08/05 01:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/08/03 23:00:14 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/08/03 23:00:00 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/28 22:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/04/02 18:21:54 | 000,131,072 | ---- | M] (Sprint Spectrum, L.L.C) [Auto | Running] -- C:\Program Files (x86)\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe -- (SPCSUtilityService)
SRV - [2007/01/04 23:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/06/29 22:57:50 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\TpKmpSvc.exe -- (TpKmpSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/11/20 06:39:08 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{184E4FA0-DE8C26D4-06000000}_0)
DRV:64bit: - [2009/11/20 06:39:08 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06000000}_0)
DRV:64bit: - [2009/11/08 12:51:14 | 000,012,216 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ntiopnp.sys -- (ntiopnp)
DRV:64bit: - [2009/11/02 20:38:59 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009/09/22 21:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/22 21:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/22 21:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/22 21:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/09/01 05:44:16 | 000,551,936 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009/08/24 00:33:30 | 006,104,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/24 00:33:30 | 006,104,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2009/08/23 23:10:06 | 000,135,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/08/23 22:55:06 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2009/08/23 22:55:06 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/23 14:04:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2009/08/18 08:04:56 | 000,030,760 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2009/08/06 16:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/22 01:57:58 | 000,647,168 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/14 02:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/09 07:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/02 14:16:10 | 000,041,536 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2009/06/30 23:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/06/30 23:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/06/30 23:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/30 00:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/06/30 00:01:16 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/06/29 23:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/06/29 17:51:02 | 000,133,672 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2009/06/29 17:51:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009/06/25 04:04:00 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 03:38:00 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 03:13:00 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/22 23:50:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 19:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/04/28 22:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/04/07 02:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/05/12 05:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2007/02/22 17:27:56 | 000,086,528 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)
DRV:64bit: - [2007/01/12 14:32:54 | 000,115,712 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV:64bit: - [2006/06/18 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9D6E94CC-75DA-4366-BCF8-97074E9C8FBF}
IE:64bit: - HKLM\..\SearchScopes\{9D6E94CC-75DA-4366-BCF8-97074E9C8FBF}: "URL" = http://www.bing.com/...c=IE-SearchBox;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {47BAA963-C290-4C24-965E-86F524CDD162}
IE - HKLM\..\SearchScopes\{47BAA963-C290-4C24-965E-86F524CDD162}: "URL" = http://www.bing.com/...c=IE-SearchBox;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://exchange.ucsf.edu/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.nih.gov/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {47BAA963-C290-4C24-965E-86F524CDD162}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-06-23 09:34:40&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files (x86)\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Eric\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Eric\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Eric\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/02/23 03:01:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\components [2012/06/26 20:18:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\plugins [2011/09/16 14:58:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension [2011/08/10 22:42:07 | 000,000,000 | ---D | M]

[2009/11/09 18:55:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions
[2012/06/28 23:38:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zhno9yns.default\extensions
[2012/05/05 14:58:51 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zhno9yns.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2012/06/26 20:18:15 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zhno9yns.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/04/02 00:38:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zhno9yns.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/06/26 20:18:16 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zhno9yns.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/06/28 23:38:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zhno9yns.default\extensions\staged

