Over the weekend, my laptop started having an issue where Firefox and Internet Explorer randomly started opening up with tabs to various websites (like "balivillanews.info" and "fmkex20.in"). The problem was particularly bad at first, and then I installed and ran full scans with a series of applications: Malwarebytes, AVG, Avast, Norton Antivirus, and Ad-Aware (in that order; I've since uninstalled AVG and Avast, and the rest of them are still on my laptop). Each scan found and deleted items; for example, Malwarebytes found the following:
Memory Processes Detected: 1
C:\Users\Eric\AppData\Roaming\Ms_dir_\msvcrt.exe (Backdoor.Agent) -> 4088 -> Delete on reboot.
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|msvcrt_ (Backdoor.Agent) -> Data: C:\Users\Eric\AppData\Roaming\Ms_dir_\msvcrt.exe -> Quarantined and deleted successfully.
Files Detected: 5
C:\Users\Eric\AppData\Local\Temp\is1598539481\14082338_Setup.DAT (PUP.Installer.WH) -> No action taken.
C:\Users\Eric\Downloads\setupwavtomp3.exe (PUP.Installer.WH) -> No action taken.
C:\Users\Eric\AppData\Local\Temp\ms0cfg32.exe (Exploit.Drop.GS) -> Quarantined and deleted successfully.
C:\Program Files (x86)\mozjs.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Users\Eric\AppData\Roaming\Ms_dir_\msvcrt.exe (Backdoor.Agent) -> Delete on reboot.
2nd scan: Files Detected: 3
C:\Users\Eric\AppData\Local\Temp\is1598539481\14082338_Setup.DAT (PUP.Installer.WH) -> No action taken.
C:\Users\Eric\Downloads\setupwavtomp3.exe (PUP.Installer.WH) -> No action taken.
C:\Program Files (x86)\CPUCooL\instser.exe (Adware.Agent) -> Quarantined and deleted successfully.
3rd scan: Files Detected: 2
C:\Users\Eric\Downloads\setupwavtomp3.exe (PUP.Installer.WH) -> No action taken.
C:\Users\Eric\AppData\Local\Temp\is1598539481\14082338_Setup.DAT (PUP.Installer.WH) -> Quarantined and deleted successfully.
After running scans with these various programs, the problem is not as severe (for example, Internet Explorer is no longer randomly opening), but still once or twice a day Firefox will try to open on its own (the difference is that now, whenever this happens, Malwarebytes detects a malicious process (C:\Program Files (X86)\MOZJS.DLL and blocks it).
I ran OTL; the log is below. Thanks in advance for your help with this issue -- I appreciate it.
OTL logfile created on: 6/27/2012 6:34:06 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Eric\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.90 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 38.12% Memory free
7.80 Gb Paging File | 5.53 Gb Available in Paging File | 70.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.15 Gb Total Space | 9.12 Gb Free Space | 3.18% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 1.91 Gb Free Space | 19.58% Space Free | Partition Type: NTFS
Computer Name: AIR | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/06/27 18:32:33 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
PRC - [2012/06/14 18:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\firefox.exe
PRC - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/05/03 18:37:50 | 020,221,792 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccsvchst.exe
PRC - [2012/02/18 08:59:28 | 000,282,648 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/10/21 05:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/17 21:59:04 | 000,421,160 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2010/01/03 14:28:18 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\CPUCooL\CooLSRV.exe
PRC - [2009/09/09 22:37:10 | 000,132,464 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/09/08 21:10:24 | 000,242,976 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2009/09/08 21:10:22 | 000,124,192 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2009/09/08 20:59:10 | 000,397,312 | ---- | M] (TODO: <Company name>) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2009/09/08 20:59:08 | 000,335,872 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2009/09/04 18:58:06 | 000,015,872 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2009/08/28 18:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/08/26 19:32:16 | 000,816,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\Client Security Solution\password_manager.exe
PRC - [2009/08/19 20:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/08/03 23:00:14 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/08/03 23:00:00 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\AMT\LMS.exe
PRC - [2009/07/14 21:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/05/28 02:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/03/13 04:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/02/02 05:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/09/21 16:45:36 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe
PRC - [2007/04/02 18:21:54 | 000,131,072 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files (x86)\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
PRC - [2007/01/04 23:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/06/29 22:57:50 | 000,032,768 | ---- | M] () -- C:\Windows\SysWOW64\TpKmpSvc.exe
========== Modules (No Company Name) ==========
MOD - [2012/06/07 04:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 04:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 04:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012/06/07 04:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012/06/07 04:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 04:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 04:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/06/07 03:23:19 | 009,252,040 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
MOD - [2010/01/03 17:46:18 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2009/10/23 18:01:58 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/05/28 02:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
MOD - [2007/09/21 16:45:36 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe