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U16 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Eric\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RockMelt Update (Enabled) = C:\Users\Eric\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Eric\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Move Media Player 7 (Enabled) = C:\Users\Eric\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: SiteAdvisor = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Skype Click to Call = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Poppit = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Lenovo ThinkVantage Toolbox) - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Program Files\PC-Doctor\ATLPcdToolbar544928.dll (PC-Doctor, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcWin7Hlpr.exe ()
O4:64bit: - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [picon] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files (x86)\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [googletalk] C:\Users\Eric\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Opera Software] C:\Users\Eric\AppData\Roaming\D4D4C3.exe File not found
O4 - HKCU..\Run: [RockMelt Update] C:\Users\Eric\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)
O4 - HKCU..\Run: [TPKMAPMN] C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E585A49-9236-40CA-83C9-70C4354E4AED}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\ATFUS: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 12:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{2219dd84-c80d-11de-bdf7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2219dd84-c80d-11de-bdf7-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 17:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/01 12:40:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/01 12:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/06/29 22:08:49 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Eric\Desktop\aswMBR.exe
[2012/06/27 18:32:36 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2012/06/26 20:19:20 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\adaware
[2012/06/26 20:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/06/26 20:18:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/06/26 20:18:28 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\adawarebp
[2012/06/26 20:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/06/26 20:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2012/06/26 20:18:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012/06/24 22:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dictionaries
[2012/06/24 22:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\defaults
[2012/06/24 21:52:46 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Ad-Aware Antivirus
[2012/06/24 01:16:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/24 01:16:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/24 01:14:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/23 21:37:43 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\CrashDumps
[2012/06/23 21:31:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/06/23 20:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/06/23 20:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/06/23 13:46:59 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/06/23 13:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/06/23 13:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/06/23 09:35:05 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\AVG2012
[2012/06/23 09:34:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/23 09:32:52 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/06/23 09:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/06/23 09:31:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/06/23 09:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/06/23 00:43:48 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Malwarebytes
[2012/06/23 00:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/23 00:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/23 00:43:32 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/23 00:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/22 22:00:09 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcr100.dll
[2012/06/22 22:00:09 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcp100.dll
[2012/06/22 22:00:08 | 000,157,608 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\maintenanceservice_installer.exe
[2012/06/22 22:00:08 | 000,113,120 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\maintenanceservice.exe
[2012/06/22 22:00:08 | 000,043,488 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozglue.dll
[2012/06/22 22:00:07 | 000,624,608 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\gkmedias.dll
[2012/06/22 22:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jssubloader
[2012/06/22 21:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/06/22 21:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/22 21:21:19 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Ms_dir_
[2012/06/22 21:21:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Ysun
[2012/06/22 21:21:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Xudyit
[2012/06/22 21:21:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Wueq
[2012/06/13 16:50:34 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\InterVideo
[2012/06/13 16:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\InterVideo
[2011/09/16 14:58:20 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\D3DCompiler_43.dll
[2011/09/16 14:58:20 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\d3dx9_43.dll
[2011/09/16 14:58:20 | 000,829,920 | ---- | C] (sqlite.org) -- C:\Program Files (x86)\mozsqlite3.dll
[2011/09/16 14:58:20 | 000,418,784 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libGLESv2.dll
[2011/09/16 14:58:20 | 000,079,840 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libEGL.dll
[2011/09/16 14:58:20 | 000,016,864 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\plugin-container.exe
[2011/09/16 14:58:20 | 000,016,352 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozalloc.dll
[2010/11/17 21:59:08 | 000,425,768 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesPhotoProcessor.exe
[2010/11/17 21:59:08 | 000,216,864 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesPhotoProcessor.dll
[2010/11/17 21:59:06 | 000,294,688 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll
[2010/11/17 21:59:04 | 000,421,160 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
[2010/11/17 21:59:04 | 000,387,368 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll
[2010/11/17 21:59:04 | 000,173,856 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.dll
[2010/11/17 21:59:00 | 009,777,448 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
[2010/11/17 21:58:56 | 018,906,912 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.dll
[2010/11/17 21:58:56 | 000,754,976 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_sdkmanager.dll
[2010/11/17 21:58:56 | 000,267,552 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_submit.dll
[2010/11/17 21:58:56 | 000,111,912 | ---- | C] (Apple Inc.) -- C:\Program Files\ITDetector.ocx
[2010/11/17 21:58:54 | 002,733,344 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_dsp.dll
[2010/11/17 21:58:54 | 000,197,920 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_musicid.dll
[2009/11/09 18:55:32 | 015,757,792 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xul.dll
[2009/11/09 18:55:32 | 000,913,888 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\firefox.exe
[2009/11/09 18:55:32 | 000,637,920 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nss3.dll
[2009/11/09 18:55:32 | 000,358,368 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssckbi.dll
[2009/11/09 18:55:32 | 000,265,184 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\updater.exe
[2009/11/09 18:55:32 | 000,258,528 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\freebl3.dll
[2009/11/09 18:55:32 | 000,170,464 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nspr4.dll
[2009/11/09 18:55:32 | 000,155,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\softokn3.dll
[2009/11/09 18:55:32 | 000,145,376 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\ssl3.dll
[2009/11/09 18:55:32 | 000,117,728 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\crashreporter.exe
[2009/11/09 18:55:32 | 000,095,712 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssdbm3.dll
[2009/11/09 18:55:32 | 000,092,640 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssutil3.dll
[2009/11/09 18:55:32 | 000,091,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\smime3.dll
[2009/11/09 18:55:32 | 000,021,472 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plc4.dll
[2009/11/09 18:55:32 | 000,020,960 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plds4.dll
[2009/11/09 18:55:32 | 000,019,424 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xpcom.dll
[2009/11/09 18:55:32 | 000,018,912 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\AccessibleMarshal.dll