MOD - [2006/06/29 22:57:48 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\ThinkPad\Utilities\TpKmapHk.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/09/01 03:36:04 | 002,498,296 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\SysNative\AtService.exe -- (ATService)
SRV:64bit: - [2009/09/01 03:36:02 | 000,117,760 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DTS.exe -- (dtsvc)
SRV:64bit: - [2009/09/01 03:35:58 | 000,130,048 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\ADMonitor.exe -- (ADMonitor)
SRV:64bit: - [2009/08/24 00:00:14 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/08/18 08:05:18 | 000,045,856 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009/07/14 21:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/03 05:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2009/07/01 22:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/06/29 17:51:04 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV - [2012/06/14 18:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe -- (NAV)
SRV - [2012/01/13 12:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/03 14:28:18 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CPUCooL\CooLSRV.exe -- (CPUCooLServer)
SRV - [2009/09/08 21:10:24 | 000,242,976 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2009/09/08 21:10:22 | 000,124,192 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/09/04 18:58:06 | 000,015,872 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/08/28 18:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/08/23 14:04:00 | 000,075,040 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/08/05 01:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/08/03 23:00:14 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/08/03 23:00:00 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/28 22:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/04/02 18:21:54 | 000,131,072 | ---- | M] (Sprint Spectrum, L.L.C) [Auto | Running] -- C:\Program Files (x86)\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe -- (SPCSUtilityService)
SRV - [2007/01/04 23:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/06/29 22:57:50 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\TpKmpSvc.exe -- (TpKmpSVC)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/06/23 20:58:38 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/29 02:28:38 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/03/29 02:28:30 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/03/29 02:06:25 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/29 02:03:27 | 000,737,912 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/03/29 02:03:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/19 12:44:24 | 000,256,632 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/12/19 12:44:24 | 000,084,600 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/11/29 18:44:29 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\ccsetx64.sys -- (ccSet_NAV)
DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2011/08/15 18:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symds64.sys -- (SymDS)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/11/20 06:39:08 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{184E4FA0-DE8C26D4-06000000}_0)
DRV:64bit: - [2009/11/20 06:39:08 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06000000}_0)
DRV:64bit: - [2009/11/08 12:51:14 | 000,012,216 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ntiopnp.sys -- (ntiopnp)
DRV:64bit: - [2009/11/02 20:38:59 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009/09/22 21:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/22 21:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/22 21:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/22 21:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/09/01 05:44:16 | 000,551,936 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009/08/24 00:33:30 | 006,104,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/24 00:33:30 | 006,104,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2009/08/23 23:10:06 | 000,135,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/08/23 22:55:06 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2009/08/23 22:55:06 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/23 14:04:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2009/08/18 08:04:56 | 000,030,760 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2009/08/06 16:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/22 01:57:58 | 000,647,168 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/14 02:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/09 07:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/02 14:16:10 | 000,041,536 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2009/06/30 23:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/06/30 23:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/06/30 23:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/30 00:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/06/30 00:01:16 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/06/29 23:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/06/29 17:51:02 | 000,133,672 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2009/06/29 17:51:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009/06/25 04:04:00 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 03:38:00 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 03:13:00 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/22 23:50:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 19:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/04/28 22:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/04/07 02:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/05/12 05:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2007/02/22 17:27:56 | 000,086,528 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)
DRV:64bit: - [2007/01/12 14:32:54 | 000,115,712 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV:64bit: - [2006/06/18 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2012/06/27 15:43:56 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20120627.006\ex64.sys -- (NAVEX15)