========== Files - Modified Within 30 Days ==========

[2012/07/01 12:54:10 | 000,017,408 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 12:54:10 | 000,017,408 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 12:47:29 | 000,001,024 | ---- | M] () -- C:\Users\Eric\.rnd
[2012/07/01 12:46:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/01 12:46:25 | 3139,457,024 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/01 12:13:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2706443888-185234645-683904636-1004UA.job
[2012/07/01 12:08:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-2706443888-185234645-683904636-1004UA.job
[2012/06/29 23:08:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-2706443888-185234645-683904636-1004Core.job
[2012/06/29 22:11:29 | 000,000,512 | ---- | M] () -- C:\Users\Eric\Desktop\MBR.dat
[2012/06/29 22:08:55 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Eric\Desktop\aswMBR.exe
[2012/06/28 20:13:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2706443888-185234645-683904636-1004Core.job
[2012/06/28 18:24:32 | 000,674,860 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/28 18:24:32 | 000,125,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/28 18:24:31 | 000,795,628 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/27 23:49:38 | 000,001,188 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/06/27 23:49:37 | 000,001,738 | ---- | M] () -- C:\Windows\SysWow64\EmailAVConfig.xml
[2012/06/27 18:32:33 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2012/06/24 22:07:29 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/23 13:46:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/06/23 10:03:39 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/06/23 00:43:40 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/22 22:17:24 | 000,007,635 | ---- | M] () -- C:\Users\Eric\AppData\Local\Resmon.ResmonCfg
[2012/06/22 19:08:42 | 000,002,310 | ---- | M] () -- C:\Users\Eric\Desktop\RockMelt.lnk
[2012/06/21 12:21:13 | 002,136,567 | ---- | M] () -- C:\Users\Eric\Desktop\GirlsinWhiteDresses9780307700414.epub
[2012/06/14 18:20:18 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\softokn3.chk
[2012/06/14 18:20:17 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\nssdbm3.chk
[2012/06/14 18:20:16 | 000,829,920 | ---- | M] (sqlite.org) -- C:\Program Files (x86)\mozsqlite3.dll
[2012/06/14 18:20:15 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\mozjs.dll
[2012/06/14 18:20:13 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\freebl3.chk
[2012/06/14 18:20:12 | 000,001,704 | ---- | M] () -- C:\Program Files (x86)\precomplete
[2012/06/14 18:20:10 | 007,686,114 | ---- | M] () -- C:\Program Files (x86)\omni.ja
[2012/06/14 18:19:44 | 000,003,803 | ---- | M] () -- C:\Program Files (x86)\crashreporter.ini
[2012/06/14 18:19:44 | 000,000,583 | ---- | M] () -- C:\Program Files (x86)\crashreporter-override.ini
[2012/06/14 18:19:41 | 000,010,326 | ---- | M] () -- C:\Program Files (x86)\blocklist.xml
[2012/06/14 18:19:41 | 000,000,463 | ---- | M] () -- C:\Program Files (x86)\application.ini
[2012/06/14 18:19:41 | 000,000,142 | ---- | M] () -- C:\Program Files (x86)\platform.ini
[2012/06/14 18:19:41 | 000,000,132 | ---- | M] () -- C:\Program Files (x86)\update-settings.ini
[2012/06/14 18:19:40 | 000,001,045 | ---- | M] () -- C:\Program Files (x86)\updater.ini
[2012/06/14 18:19:40 | 000,000,130 | ---- | M] () -- C:\Program Files (x86)\dependentlibs.list
[2012/06/14 16:35:56 | 000,035,524 | ---- | M] () -- C:\Program Files (x86)\removed-files
[2012/06/12 21:33:22 | 000,456,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/08 23:11:54 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/06 01:26:49 | 000,061,649 | ---- | M] () -- C:\Users\Eric\Documents\seafood 2019820337-90723116-tickets.pdf
[2012/06/03 00:40:06 | 000,040,141 | ---- | M] () -- C:\Users\Eric\Documents\MyContacts.csv