DRV - [2012/06/27 15:43:56 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20120627.006\eng64.sys -- (NAVENG)
DRV - [2012/06/23 21:25:15 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/06/23 21:25:15 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/06/22 15:43:50 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20120626.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/06/19 00:03:24 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20120619.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9D6E94CC-75DA-4366-BCF8-97074E9C8FBF}
IE:64bit: - HKLM\..\SearchScopes\{9D6E94CC-75DA-4366-BCF8-97074E9C8FBF}: "URL" = http://www.bing.com/...c=IE-SearchBox;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {47BAA963-C290-4C24-965E-86F524CDD162}
IE - HKLM\..\SearchScopes\{47BAA963-C290-4C24-965E-86F524CDD162}: "URL" = http://www.bing.com/...c=IE-SearchBox;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://exchange.ucsf.edu/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.nih.gov/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {47BAA963-C290-4C24-965E-86F524CDD162}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-06-23 09:34:40&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files (x86)\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Eric\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Eric\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Eric\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/02/23 03:01:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\IPSFFPlgn\ [2012/06/23 20:58:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\components [2012/06/26 20:18:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\plugins [2011/09/16 14:58:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension [2011/08/10 22:42:07 | 000,000,000 | ---D | M]
[2009/11/09 18:55:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions
[2012/06/26 20:18:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zhno9yns.default\extensions
[2012/05/05 14:58:51 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zhno9yns.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2012/06/26 20:18:15 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zhno9yns.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/04/02 00:38:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zhno9yns.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/06/26 20:18:16 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zhno9yns.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java Platform SE 6 U16 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Eric\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RockMelt Update (Enabled) = C:\Users\Eric\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Eric\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Move Media Player 7 (Enabled) = C:\Users\Eric\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: SiteAdvisor = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Skype Click to Call = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Poppit = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Lenovo ThinkVantage Toolbox) - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Program Files\PC-Doctor\ATLPcdToolbar544928.dll (PC-Doctor, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcWin7Hlpr.exe ()
O4:64bit: - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [picon] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files (x86)\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [googletalk] C:\Users\Eric\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Opera Software] C:\Users\Eric\AppData\Roaming\D4D4C3.exe File not found
O4 - HKCU..\Run: [RockMelt Update] C:\Users\Eric\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)
O4 - HKCU..\Run: [TPKMAPMN] C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe ()
F3:64bit: - HKCU WinNT: Load - (C:\Users\Eric\LOCALS~1\Temp\msrrahayj.exe) - File not found
F3 - HKCU WinNT: Load - (C:\Users\Eric\LOCALS~1\Temp\msrrahayj.exe) - File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E585A49-9236-40CA-83C9-70C4354E4AED}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\ATFUS: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 12:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{2219dd84-c80d-11de-bdf7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2219dd84-c80d-11de-bdf7-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 17:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/06/27 18:32:36 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2012/06/26 20:19:20 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\adaware
[2012/06/26 20:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/06/26 20:19:06 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012/06/26 20:18:54 | 000,256,632 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFw.sys
[2012/06/26 20:18:54 | 000,119,416 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFwIm.sys
[2012/06/26 20:18:53 | 000,057,976 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbredrv.sys
[2012/06/26 20:18:53 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012/06/26 20:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/06/26 20:18:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/06/26 20:18:28 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\adawarebp
[2012/06/26 20:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/06/26 20:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2012/06/26 20:18:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012/06/24 22:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dictionaries
[2012/06/24 22:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\defaults
[2012/06/24 21:52:46 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Ad-Aware Antivirus