========== Files Created - No Company Name ==========

[2012/06/29 22:11:29 | 000,000,512 | ---- | C] () -- C:\Users\Eric\Desktop\MBR.dat
[2012/06/27 23:49:38 | 000,001,188 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/06/27 23:49:37 | 000,001,738 | ---- | C] () -- C:\Windows\SysWow64\EmailAVConfig.xml
[2012/06/24 21:45:17 | 002,042,848 | ---- | C] () -- C:\Program Files (x86)\mozjs.dll
[2012/06/23 20:21:32 | 000,001,024 | ---- | C] () -- C:\Users\Eric\.rnd
[2012/06/23 13:46:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/06/23 00:43:40 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/22 22:17:24 | 000,007,635 | ---- | C] () -- C:\Users\Eric\AppData\Local\Resmon.ResmonCfg
[2012/06/22 22:00:10 | 000,000,132 | ---- | C] () -- C:\Program Files (x86)\update-settings.ini
[2012/06/21 12:21:13 | 002,136,567 | ---- | C] () -- C:\Users\Eric\Desktop\GirlsinWhiteDresses9780307700414.epub
[2012/06/06 01:26:49 | 000,061,649 | ---- | C] () -- C:\Users\Eric\Documents\seafood 2019820337-90723116-tickets.pdf
[2012/06/03 00:31:51 | 000,040,141 | ---- | C] () -- C:\Users\Eric\Documents\MyContacts.csv
[2012/02/04 02:01:47 | 007,686,114 | ---- | C] () -- C:\Program Files (x86)\omni.ja
[2012/01/20 12:59:52 | 000,072,080 | ---- | C] () -- C:\Users\Eric\g2mdlhlpx.exe
[2011/09/16 14:58:20 | 000,035,524 | ---- | C] () -- C:\Program Files (x86)\removed-files
[2011/09/16 14:58:20 | 000,001,704 | ---- | C] () -- C:\Program Files (x86)\precomplete
[2011/09/16 14:58:20 | 000,000,130 | ---- | C] () -- C:\Program Files (x86)\dependentlibs.list
[2010/11/17 19:52:00 | 000,064,083 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf
[2010/08/22 12:33:08 | 000,714,182 | ---- | C] () -- C:\Users\Eric\ELai - Dissertation.pdf
[2010/08/08 11:13:31 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2009/11/09 18:55:33 | 000,001,045 | ---- | C] () -- C:\Program Files (x86)\updater.ini
[2009/11/09 18:55:32 | 000,010,326 | ---- | C] () -- C:\Program Files (x86)\blocklist.xml
[2009/11/09 18:55:32 | 000,003,803 | ---- | C] () -- C:\Program Files (x86)\crashreporter.ini
[2009/11/09 18:55:32 | 000,000,583 | ---- | C] () -- C:\Program Files (x86)\crashreporter-override.ini
[2009/11/09 18:55:32 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\softokn3.chk
[2009/11/09 18:55:32 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\nssdbm3.chk
[2009/11/09 18:55:32 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\freebl3.chk
[2009/11/09 18:55:32 | 000,000,463 | ---- | C] () -- C:\Program Files (x86)\application.ini
[2009/11/09 18:55:32 | 000,000,142 | ---- | C] () -- C:\Program Files (x86)\platform.ini

========== LOP Check ==========

[2012/06/27 06:36:20 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Ad-Aware Antivirus
[2009/12/19 21:30:05 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Amazon
[2012/06/23 09:35:05 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\AVG2012
[2012/06/22 22:08:13 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\BitTorrent
[2009/11/24 21:08:07 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\CoffeeCup Software
[2012/01/30 21:31:20 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\com.prakaz.project.photogettr.FBAB9E68ED32BC183252F597C39DBF71CF315A79.1
[2011/08/07 23:35:10 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Elluminate
[2010/05/02 19:16:45 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Facebook
[2012/06/18 20:36:22 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\FileZilla
[2012/06/13 16:50:34 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\InterVideo
[2009/12/29 00:52:20 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\KompoZer
[2009/11/09 19:33:35 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Lenovo
[2012/06/23 00:59:23 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Ms_dir_
[2009/12/17 21:43:27 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\NCH Swift Sound
[2011/01/11 22:43:19 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Opera
[2009/12/29 01:03:33 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\PixelMetrics
[2010/08/08 11:13:16 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Research In Motion
[2009/11/11 02:43:27 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Scientific Software
[2012/06/23 11:00:48 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Wueq
[2009/12/17 21:29:49 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Xilisoft Corporation
[2012/06/23 12:55:28 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Xudyit
[2012/06/22 21:21:11 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Ysun
[2012/06/08 23:11:54 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/29 23:08:00 | 000,000,872 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-2706443888-185234645-683904636-1004Core.job
[2012/07/01 12:08:01 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-2706443888-185234645-683904636-1004UA.job
[2012/05/13 09:43:20 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/23 10:03:39 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

< End of report >


I just completed these steps a short while ago, but so far the problem hasn't reemerged yet. I will post again it it happens.