[2012/06/24 01:16:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/24 01:16:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/24 01:14:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/23 21:37:43 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\CrashDumps
[2012/06/23 21:31:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/06/23 21:22:26 | 001,092,728 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symefa64.sys
[2012/06/23 21:22:26 | 000,737,912 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtsp64.sys
[2012/06/23 21:22:26 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symds64.sys
[2012/06/23 21:22:26 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symnets.sys
[2012/06/23 21:22:26 | 000,037,496 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtspx64.sys
[2012/06/23 21:22:25 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\ironx64.sys
[2012/06/23 21:22:25 | 000,167,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\ccsetx64.sys
[2012/06/23 21:21:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1307010.005
[2012/06/23 20:58:38 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/06/23 20:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/06/23 20:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/06/23 20:56:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64
[2012/06/23 20:56:30 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2012/06/23 20:56:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus
[2012/06/23 20:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/06/23 20:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/06/23 20:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/06/23 13:46:59 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/06/23 13:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/06/23 13:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/06/23 09:35:05 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\AVG2012
[2012/06/23 09:34:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/23 09:32:52 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/06/23 09:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/06/23 09:31:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/06/23 09:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/06/23 00:43:48 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Malwarebytes
[2012/06/23 00:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/23 00:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/23 00:43:32 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/23 00:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/22 22:00:09 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcr100.dll
[2012/06/22 22:00:09 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcp100.dll
[2012/06/22 22:00:08 | 000,157,608 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\maintenanceservice_installer.exe
[2012/06/22 22:00:08 | 000,113,120 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\maintenanceservice.exe
[2012/06/22 22:00:08 | 000,043,488 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozglue.dll
[2012/06/22 22:00:07 | 000,624,608 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\gkmedias.dll
[2012/06/22 22:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jssubloader
[2012/06/22 21:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/06/22 21:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/22 21:21:19 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Ms_dir_
[2012/06/22 21:21:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Ysun
[2012/06/22 21:21:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Xudyit
[2012/06/22 21:21:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Wueq
[2012/06/13 16:50:34 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\InterVideo
[2012/06/13 16:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\InterVideo
[2011/09/16 14:58:20 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\D3DCompiler_43.dll
[2011/09/16 14:58:20 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\d3dx9_43.dll
[2011/09/16 14:58:20 | 000,829,920 | ---- | C] (sqlite.org) -- C:\Program Files (x86)\mozsqlite3.dll
[2011/09/16 14:58:20 | 000,418,784 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libGLESv2.dll
[2011/09/16 14:58:20 | 000,079,840 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libEGL.dll
[2011/09/16 14:58:20 | 000,016,864 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\plugin-container.exe
[2011/09/16 14:58:20 | 000,016,352 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozalloc.dll
[2010/11/17 21:59:08 | 000,425,768 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesPhotoProcessor.exe
[2010/11/17 21:59:08 | 000,216,864 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesPhotoProcessor.dll
[2010/11/17 21:59:06 | 000,294,688 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll
[2010/11/17 21:59:04 | 000,421,160 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
[2010/11/17 21:59:04 | 000,387,368 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll
[2010/11/17 21:59:04 | 000,173,856 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.dll
[2010/11/17 21:59:00 | 009,777,448 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
[2010/11/17 21:58:56 | 018,906,912 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.dll
[2010/11/17 21:58:56 | 000,754,976 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_sdkmanager.dll
[2010/11/17 21:58:56 | 000,267,552 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_submit.dll
[2010/11/17 21:58:56 | 000,111,912 | ---- | C] (Apple Inc.) -- C:\Program Files\ITDetector.ocx
[2010/11/17 21:58:54 | 002,733,344 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_dsp.dll
[2010/11/17 21:58:54 | 000,197,920 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_musicid.dll
[2009/11/09 18:55:32 | 015,757,792 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xul.dll
[2009/11/09 18:55:32 | 000,913,888 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\firefox.exe
[2009/11/09 18:55:32 | 000,637,920 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nss3.dll
[2009/11/09 18:55:32 | 000,358,368 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssckbi.dll
[2009/11/09 18:55:32 | 000,265,184 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\updater.exe
[2009/11/09 18:55:32 | 000,258,528 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\freebl3.dll
[2009/11/09 18:55:32 | 000,170,464 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nspr4.dll
[2009/11/09 18:55:32 | 000,155,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\softokn3.dll
[2009/11/09 18:55:32 | 000,145,376 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\ssl3.dll
[2009/11/09 18:55:32 | 000,117,728 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\crashreporter.exe
[2009/11/09 18:55:32 | 000,095,712 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssdbm3.dll
[2009/11/09 18:55:32 | 000,092,640 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssutil3.dll
[2009/11/09 18:55:32 | 000,091,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\smime3.dll
[2009/11/09 18:55:32 | 000,021,472 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plc4.dll
[2009/11/09 18:55:32 | 000,020,960 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plds4.dll
[2009/11/09 18:55:32 | 000,019,424 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xpcom.dll
[2009/11/09 18:55:32 | 000,018,912 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\AccessibleMarshal.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/06/27 18:32:33 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2012/06/27 18:13:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2706443888-185234645-683904636-1004UA.job
[2012/06/27 18:08:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-2706443888-185234645-683904636-1004UA.job
[2012/06/27 10:27:19 | 000,017,408 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/27 10:27:19 | 000,017,408 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/27 10:20:13 | 000,001,024 | ---- | M] () -- C:\Users\Eric\.rnd
[2012/06/27 10:20:06 | 000,674,860 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/27 10:20:06 | 000,125,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/27 10:20:05 | 000,795,628 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/27 10:11:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/27 10:11:39 | 3139,457,024 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/26 23:08:05 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-2706443888-185234645-683904636-1004Core.job
[2012/06/26 20:24:56 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SBRC.dat
[2012/06/26 20:18:59 | 002,272,561 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\Cat.DB
[2012/06/26 20:13:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2706443888-185234645-683904636-1004Core.job
[2012/06/24 22:07:29 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/23 21:28:16 | 000,002,359 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2012/06/23 21:23:31 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\VT20120410.034
[2012/06/23 20:58:38 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/06/23 20:58:38 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/06/23 20:58:38 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/06/23 13:46:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/06/23 10:03:39 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/06/23 00:43:40 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/22 22:17:24 | 000,007,635 | ---- | M] () -- C:\Users\Eric\AppData\Local\Resmon.ResmonCfg
[2012/06/22 19:08:42 | 000,002,310 | ---- | M] () -- C:\Users\Eric\Desktop\RockMelt.lnk
[2012/06/21 12:21:13 | 002,136,567 | ---- | M] () -- C:\Users\Eric\Desktop\GirlsinWhiteDresses9780307700414.epub
[2012/06/14 18:20:18 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\softokn3.chk
[2012/06/14 18:20:17 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\nssdbm3.chk
[2012/06/14 18:20:16 | 000,829,920 | ---- | M] (sqlite.org) -- C:\Program Files (x86)\mozsqlite3.dll
[2012/06/14 18:20:15 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\mozjs.dll
[2012/06/14 18:20:13 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\freebl3.chk
[2012/06/14 18:20:12 | 000,001,704 | ---- | M] () -- C:\Program Files (x86)\precomplete
[2012/06/14 18:20:10 | 007,686,114 | ---- | M] () -- C:\Program Files (x86)\omni.ja
[2012/06/14 18:19:44 | 000,003,803 | ---- | M] () -- C:\Program Files (x86)\crashreporter.ini
[2012/06/14 18:19:44 | 000,000,583 | ---- | M] () -- C:\Program Files (x86)\crashreporter-override.ini
[2012/06/14 18:19:41 | 000,010,326 | ---- | M] () -- C:\Program Files (x86)\blocklist.xml
[2012/06/14 18:19:41 | 000,000,463 | ---- | M] () -- C:\Program Files (x86)\application.ini
[2012/06/14 18:19:41 | 000,000,142 | ---- | M] () -- C:\Program Files (x86)\platform.ini
[2012/06/14 18:19:41 | 000,000,132 | ---- | M] () -- C:\Program Files (x86)\update-settings.ini
[2012/06/14 18:19:40 | 000,001,045 | ---- | M] () -- C:\Program Files (x86)\updater.ini
[2012/06/14 18:19:40 | 000,000,130 | ---- | M] () -- C:\Program Files (x86)\dependentlibs.list
[2012/06/14 16:35:56 | 000,035,524 | ---- | M] () -- C:\Program Files (x86)\removed-files
[2012/06/12 21:33:22 | 000,456,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/08 23:11:54 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/06 01:26:49 | 000,061,649 | ---- | M] () -- C:\Users\Eric\Documents\seafood 2019820337-90723116-tickets.pdf
[2012/06/03 00:40:06 | 000,040,141 | ---- | M] () -- C:\Users\Eric\Documents\MyContacts.csv
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/06/26 20:24:56 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SBRC.dat
[2012/06/24 21:45:17 | 002,042,848 | ---- | C] () -- C:\Program Files (x86)\mozjs.dll
[2012/06/23 21:27:11 | 002,272,561 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\Cat.DB
[2012/06/23 21:25:43 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\VT20120410.034
[2012/06/23 21:22:26 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symds64.cat
[2012/06/23 21:22:26 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtspx64.cat
[2012/06/23 21:22:26 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symefa64.cat
[2012/06/23 21:22:26 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symnet64.cat
[2012/06/23 21:22:26 | 000,003,434 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symefa.inf
[2012/06/23 21:22:26 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symds.inf
[2012/06/23 21:22:26 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symnet.inf
[2012/06/23 21:22:26 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtsp64.inf
[2012/06/23 21:22:26 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtspx64.inf
[2012/06/23 21:22:25 | 000,007,468 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\ccsetx64.cat
[2012/06/23 21:22:25 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtsp64.cat
[2012/06/23 21:22:25 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\iron.cat
[2012/06/23 21:22:25 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\ccsetx64.inf
[2012/06/23 21:22:25 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\iron.inf
[2012/06/23 21:21:32 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\isolate.ini
[2012/06/23 20:58:38 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/06/23 20:58:38 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/06/23 20:58:31 | 000,002,359 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2012/06/23 20:21:32 | 000,001,024 | ---- | C] () -- C:\Users\Eric\.rnd
[2012/06/23 13:46:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/06/23 00:43:40 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/22 22:17:24 | 000,007,635 | ---- | C] () -- C:\Users\Eric\AppData\Local\Resmon.ResmonCfg
[2012/06/22 22:00:10 | 000,000,132 | ---- | C] () -- C:\Program Files (x86)\update-settings.ini
[2012/06/21 12:21:13 | 002,136,567 | ---- | C] () -- C:\Users\Eric\Desktop\GirlsinWhiteDresses9780307700414.epub
[2012/06/06 01:26:49 | 000,061,649 | ---- | C] () -- C:\Users\Eric\Documents\seafood 2019820337-90723116-tickets.pdf
[2012/06/03 00:31:51 | 000,040,141 | ---- | C] () -- C:\Users\Eric\Documents\MyContacts.csv
[2012/02/04 02:01:47 | 007,686,114 | ---- | C] () -- C:\Program Files (x86)\omni.ja
[2012/01/20 12:59:52 | 000,072,080 | ---- | C] () -- C:\Users\Eric\g2mdlhlpx.exe
[2011/09/16 14:58:20 | 000,035,524 | ---- | C] () -- C:\Program Files (x86)\removed-files
[2011/09/16 14:58:20 | 000,001,704 | ---- | C] () -- C:\Program Files (x86)\precomplete
[2011/09/16 14:58:20 | 000,000,130 | ---- | C] () -- C:\Program Files (x86)\dependentlibs.list
[2010/11/17 19:52:00 | 000,064,083 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf
[2010/08/22 12:33:08 | 000,714,182 | ---- | C] () -- C:\Users\Eric\ELai - Dissertation.pdf
[2010/08/08 11:13:31 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2009/11/09 18:55:33 | 000,001,045 | ---- | C] () -- C:\Program Files (x86)\updater.ini
[2009/11/09 18:55:32 | 000,010,326 | ---- | C] () -- C:\Program Files (x86)\blocklist.xml
[2009/11/09 18:55:32 | 000,003,803 | ---- | C] () -- C:\Program Files (x86)\crashreporter.ini
[2009/11/09 18:55:32 | 000,000,583 | ---- | C] () -- C:\Program Files (x86)\crashreporter-override.ini
[2009/11/09 18:55:32 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\softokn3.chk
[2009/11/09 18:55:32 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\nssdbm3.chk
[2009/11/09 18:55:32 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\freebl3.chk
[2009/11/09 18:55:32 | 000,000,463 | ---- | C] () -- C:\Program Files (x86)\application.ini
[2009/11/09 18:55:32 | 000,000,142 | ---- | C] () -- C:\Program Files (x86)\platform.ini
========== LOP Check ==========
[2012/06/27 06:36:20 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Ad-Aware Antivirus
[2009/12/19 21:30:05 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Amazon
[2012/06/23 09:35:05 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\AVG2012
[2012/06/22 22:08:13 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\BitTorrent
[2009/11/24 21:08:07 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\CoffeeCup Software
[2012/01/30 21:31:20 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\com.prakaz.project.photogettr.FBAB9E68ED32BC183252F597C39DBF71CF315A79.1
[2011/08/07 23:35:10 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Elluminate
[2010/05/02 19:16:45 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Facebook
[2012/06/18 20:36:22 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\FileZilla
[2012/06/13 16:50:34 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\InterVideo
[2009/12/29 00:52:20 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\KompoZer
[2009/11/09 19:33:35 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Lenovo
[2012/06/23 00:59:23 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Ms_dir_
[2009/12/17 21:43:27 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\NCH Swift Sound
[2011/01/11 22:43:19 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Opera
[2009/12/29 01:03:33 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\PixelMetrics
[2010/08/08 11:13:16 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Research In Motion
[2009/11/11 02:43:27 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Scientific Software
[2012/06/23 11:00:48 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Wueq
[2009/12/17 21:29:49 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Xilisoft Corporation
[2012/06/23 12:55:28 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Xudyit
[2012/06/22 21:21:11 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Ysun
[2012/06/08 23:11:54 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/26 23:08:05 | 000,000,872 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-2706443888-185234645-683904636-1004Core.job
[2012/06/27 18:08:01 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-2706443888-185234645-683904636-1004UA.job
[2012/05/13 09:43:20 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/23 10:03:39 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
========== Purity Check ==========
< End of report >