Thanks again for your help -- I really appreciate it.
  • 0

#6
Crowbar
Posted 02 July 2012 - 10:19 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi lanidrac,
When you uninstall most anti-virus programs there are pieces left behind that may conflict with another anti-virus product, so I would like you to run the removal tool for each of the AV's you have had on your system. Please run these uninstallers first, before you run the OTL fix below it.
I feel we are almost done, but I would like to sweep for any leftovers after you do these steps.
Emptying your temp folders did reclaim a lot of space on your hard drive, but I don't think it's quite enough. I would like to see you get your c: drive up to around 43GB free space, that's about %15.
Step 1

Step 2
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
[createrestorepoint]
:otl
O4 - HKCU..\Run: [Opera Software] C:\Users\Eric\AppData\Roaming\D4D4C3.exe File not found
[2012/06/26 20:18:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/06/24 21:52:46 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Ad-Aware Antivirus
[2012/06/23 21:31:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/06/23 20:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/06/23 20:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/06/23 13:46:59 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/06/23 13:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/06/23 13:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/06/23 09:35:05 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\AVG2012
[2012/06/23 09:32:52 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/06/23 09:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/06/23 09:31:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/06/27 06:36:20 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Ad-Aware Antivirus
[2012/06/23 09:35:05 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\AVG2012
:commands
[emptytemp]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 3
Posted Image Please run Malwarebytes' Anti-Malware

  • Go to the Update tab and check for updates, please install any updates found.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

In your next reply I would like to see:
  • OTL quick scan
  • MBAM scan
  • Are your browsers still behaving themselves? :)

  • 0

#7
lanidrac
Posted 02 July 2012 - 02:11 PM

lanidrac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi - before I follow the steps, could you re-post the link to the Norton removal tool? (The current link is pointing back to this forum.)

Also, when I open Firefox, I still see the "Malwarebytes detects a malicious process (C:\Program Files (X86)\MOZJS.DLL)" message. Again, I haven't yet done these latest steps, but I just wanted to add that bit of information.

Thanks again!
  • 0

#8
Crowbar
Posted 02 July 2012 - 04:56 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Sorry about the bad link this one here should work

Yes, please follow my last instructions, and I will get back to you soon about the file MalwareBytes is flagging.
  • 0

#9
lanidrac
Posted 03 July 2012 - 08:48 AM

lanidrac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi,
I removed the antivirus programs.

Here are the scan results:

OTL:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Opera Software deleted successfully.
C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\WDBF folder moved successfully.
C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\Staging folder moved successfully.
C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\LKGD folder moved successfully.
C:\Program Files (x86)\Ad-Aware Antivirus\Definitions folder moved successfully.
C:\Program Files (x86)\Ad-Aware Antivirus folder moved successfully.
C:\Users\Eric\AppData\Roaming\Ad-Aware Antivirus\Logs\20120701T162216.727975PID3700 folder moved successfully.
C:\Users\Eric\AppData\Roaming\Ad-Aware Antivirus\Logs\20120701T145523.526382PID1048 folder moved successfully.
C:\Users\Eric\AppData\Roaming\Ad-Aware Antivirus\Logs\20120630T020328.337979PID4288 folder moved successfully.
C:\Users\Eric\AppData\Roaming\Ad-Aware Antivirus\Logs\20120628T232838.527987PID4920 folder moved successfully.
C:\Users\Eric\AppData\Roaming\Ad-Aware Antivirus\Logs\20120628T221752.704144PID3852 folder moved successfully.
C:\Users\Eric\AppData\Roaming\Ad-Aware Antivirus\Logs\20120628T181913.406323PID380 folder moved successfully.
C:\Users\Eric\AppData\Roaming\Ad-Aware Antivirus\Logs\20120627T141959.871117PID4824 folder moved successfully.
C:\Users\Eric\AppData\Roaming\Ad-Aware Antivirus\Logs\20120627T114811.628239PID5848 folder moved successfully.
C:\Users\Eric\AppData\Roaming\Ad-Aware Antivirus\Logs\20120627T002412.555198PID4220 folder moved successfully.
C:\Users\Eric\AppData\Roaming\Ad-Aware Antivirus\Logs\20120627T001722.741498PID3144 folder moved successfully.
C:\Users\Eric\AppData\Roaming\Ad-Aware Antivirus\Logs\20120625T015237.588780PID5312 folder moved successfully.
C:\Users\Eric\AppData\Roaming\Ad-Aware Antivirus\Logs folder moved successfully.
C:\Users\Eric\AppData\Roaming\Ad-Aware Antivirus folder moved successfully.
Folder C:\Program Files (x86)\Common Files\Symantec Shared\ not found.
C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963} folder moved successfully.
C:\ProgramData\Norton\00000082\00000119\0000057b folder moved successfully.
C:\ProgramData\Norton\00000082\00000119 folder moved successfully.
C:\ProgramData\Norton\00000082 folder moved successfully.
C:\ProgramData\Norton folder moved successfully.
C:\ProgramData\NortonInstaller\Settings\Norton AntiVirus\Exported folder moved successfully.
C:\ProgramData\NortonInstaller\Settings\Norton AntiVirus folder moved successfully.
C:\ProgramData\NortonInstaller\Settings folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2012-07-01-12h16m54s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs folder moved successfully.
C:\ProgramData\NortonInstaller folder moved successfully.
File C:\Windows\SysNative\aswBoot.exe not found.
C:\ProgramData\AVAST Software folder moved successfully.
Folder C:\Program Files\AVAST Software\ not found.
C:\Users\Eric\AppData\Roaming\AVG2012\cfgall folder moved successfully.
C:\Users\Eric\AppData\Roaming\AVG2012 folder moved successfully.
C:\$AVG\$VAULT folder moved successfully.
C:\$AVG folder moved successfully.
C:\ProgramData\AVG2012\scanlogs folder moved successfully.
C:\ProgramData\AVG2012\log folder moved successfully.
C:\ProgramData\AVG2012\IDS\quarantine folder moved successfully.
C:\ProgramData\AVG2012\IDS\config folder moved successfully.
C:\ProgramData\AVG2012\IDS folder moved successfully.
C:\ProgramData\AVG2012\cfgall folder moved successfully.
C:\ProgramData\AVG2012\Cfg folder moved successfully.
C:\ProgramData\AVG2012 folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012 folder moved successfully.
C:\Program Files (x86)\AVG folder moved successfully.
Folder C:\Users\Eric\AppData\Roaming\Ad-Aware Antivirus\ not found.
Folder C:\Users\Eric\AppData\Roaming\AVG2012\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Eric
->Temp folder emptied: 21989970 bytes
->Temporary Internet Files folder emptied: 626211 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6825573 bytes
->Google Chrome cache emptied: 125234656 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1468 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22154 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 148.00 mb


OTL by OldTimer - Version 3.2.53.0 log created on 07032012_101716

Files\Folders moved on Reboot...
C:\Users\Eric\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Eric\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...


MBAM:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.03.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Eric :: AIR [administrator]

Protection: Enabled

7/3/2012 10:22:37 AM
mbam-log-2012-07-03 (10-22-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211611
Time elapsed: 4 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Eric\Downloads\setupwavtomp3.exe (PUP.Installer.WH) -> Quarantined and deleted successfully.
C:\Program Files (x86)\mozjs.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

(end)


Unfortunately, now that the mozjs.dll is gone, Firefox cannot start up. My other browsers, however, seem to be acting normally.

Thanks again, and have a great 4th of July.
  • 0

#10
Crowbar
Posted 03 July 2012 - 10:09 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi again,

Let's get that file out of quarantine so that FireFox works, and we can then check to make sure that MBAM is reporting it as a false positive, as I suspect it is.
Step 1
Please open up MalwareBytes, and click on the Quarantine tab
Highlight the MOZJS.DLL listing, and click on the Restore button.
Close MalwareBytes

Step 2
File Scanner
There are some files I need you to upload for checking

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • C:\Program Files (X86)\MOZJS.DLL
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.


happy 4th to you too :cool:
  • 0

Advertisements

#11
lanidrac
Posted 03 July 2012 - 11:41 AM

lanidrac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here are the scan results:


VirSCAN.org Scanned Report :
Scanned time : 2012/07/03 13:31:24 (EDT)
Scanner results: Scanners did not find malware!
File Name : mozjs.dll
File Size : 2042848 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : a013b3ad1626c27fdccbe27f9eac3d7a
SHA1 : 088c34405c640ac6bd9851fcd27d3501f136c229
Online report : http://r.virscan.org...65918b184d14469

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120703110413 2012-07-03 6.20 -
AhnLab V3 ... .. -- 0.16 -
AntiVir 8.2.10.80 7.11.32.106 2012-06-09 0.18 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.42 -
Arcavir 2011 201206041805 2012-06-04 4.27 -
Authentium 5.1.1 201207031206 2012-07-03 1.55 -
AVAST! 4.7.4 120703-0 2012-07-03 0.51 -
AVG 12.0.1787 2433/5108 2012-07-03 0.29 -
BitDefender 7.90123.7.90123 7.90123 2012-07-04 0.16 -
ClamAV 0.97.3 15107 2012-07-03 4.99 -
Comodo 5.1 12817 2012-07-03 2.54 -
CP Secure 1.3.0.5 2012.07.04 2012-07-04 0.55 -
Dr.Web 7.0.2.4281 2012.07.03 2012-07-03 14.54 -
F-Prot 4.6.2.117 20120702 2012-07-02 1.08 -
F-Secure 7.02.73807 2012.07.03.02 2012-07-03 2.68 -
Fortinet 4.3.392 15.785 2012-07-02 0.36 -
GData 22.5485 20120703 2012-07-03 5.37 -
ViRobot 20120702 2012.07.02 2012-07-02 0.40 -
Ikarus T3.1.32.20.0 2012.07.03.81660 2012-07-03 5.59 -
JiangMin 13.0.900 2012.07.03 2012-07-03 2.07 -
Kaspersky 5.5.10 2012.07.01 2012-07-01 0.31 -
KingSoft 2009.2.5.15 2012.7.3.9 2012-07-03 0.88 -
McAfee 5400.1158 6761 2012-07-03 9.85 -
Microsoft 1.8502 2012.07.03 2012-07-03 3.36 -
NOD32 3.0.21 7268 2012-07-03 0.33 -
Panda 9.05.01 2012.07.03 2012-07-03 2.65 -
Trend Micro 9.500-1005 9.232.06 2012-07-03 0.19 -
Quick Heal 11.00 2012.07.02 2012-07-02 1.59 -
Rising 20.0 24.17.01.01 2012-07-03 2.75 -
Sophos 3.32.0 4.78 2012-07-04 4.98 -
Sunbelt 3.9.2540.2 12161 2012-07-02 0.92 -
Symantec 1.3.0.24 20120701.008 2012-07-01 0.61 -
nProtect 20120702.01 11553056 2012-07-02 1.38 -
The Hacker 6.8.0.0 v00048 2012-07-02 0.76 -
VBA32 3.12.18.0 20120702.0619 2012-07-02 4.18 -
VirusBuster 5.5.1.3 15.0.83.0/9044583 2012-07-03 0.21 -
  • 0

#12
Crowbar
Posted 03 July 2012 - 11:42 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Is Firefox working correctly now?
  • 0

#13
lanidrac
Posted 03 July 2012 - 12:02 PM

lanidrac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
It is -- barring the emergence of any further issues, I think this addresses the problem. Thanks so much for all your help!
  • 0

#14
Crowbar
Posted 03 July 2012 - 12:27 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Don't run away quite yet, we have a little bit more to do, but I must get my instructors approval before I post it. :)

Keep an eye out for any issues that might be lingering in the meantime.
  • 0

#15
Crowbar
Posted 04 July 2012 - 11:18 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi lanidrac,
Let's set MalwareBytes to ignore that file so this does not happen again, and continue sweeping for any remnants.
After we make sure you are clean of any malware, I would like to help you install those programs in the proper folders to avoid future problems.

Step 1
  • Open MalwareBytes and go to the Ignore List tab
  • Click on the Add button
  • Navigate to the C:\program files(x86) folder
  • Scroll down until you see the mozjs.dll file, click to select it then click OK
  • You should see mozjs.dll in the Ignore list, if so you can click Exit

Step 2
Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

In your next reply I would like to see:
  • ESET log

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP