Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

does this comp have a hidden virus? [Solved]


  • This topic is locked This topic is locked

#1
greghoffman

greghoffman

    Member

  • Member
  • PipPipPip
  • 439 posts
i got to the mom-n-laws home saturday and as i usually do, proceded to use cc cleaner and mbam to clean up her machine. when i was finished, i used tfc to finish the project. the comp would not shutdown afterwards , so after 20 minutes i removed the battery and now it is extremely slow and i'm afraid to turn it off again. i didn't see anything out of the ordinary and mbam said there were no problems....now what? i.ll post an otl log below.

OTL logfile created on: 7/1/2012 6:45:17 AM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Florence\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 60.48% Memory free
7.49 Gb Paging File | 5.75 Gb Available in Paging File | 76.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.66 Gb Total Space | 358.21 Gb Free Space | 79.14% Space Free | Partition Type: NTFS

Computer Name: FLORENCE-PC | User Name: Florence | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/01 06:45:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Florence\Desktop\OTL.exe
PRC - [2012/06/27 02:25:06 | 001,326,176 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2012/06/27 02:25:04 | 000,572,000 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012/06/08 21:50:58 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/11/23 03:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/04/08 10:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/25 18:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/28 15:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/06 17:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/03/15 12:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/23 20:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/29 21:58:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/27 02:25:06 | 001,326,176 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/06/27 02:25:04 | 000,681,056 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/23 03:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/08 10:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/16 09:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2011/10/07 07:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 07:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 07:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 02:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 02:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 02:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 02:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/05/23 02:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/28 14:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/03/15 13:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/15 12:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/01/12 17:37:34 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/07 12:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/02 18:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/10/07 21:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 21:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/31 00:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 12:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2007/04/17 14:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {062737E8-996E-4106-A939-6E6928887DD3}
IE:64bit: - HKLM\..\SearchScopes\{062737E8-996E-4106-A939-6E6928887DD3}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{297954DA-3974-47D9-8DDE-0C3F645F6E79}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2989652

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...tb_id&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=14
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {3088cde2-869e-40d4-9312-27ce8085fe3e} - No CLSID value found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {9427041a-a8dc-4d06-9a68-93873486e957} - No CLSID value found
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKCU\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {62A2D55E-AA61-4480-B887-EB9FB2491CAC}
IE - HKCU\..\SearchScopes\{297954DA-3974-47D9-8DDE-0C3F645F6E79}: "URL" = http://www.google.co...&rlz=1I7TSNF_en
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{62A2D55E-AA61-4480-B887-EB9FB2491CAC}: "URL" = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKCU\..\SearchScopes\{7AC60EC8-7D6D-469F-993B-B30ADBDDE2D0}: "URL" = http://search.condui...&ctid=CT1320680
IE - HKCU\..\SearchScopes\{A15AC672-3693-4ABE-9BB8-E70B4035B409}: "URL" = http://websearch.ask...BD-5875C760EC9F
IE - HKCU\..\SearchScopes\{A7AD31FF-7048-4D98-9A51-F7726EC630A6}: "URL" = http://search.avg.co...{language}&nt=1
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox...id=80314&lng=en
IE - HKCU\..\SearchScopes\{C5559D06-8A5A-4BB4-8A29-22DC11AE3DC2}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@ei.Retrogamer_2z.com/Plugin: C:\Program Files (x86)\Retrogamer_2zEI\Installr\4.bin\NP2zEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MindDabble_4p.com/Plugin: C:\Program Files (x86)\MindDabble_4p\bar\1.bin\NP4pStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/01/31 14:42:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_4p.com: C:\Program Files (x86)\MindDabble_4p\bar\1.bin [2011/12/26 09:07:34 | 000,000,000 | ---D | M]

[2011/04/22 10:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florence\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========


O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {30ea28da-b2b8-4555-a80e-310d546d5f3d} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3088CDE2-869E-40D4-9312-27CE8085FE3E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9427041A-A8DC-4D06-9A68-93873486E957} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F92A9FE4-2850-4198-B9D5-279880E49B16} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.142.225.3 167.142.225.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{032D9B64-069D-45E5-B22D-2E9554D0BC7F}: DhcpNameServer = 167.142.225.3 167.142.225.5
O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/01 06:45:06 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Florence\Desktop\OTL.exe
[2012/06/30 17:04:16 | 000,000,000 | ---D | C] -- C:\Users\Florence\Desktop\Other Games
[2012/06/30 17:03:42 | 000,000,000 | ---D | C] -- C:\Users\Florence\Desktop\Mahjong Games
[2012/06/30 17:02:51 | 000,000,000 | ---D | C] -- C:\Users\Florence\Desktop\Slot Games
[2012/06/30 11:30:27 | 000,000,000 | ---D | C] -- C:\Users\Florence\Desktop\TOOLS
[2012/06/30 10:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/06/30 10:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/30 10:50:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/06/30 10:42:33 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Local\Secunia PSI
[2012/06/30 10:42:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia

========== Files - Modified Within 30 Days ==========

[2012/07/01 06:45:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Florence\Desktop\OTL.exe
[2012/07/01 06:39:01 | 000,016,304 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 06:39:01 | 000,016,304 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 06:34:13 | 000,000,420 | ---- | M] () -- C:\windows\tasks\EasyShare Registration RunOnce Task.job
[2012/07/01 06:34:01 | 000,000,330 | ---- | M] () -- C:\windows\tasks\GlaryInitialize.job
[2012/07/01 06:33:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/01 06:33:47 | 3016,503,296 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/01 06:01:54 | 100,891,471 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/06/30 20:57:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/06/30 17:53:15 | 000,000,173 | ---- | M] () -- C:\Users\Florence\Desktop\Yahoo!.url
[2012/06/30 17:50:45 | 000,000,193 | ---- | M] () -- C:\Users\Florence\Desktop\Welcome to Facebook - Log In, Sign Up or Learn More.url
[2012/06/30 17:06:14 | 000,000,172 | ---- | M] () -- C:\Users\Florence\Desktop\Storm Prediction Center.url
[2012/06/30 15:53:56 | 000,053,169 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2012/06/30 10:42:26 | 000,001,073 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/06/14 03:31:14 | 000,275,352 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/06/14 03:12:03 | 000,740,494 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/06/14 03:12:03 | 000,624,254 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/06/14 03:12:03 | 000,106,598 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2012/06/30 17:53:15 | 000,000,173 | ---- | C] () -- C:\Users\Florence\Desktop\Yahoo!.url
[2012/06/30 17:50:45 | 000,000,193 | ---- | C] () -- C:\Users\Florence\Desktop\Welcome to Facebook - Log In, Sign Up or Learn More.url
[2012/06/30 17:06:14 | 000,000,172 | ---- | C] () -- C:\Users\Florence\Desktop\Storm Prediction Center.url
[2012/06/30 10:42:26 | 000,001,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/06/30 10:42:26 | 000,001,036 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012/03/30 22:18:35 | 000,726,316 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/01/25 14:45:39 | 000,003,584 | ---- | C] () -- C:\Users\Florence\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/25 09:35:29 | 000,000,064 | ---- | C] () -- C:\windows\GPlrLanc.dat
[2011/08/22 16:41:55 | 000,765,952 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2011/08/22 16:41:55 | 000,180,224 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2011/06/18 13:38:37 | 000,000,405 | ---- | C] () -- C:\Users\Florence\AppData\Local\Big Bang Tic-Tac-Toe
[2011/03/19 20:24:38 | 000,000,024 | ---- | C] () -- C:\windows\popcinfo.dat
[2011/03/19 19:42:59 | 000,000,215 | ---- | C] () -- C:\windows\SIERRA.INI
[2011/03/19 19:37:27 | 000,000,220 | ---- | C] () -- C:\windows\WSOPDELX.INI
[2011/03/16 18:28:41 | 000,000,952 | --S- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/02/22 01:51:37 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2011/02/22 01:46:59 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/02/22 01:44:41 | 000,001,105 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011/12/03 20:13:06 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Auslogics
[2011/04/30 14:16:24 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\AVG
[2011/12/26 00:27:40 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\AVG2012
[2011/03/16 18:07:56 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Book Place
[2011/03/18 22:54:59 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\EA
[2012/05/05 20:58:54 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\funkitron
[2012/06/08 21:42:48 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\GlarySoft
[2011/10/05 18:34:17 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Hoyle
[2011/10/05 16:38:32 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Hoyle Blackjack
[2011/10/05 09:35:42 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Hoyle Card Games
[2011/04/13 18:12:17 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Hoyle FaceCreator
[2012/06/12 10:23:02 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Hoyle Puzzle and Board Games
[2011/03/19 20:30:41 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\iWin
[2011/05/13 20:55:19 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Masque
[2011/10/07 19:49:57 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\PlayFirst
[2011/12/04 23:04:57 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Skinux
[2011/03/15 22:01:52 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Tific
[2011/03/16 17:59:47 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Toshiba
[2011/03/15 19:03:37 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\WinBatch
[2011/07/27 10:22:12 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Windows Live Writer
[2012/07/01 06:34:13 | 000,000,420 | ---- | M] () -- C:\windows\Tasks\EasyShare Registration RunOnce Task.job
[2012/07/01 06:34:01 | 000,000,330 | ---- | M] () -- C:\windows\Tasks\GlaryInitialize.job
[2009/07/14 00:08:49 | 000,026,474 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:8AA8199A

< End of report >

Edited by greghoffman, 01 July 2012 - 05:52 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi not a great deal showing there, does the laptop function normally when it is plugged in to the mains ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    IE - HKLM\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebs...r={searchTerms}
    IE - HKCU\..\URLSearchHook: - No CLSID value found
    IE - HKCU\..\URLSearchHook: {3088cde2-869e-40d4-9312-27ce8085fe3e} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {9427041a-a8dc-4d06-9a68-93873486e957} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {62A2D55E-AA61-4480-B887-EB9FB2491CAC}
    IE - HKCU\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebs...r={searchTerms}
    FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\1.bin
    O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {30ea28da-b2b8-4555-a80e-310d546d5f3d} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3088CDE2-869E-40D4-9312-27CE8085FE3E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9427041A-A8DC-4D06-9A68-93873486E957} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F92A9FE4-2850-4198-B9D5-279880E49B16} - No CLSID value found.

    :Files
    C:\Program Files (x86)\MyWebSearch

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#3
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
it is slow, has issues with the ask toolbar that i can never seem to get rid of...i just recently took it home from her...we had to put her in a nursing home...she's not doing well...non the less...she still clicks on everything that flashes so something might be in the system from over 30 days ago
  • 0

#4
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
i actually scanned for 120 days....here is the report...thank you.

OTL logfile created on: 7/6/2012 7:03:36 PM - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Florence\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 60.01% Memory free
7.49 Gb Paging File | 5.76 Gb Available in Paging File | 76.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.66 Gb Total Space | 358.49 Gb Free Space | 79.20% Space Free | Partition Type: NTFS

Computer Name: FLORENCE-PC | User Name: Florence | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days

========== Processes (SafeList) ==========

PRC - [2012/07/01 06:45:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Florence\Desktop\OTL.exe
PRC - [2012/06/27 02:25:06 | 001,326,176 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2012/06/27 02:25:04 | 000,572,000 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012/06/08 21:50:58 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/11/23 03:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/04/08 10:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/25 18:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/28 15:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/06 17:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/03/15 12:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/23 20:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/29 21:58:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/27 02:25:06 | 001,326,176 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/06/27 02:25:04 | 000,681,056 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/23 03:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/08 10:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/16 09:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2011/10/07 07:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 07:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 07:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 02:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 02:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 02:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 02:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/05/23 02:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/28 14:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/03/15 13:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/15 12:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/01/12 17:37:34 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/07 12:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/02 18:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/10/07 21:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 21:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/31 00:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 12:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2007/04/17 14:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {062737E8-996E-4106-A939-6E6928887DD3}
IE:64bit: - HKLM\..\SearchScopes\{062737E8-996E-4106-A939-6E6928887DD3}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{297954DA-3974-47D9-8DDE-0C3F645F6E79}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2989652

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...tb_id&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=14
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {62A2D55E-AA61-4480-B887-EB9FB2491CAC}
IE - HKCU\..\SearchScopes\{297954DA-3974-47D9-8DDE-0C3F645F6E79}: "URL" = http://www.google.co...&rlz=1I7TSNF_en
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{62A2D55E-AA61-4480-B887-EB9FB2491CAC}: "URL" = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKCU\..\SearchScopes\{7AC60EC8-7D6D-469F-993B-B30ADBDDE2D0}: "URL" = http://search.condui...&ctid=CT1320680
IE - HKCU\..\SearchScopes\{A15AC672-3693-4ABE-9BB8-E70B4035B409}: "URL" = http://websearch.ask...BD-5875C760EC9F
IE - HKCU\..\SearchScopes\{A7AD31FF-7048-4D98-9A51-F7726EC630A6}: "URL" = http://search.avg.co...{language}&nt=1
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox...id=80314&lng=en
IE - HKCU\..\SearchScopes\{C5559D06-8A5A-4BB4-8A29-22DC11AE3DC2}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@ei.Retrogamer_2z.com/Plugin: C:\Program Files (x86)\Retrogamer_2zEI\Installr\4.bin\NP2zEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MindDabble_4p.com/Plugin: C:\Program Files (x86)\MindDabble_4p\bar\1.bin\NP4pStub.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/01/31 14:42:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_4p.com: C:\Program Files (x86)\MindDabble_4p\bar\1.bin [2011/12/26 09:07:34 | 000,000,000 | ---D | M]

[2011/04/22 10:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florence\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========


O1 HOSTS File: ([2012/07/06 18:57:16 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{032D9B64-069D-45E5-B22D-2E9554D0BC7F}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 180 Days ==========

[2012/07/06 18:57:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/01 06:45:06 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Florence\Desktop\OTL.exe
[2012/06/30 17:04:16 | 000,000,000 | ---D | C] -- C:\Users\Florence\Desktop\Other Games
[2012/06/30 17:03:42 | 000,000,000 | ---D | C] -- C:\Users\Florence\Desktop\Mahjong Games
[2012/06/30 17:02:51 | 000,000,000 | ---D | C] -- C:\Users\Florence\Desktop\Slot Games
[2012/06/30 11:30:27 | 000,000,000 | ---D | C] -- C:\Users\Florence\Desktop\TOOLS
[2012/06/30 10:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/06/30 10:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/30 10:50:55 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\npdeployJava1.dll
[2012/06/30 10:50:55 | 000,472,840 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll
[2012/06/30 10:50:55 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2012/06/30 10:50:55 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2012/06/30 10:50:55 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2012/06/30 10:50:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/06/30 10:42:33 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Local\Secunia PSI
[2012/06/30 10:42:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012/06/29 21:18:48 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2012/06/29 21:18:48 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2012/06/29 21:18:48 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2012/06/29 21:18:29 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2012/06/29 21:18:29 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2012/06/29 21:18:29 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2012/06/29 21:18:14 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2012/06/29 21:18:14 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2012/06/14 03:00:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/06/14 03:00:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/06/14 03:00:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/06/14 03:00:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/06/14 03:00:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/06/14 03:00:45 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/06/14 03:00:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/06/14 03:00:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/06/14 03:00:42 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/06/14 03:00:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/06/14 03:00:41 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/06/14 03:00:41 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/06/14 03:00:40 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/06/13 20:06:08 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll
[2012/06/13 20:06:08 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll
[2012/06/13 20:06:08 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe
[2012/06/13 20:05:47 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/06/13 20:05:43 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/06/13 20:05:42 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/06/13 20:05:21 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
[2012/06/13 20:04:50 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2012/06/13 20:04:49 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2012/05/27 09:00:55 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Local\{BB3D99C9-DB5F-4ADD-B561-A8F307E219E7}
[2012/05/27 09:00:46 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Local\{B4C1F602-CAF5-44DC-B642-07B2309CD470}
[2012/05/22 09:37:11 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Local\{0DC9E06B-59EC-4BCA-B627-89D023FD7C50}
[2012/05/21 08:35:52 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Local\{B62A735A-D8A2-4D12-88AA-950D8BFE3B94}
[2012/05/16 06:24:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2012/05/10 13:30:25 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2012/05/09 06:32:47 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Local\{BB115643-8E58-4F59-AA4D-04F71EE56A94}
[2012/05/08 16:57:13 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Local\{4F64EBD5-3D3D-4630-8A31-7DDB7CA7BE3C}
[2012/05/08 13:34:00 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Local\{67F75582-190C-41DA-A6D8-6EA2A1AEB4B5}
[2012/05/07 09:28:22 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Local\{B2C833D5-886C-49D7-B722-4DB28F408C1C}
[2012/05/05 20:58:54 | 000,000,000 | ---D | C] -- C:\Users\Florence\Documents\Slingo Supreme Documents
[2012/04/19 06:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo
[2012/04/19 05:43:19 | 000,000,000 | ---D | C] -- C:\Users\Florence\Documents\Slingo Quest Documents
[2012/04/19 05:23:59 | 000,000,000 | ---D | C] -- C:\Users\Florence\Documents\Slingo Quest Hawaii Documents
[2012/04/19 05:23:59 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Roaming\funkitron
[2012/04/18 18:53:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/04/15 06:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
[2012/04/14 22:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Winferno
[2012/04/14 22:02:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2012/04/14 22:01:55 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Local\visi_coupon
[2012/04/14 22:01:18 | 000,516,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CapiCom.dll
[2012/04/14 22:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winferno
[2012/04/14 22:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/04/14 22:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/04/14 22:00:45 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Roaming\Yahoo!
[2012/04/14 22:00:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012/04/11 06:31:28 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2012/04/11 06:31:28 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys
[2012/04/11 06:31:27 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012/03/30 22:29:00 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/03/30 22:26:58 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2012/03/30 22:17:54 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\subinacl.exe
[2012/03/30 21:43:23 | 000,181,064 | ---- | C] (Sysinternals) -- C:\windows\PSEXESVC.EXE
[2012/03/30 21:42:50 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/03/30 21:42:47 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2012/03/30 21:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/30 21:40:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/03/30 21:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/03/30 21:11:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2012/03/14 06:13:35 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll
[2012/03/14 06:13:35 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll
[2012/02/18 11:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/02/15 19:42:28 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntshrui.dll
[2012/02/15 19:42:26 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\timedate.cpl
[2012/02/15 19:42:26 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\timedate.cpl
[2012/02/15 19:42:06 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msvcrt.dll
[2012/01/31 14:41:21 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\drivers\AVG
[2012/01/25 20:51:15 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2012/01/25 20:51:15 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\webio.dll
[2012/01/25 20:51:15 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\webio.dll
[2012/01/25 20:51:15 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2012/01/25 20:51:15 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2012/01/25 20:51:15 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2012/01/11 09:25:51 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\quartz.dll
[2012/01/11 09:25:51 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\quartz.dll
[2012/01/11 09:25:50 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll
[2012/01/11 09:25:50 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll
[2012/01/11 09:25:46 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2012/01/11 09:25:44 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\packager.dll
[2012/01/11 09:25:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\packager.dll

========== Files - Modified Within 180 Days ==========

[2012/07/06 19:05:11 | 000,016,304 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 19:05:11 | 000,016,304 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 19:01:23 | 000,000,420 | ---- | M] () -- C:\windows\tasks\EasyShare Registration RunOnce Task.job
[2012/07/06 19:00:11 | 000,000,330 | ---- | M] () -- C:\windows\tasks\GlaryInitialize.job
[2012/07/06 18:59:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/06 18:59:35 | 3016,503,296 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/06 18:57:16 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2012/07/06 18:57:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/06 18:54:54 | 101,250,975 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/07/01 06:45:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Florence\Desktop\OTL.exe
[2012/06/30 17:53:15 | 000,000,173 | ---- | M] () -- C:\Users\Florence\Desktop\Yahoo!.url
[2012/06/30 17:50:45 | 000,000,193 | ---- | M] () -- C:\Users\Florence\Desktop\Welcome to Facebook - Log In, Sign Up or Learn More.url
[2012/06/30 17:06:14 | 000,000,172 | ---- | M] () -- C:\Users\Florence\Desktop\Storm Prediction Center.url
[2012/06/30 15:53:56 | 000,053,169 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2012/06/30 10:50:49 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\npdeployJava1.dll
[2012/06/30 10:50:49 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll
[2012/06/30 10:50:49 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2012/06/30 10:50:49 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2012/06/30 10:50:49 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2012/06/30 10:42:26 | 000,001,073 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/06/29 21:58:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/06/29 21:58:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/14 03:31:14 | 000,275,352 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/06/14 03:12:03 | 000,740,494 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/06/14 03:12:03 | 000,624,254 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/06/14 03:12:03 | 000,106,598 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/06/02 17:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2012/06/02 17:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2012/06/02 17:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2012/06/02 17:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2012/06/02 17:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2012/06/02 17:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2012/05/28 15:46:06 | 000,625,911 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavifw.avm
[2012/05/17 21:06:48 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/05/17 20:58:39 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/05/17 20:58:15 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/05/17 20:55:22 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/05/17 20:55:06 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/05/17 20:51:49 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/05/17 20:47:42 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/05/17 17:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/05/17 17:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/05/17 17:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/05/17 17:29:30 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/05/17 17:25:17 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/05/17 17:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/05/04 06:06:22 | 005,559,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/05/04 05:03:53 | 003,968,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/05/04 05:03:50 | 003,913,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/04/26 00:41:56 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll
[2012/04/26 00:41:55 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll
[2012/04/26 00:34:27 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe
[2012/04/24 00:37:37 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2012/04/24 00:37:36 | 001,462,272 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2012/04/21 10:52:07 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/04/18 18:53:09 | 000,000,064 | ---- | M] () -- C:\windows\GPlrLanc.dat
[2012/04/07 07:31:40 | 003,216,384 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/03/30 22:27:13 | 000,181,064 | ---- | M] (Sysinternals) -- C:\windows\PSEXESVC.EXE
[2012/03/30 22:18:35 | 000,726,316 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/03/30 21:40:21 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/03/03 01:35:38 | 001,544,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys
[2012/03/01 01:38:27 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012/03/01 01:33:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2012/02/17 01:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll
[2012/02/17 00:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll
[2012/01/31 14:42:46 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/01/31 14:41:21 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\incavi.avm
[2012/01/31 14:41:21 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\iavifw.avm
[2012/01/31 14:41:21 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/01/25 14:45:39 | 000,003,584 | ---- | M] () -- C:\Users\Florence\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/06/30 17:53:15 | 000,000,173 | ---- | C] () -- C:\Users\Florence\Desktop\Yahoo!.url
[2012/06/30 17:50:45 | 000,000,193 | ---- | C] () -- C:\Users\Florence\Desktop\Welcome to Facebook - Log In, Sign Up or Learn More.url
[2012/06/30 17:06:14 | 000,000,172 | ---- | C] () -- C:\Users\Florence\Desktop\Storm Prediction Center.url
[2012/06/30 10:42:26 | 000,001,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/06/30 10:42:26 | 000,001,036 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012/03/30 22:18:35 | 000,726,316 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/03/30 22:18:17 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
[2012/03/30 21:42:53 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/02/18 11:15:17 | 000,001,985 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/02/18 11:15:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/31 14:41:21 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\incavi.avm
[2012/01/31 14:41:21 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\iavifw.avm
[2012/01/31 14:41:21 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/01/25 14:45:39 | 000,003,584 | ---- | C] () -- C:\Users\Florence\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/25 09:35:29 | 000,000,064 | ---- | C] () -- C:\windows\GPlrLanc.dat
[2011/08/22 16:41:55 | 000,765,952 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2011/08/22 16:41:55 | 000,180,224 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2011/06/18 13:38:37 | 000,000,405 | ---- | C] () -- C:\Users\Florence\AppData\Local\Big Bang Tic-Tac-Toe
[2011/03/19 20:24:38 | 000,000,024 | ---- | C] () -- C:\windows\popcinfo.dat
[2011/03/19 19:42:59 | 000,000,215 | ---- | C] () -- C:\windows\SIERRA.INI
[2011/03/19 19:37:27 | 000,000,220 | ---- | C] () -- C:\windows\WSOPDELX.INI
[2011/03/16 18:28:41 | 000,000,952 | --S- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/02/22 01:51:37 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2011/02/22 01:46:59 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/02/22 01:44:41 | 000,001,105 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:8AA8199A

< End of report >
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
So we really want a good clear out of the rubbish then

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    SRV - [2011/04/08 10:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe -- (iWinTrusted)
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2989652
    IE - HKCU\..\SearchScopes\{62A2D55E-AA61-4480-B887-EB9FB2491CAC}: "URL" = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}
    IE - HKCU\..\SearchScopes\{7AC60EC8-7D6D-469F-993B-B30ADBDDE2D0}: "URL" = http://search.condui...&ctid=CT1320680
    IE - HKCU\..\SearchScopes\{A15AC672-3693-4ABE-9BB8-E70B4035B409}: "URL" = http://websearch.ask...BD-5875C760EC9F
    IE - HKCU\..\SearchScopes\{A7AD31FF-7048-4D98-9A51-F7726EC630A6}: "URL" = http://search.avg.co...{language}&nt=1
    FF - HKLM\Software\MozillaPlugins\@ei.Retrogamer_2z.com/Plugin: C:\Program Files (x86)\Retrogamer_2zEI\Installr\4.bin\NP2zEISB.dll File not found
    FF - HKLM\Software\MozillaPlugins\@MindDabble_4p.com/Plugin: C:\Program Files (x86)\MindDabble_4p\bar\1.bin\NP4pStub.dll File not found
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\1.bin
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_4p.com: C:\Program Files (x86)\MindDabble_4p\bar\1.bin [2011/12/26 09:07:34 | 000,000,000 | ---D | M]
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
    [2012/05/27 09:00:55 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Local\{BB3D99C9-DB5F-4ADD-B561-A8F307E219E7}
    [2012/05/27 09:00:46 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Local\{B4C1F602-CAF5-44DC-B642-07B2309CD470}
    [2012/05/22 09:37:11 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Local\{0DC9E06B-59EC-4BCA-B627-89D023FD7C50}
    [2012/05/21 08:35:52 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Local\{B62A735A-D8A2-4D12-88AA-950D8BFE3B94}
    [2012/05/09 06:32:47 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Local\{BB115643-8E58-4F59-AA4D-04F71EE56A94}
    [2012/05/08 16:57:13 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Local\{4F64EBD5-3D3D-4630-8A31-7DDB7CA7BE3C}
    [2012/05/08 13:34:00 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Local\{67F75582-190C-41DA-A6D8-6EA2A1AEB4B5}
    [2012/05/07 09:28:22 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Local\{B2C833D5-886C-49D7-B722-4DB28F408C1C}
    [2012/04/18 18:53:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
    [2012/04/14 22:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Winferno
    [2012/04/14 22:02:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com
    [2012/04/14 22:01:55 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Local\visi_coupon
    [2012/04/14 22:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winferno
    [2012/07/06 19:01:23 | 000,000,420 | ---- | M] () -- C:\windows\tasks\EasyShare Registration RunOnce Task.job
    [2012/07/06 19:00:11 | 000,000,330 | ---- | M] () -- C:\windows\tasks\GlaryInitialize.job


    :Files
    C:\Program Files (x86)\MyWebSearch
    C:\Program Files (x86)\MindDabble_4p
    C:\Program Files (x86)\iWin Games

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#6
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
otl scan log

OTL logfile created on: 7/7/2012 6:01:32 AM - Run 3
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Florence\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 62.45% Memory free
7.49 Gb Paging File | 5.93 Gb Available in Paging File | 79.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.66 Gb Total Space | 358.34 Gb Free Space | 79.16% Space Free | Partition Type: NTFS

Computer Name: FLORENCE-PC | User Name: Florence | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/01 06:45:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Florence\Desktop\OTL.exe
PRC - [2012/06/27 02:25:06 | 001,326,176 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2012/06/27 02:25:04 | 000,572,000 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/11/23 03:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/25 18:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/28 15:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/06 17:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/03/15 12:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/23 20:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/29 21:58:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/27 02:25:06 | 001,326,176 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/06/27 02:25:04 | 000,681,056 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/23 03:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/16 09:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2011/10/07 07:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 07:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 07:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 02:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 02:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 02:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 02:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/05/23 02:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/28 14:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/03/15 13:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/15 12:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/01/12 17:37:34 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/07 12:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/02 18:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/10/07 21:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 21:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/31 00:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 12:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2007/04/17 14:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {062737E8-996E-4106-A939-6E6928887DD3}
IE:64bit: - HKLM\..\SearchScopes\{062737E8-996E-4106-A939-6E6928887DD3}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{297954DA-3974-47D9-8DDE-0C3F645F6E79}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...tb_id&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=14
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {62A2D55E-AA61-4480-B887-EB9FB2491CAC}
IE - HKCU\..\SearchScopes\{297954DA-3974-47D9-8DDE-0C3F645F6E79}: "URL" = http://www.google.co...&rlz=1I7TSNF_en
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox...id=80314&lng=en
IE - HKCU\..\SearchScopes\{C5559D06-8A5A-4BB4-8A29-22DC11AE3DC2}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/01/31 14:42:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_4p.com: C:\Program Files (x86)\MindDabble_4p\bar\1.bin

[2011/04/22 10:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florence\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========


O1 HOSTS File: ([2012/07/07 05:53:26 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{032D9B64-069D-45E5-B22D-2E9554D0BC7F}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/06 18:57:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/01 06:45:06 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Florence\Desktop\OTL.exe
[2012/06/30 17:04:16 | 000,000,000 | ---D | C] -- C:\Users\Florence\Desktop\Other Games
[2012/06/30 17:03:42 | 000,000,000 | ---D | C] -- C:\Users\Florence\Desktop\Mahjong Games
[2012/06/30 17:02:51 | 000,000,000 | ---D | C] -- C:\Users\Florence\Desktop\Slot Games
[2012/06/30 11:30:27 | 000,000,000 | ---D | C] -- C:\Users\Florence\Desktop\TOOLS
[2012/06/30 10:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/06/30 10:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/30 10:50:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/06/30 10:42:33 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Local\Secunia PSI
[2012/06/30 10:42:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia

========== Files - Modified Within 30 Days ==========

[2012/07/07 06:01:14 | 000,016,304 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/07 06:01:14 | 000,016,304 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/07 05:57:03 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/07 05:56:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/07 05:55:57 | 3016,503,296 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/07 05:53:26 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2012/07/07 05:52:33 | 101,270,096 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/07/01 06:45:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Florence\Desktop\OTL.exe
[2012/06/30 17:53:15 | 000,000,173 | ---- | M] () -- C:\Users\Florence\Desktop\Yahoo!.url
[2012/06/30 17:50:45 | 000,000,193 | ---- | M] () -- C:\Users\Florence\Desktop\Welcome to Facebook - Log In, Sign Up or Learn More.url
[2012/06/30 17:06:14 | 000,000,172 | ---- | M] () -- C:\Users\Florence\Desktop\Storm Prediction Center.url
[2012/06/30 15:53:56 | 000,053,169 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2012/06/30 10:42:26 | 000,001,073 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/06/14 03:31:14 | 000,275,352 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/06/14 03:12:03 | 000,740,494 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/06/14 03:12:03 | 000,624,254 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/06/14 03:12:03 | 000,106,598 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2012/06/30 17:53:15 | 000,000,173 | ---- | C] () -- C:\Users\Florence\Desktop\Yahoo!.url
[2012/06/30 17:50:45 | 000,000,193 | ---- | C] () -- C:\Users\Florence\Desktop\Welcome to Facebook - Log In, Sign Up or Learn More.url
[2012/06/30 17:06:14 | 000,000,172 | ---- | C] () -- C:\Users\Florence\Desktop\Storm Prediction Center.url
[2012/06/30 10:42:26 | 000,001,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/06/30 10:42:26 | 000,001,036 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012/03/30 22:18:35 | 000,726,316 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/01/25 14:45:39 | 000,003,584 | ---- | C] () -- C:\Users\Florence\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/25 09:35:29 | 000,000,064 | ---- | C] () -- C:\windows\GPlrLanc.dat
[2011/08/22 16:41:55 | 000,765,952 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2011/08/22 16:41:55 | 000,180,224 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2011/06/18 13:38:37 | 000,000,405 | ---- | C] () -- C:\Users\Florence\AppData\Local\Big Bang Tic-Tac-Toe
[2011/03/19 20:24:38 | 000,000,024 | ---- | C] () -- C:\windows\popcinfo.dat
[2011/03/19 19:42:59 | 000,000,215 | ---- | C] () -- C:\windows\SIERRA.INI
[2011/03/19 19:37:27 | 000,000,220 | ---- | C] () -- C:\windows\WSOPDELX.INI
[2011/03/16 18:28:41 | 000,000,952 | --S- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/02/22 01:51:37 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2011/02/22 01:46:59 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/02/22 01:44:41 | 000,001,105 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011/12/03 20:13:06 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Auslogics
[2011/04/30 14:16:24 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\AVG
[2011/12/26 00:27:40 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\AVG2012
[2011/03/16 18:07:56 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Book Place
[2011/03/18 22:54:59 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\EA
[2012/05/05 20:58:54 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\funkitron
[2012/06/08 21:42:48 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\GlarySoft
[2011/10/05 18:34:17 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Hoyle
[2011/10/05 16:38:32 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Hoyle Blackjack
[2011/10/05 09:35:42 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Hoyle Card Games
[2011/04/13 18:12:17 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Hoyle FaceCreator
[2012/06/12 10:23:02 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Hoyle Puzzle and Board Games
[2011/03/19 20:30:41 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\iWin
[2011/05/13 20:55:19 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Masque
[2011/10/07 19:49:57 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\PlayFirst
[2011/12/04 23:04:57 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Skinux
[2011/03/15 22:01:52 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Tific
[2011/03/16 17:59:47 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Toshiba
[2011/03/15 19:03:37 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\WinBatch
[2011/07/27 10:22:12 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Windows Live Writer
[2009/07/14 00:08:49 | 000,027,466 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:8AA8199A

< End of report >


upon restart...i get an error message from a previously deleted program....

run dll....there was a problem starting...

C:\PROGRA~3\Kodak\EasyShareSetup\$Regis~1\Registration_8.3.20.1.sxt

i cannot seem to get rid of this thing


going to run combo fix now...thank you
  • 0

#7
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
combofix log

i cannot find the combofix log

i could not upload it until i rebooted the machine and it is not on the desktop...

i apologize
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you look at C:\combofix.txt
  • 0

#9
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
ComboFix 12-07-07.02 - Florence 07/07/2012 6:29.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2325 [GMT -5:00]
Running from: c:\users\Florence\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Retrogamer_2zEI
c:\users\Florence\AppData\Local\Temp\{8DEF6166-9897-4F35-8818-0F603B266A36}\fpb.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))
.
.
2012-07-06 23:57 . 2012-07-06 23:57 -------- d-----w- C:\_OTL
2012-06-30 15:51 . 2012-06-30 15:51 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-30 15:50 . 2012-06-30 15:50 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-30 15:50 . 2012-06-30 15:50 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-30 15:50 . 2012-06-30 15:50 -------- d-----w- c:\program files (x86)\Java
2012-06-30 15:42 . 2012-06-30 15:42 -------- d-----w- c:\users\Florence\AppData\Local\Secunia PSI
2012-06-30 15:42 . 2012-06-30 15:42 -------- d-----w- c:\program files (x86)\Secunia
2012-06-30 02:18 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-30 02:18 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-30 02:18 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-30 02:18 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-30 02:18 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-30 02:18 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-30 02:18 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-30 02:18 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-30 02:18 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 01:06 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 01:06 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 01:06 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 01:05 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 01:05 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 01:05 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 01:05 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 01:05 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 01:05 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 01:05 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 01:05 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 01:04 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 01:04 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 01:04 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 01:04 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 01:04 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 01:04 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-30 02:58 . 2012-03-31 02:42 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-30 02:58 . 2011-07-30 03:20 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-05 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-6-27 572000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-06-27 681056]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-30 250056]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 232992]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-16 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-09-13 37456]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-10-07 283728]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-08-08 46672]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-07-11 375376]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 202752]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-06-27 1326176]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-15 6403072]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-15 188928]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 120400]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 29776]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-12 325152]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-04-28 932384]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 02:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/?ilc=14
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-iWinArcade - c:\program files (x86)\iWin Games\Uninstall.exe
AddRemove-WT089366 - c:\program files (x86)\TOSHIBA Games\Cake Mania - Lights
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
.
**************************************************************************
.
Completion time: 2012-07-07 06:39:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-07 11:39
.
Pre-Run: 384,644,911,104 bytes free
Post-Run: 384,485,384,192 bytes free
.
- - End Of File - - 6D4A53BA3A0824B2D0A68BFFB28D7CE3
  • 0

#10
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
seems to be running ok except for that kodak error message
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets see if I can locate the start point for that

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :regfind
    kodak

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#12
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
anything associated with this old program can be deleted, that camera is long gone.

SystemLook 30.07.11 by jpshortstuff
Log created at 15:13 on 07/07/2012 by Florence
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== regfind ==========

Searching for "kodak"
[HKEY_LOCAL_MACHINE\SOFTWARE\ArcSoft\Print Creations]
"Kodak Version"="2.8.255.384"
[HKEY_LOCAL_MACHINE\SOFTWARE\Kodak]
[HKEY_LOCAL_MACHINE\SOFTWARE\Kodak\Kodak EasyShare software]
[HKEY_LOCAL_MACHINE\SOFTWARE\Kodak\Kodak EasyShare software\Transfer\PtsSources\KReaderC]
"MEDEVICEKEY"="*SCSI\KODAK___CF/SD/MMC/SM____0\USBSTOR&DISK&VEN_KODAK&PROD_CF/SD/MMC/SM&REV_0105&????????????&0*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Kodak\Kodak EasyShare software\Transfer\PtsSources\KReaderC]
"W2KSP3DEVICEKEY"="*DISK&VEN_KODAK&PROD_CF/SD/MMC/SM&REV_0105\????????????&0*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Kodak\Kodak EasyShare software\Transfer\PtsSources\KReaderIAteinOne_CF]
"W2KDEVICEKEY"="USBSTOR\DISK&VEN_USB2.0&PROD_CF__KODAK_8_IN_1&REV__CAR\6&77A61A5&0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Kodak\Kodak EasyShare software\Transfer\PtsSources\KReaderIAteinOne_CF]
"W2KSP3DEVICEKEY"="USBSTOR\DISK&VEN_USB2.0&PROD_CF__KODAK_8_IN_1&REV__CAR\1234605_&0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Kodak\Kodak EasyShare software\Transfer\PtsSources\KReaderIAteinOne_MS]
"W2KDEVICEKEY"="USBSTOR\DISK&VEN_USB2.0&PROD_MS__KODAK_8_IN_1&REV__CAR\6&77A61A5&3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Kodak\Kodak EasyShare software\Transfer\PtsSources\KReaderIAteinOne_MS]
"W2KSP3DEVICEKEY"="USBSTOR\DISK&VEN_USB2.0&PROD_MS__KODAK_8_IN_1&REV__CAR\1234605_&3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Kodak\Kodak EasyShare software\Transfer\PtsSources\KReaderIAteinOne_sd]
"W2KDEVICEKEY"="USBSTOR\DISK&VEN_USB2.0&PROD_SD__KODAK_8_IN_1&REV__CAR\6&77A61A5&2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Kodak\Kodak EasyShare software\Transfer\PtsSources\KReaderIAteinOne_sd]
"W2KSP3DEVICEKEY"="USBSTOR\DISK&VEN_USB2.0&PROD_SD__KODAK_8_IN_1&REV__CAR\1234605_&2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Kodak\Kodak EasyShare software\Transfer\PtsSources\KReaderIAteinOne_SM]
"W2KDEVICEKEY"="USBSTOR\DISK&VEN_USB2.0&PROD_SM__KODAK_8_IN_1&REV__CAR\6&77A61A5&1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Kodak\Kodak EasyShare software\Transfer\PtsSources\KReaderIAteinOne_SM]
"W2KSP3DEVICEKEY"="USBSTOR\DISK&VEN_USB2.0&PROD_SM__KODAK_8_IN_1&REV__CAR\1234605_&1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Kodak\Kodak EasyShare software\Transfer\PtsSources\KReaderM]
"MEDEVICEKEY"="*SCSI\KODAK___CF/SD/MMC/SM____0\USBSTOR&DISK&VEN_KODAK&PROD_CF/SD/MMC/SM&REV_0105&????????????&1*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Kodak\Kodak EasyShare software\Transfer\PtsSources\KReaderM]
"W2KSP3DEVICEKEY"="*DISK&VEN_KODAK&PROD_CF/SD/MMC/SM&REV_0105\????????????&1*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Kodak\Kodak EasyShare software\Transfer\PtsSources\KReaderS]
"MEDEVICEKEY"="*SCSI\KODAK___CF/SD/MMC/SM____0\USBSTOR&DISK&VEN_KODAK&PROD_CF/SD/MMC/SM&REV_0105&????????????&2*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Kodak\Kodak EasyShare software\Transfer\PtsSources\KReaderS]
"W2KSP3DEVICEKEY"="*DISK&VEN_KODAK&PROD_CF/SD/MMC/SM&REV_0105\????????????&2*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Kodak\KODAK Software Updater]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\System Programs]
"kodakimg"="kodakimg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\System Programs]
"kodakprv"="kodakprv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\kodakprv.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00FAE562-DACA-11D6-AD30-0050DAD88A02}\InprocServer32]
@="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00FAE568-DACA-11D6-AD30-0050DAD88A02}\InprocServer32]
@="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09101CAF-D527-11D6-AD30-0050DAD88A02}\InprocServer32]
@="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09101CB7-D527-11D6-AD30-0050DAD88A02}\InprocServer32]
@="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09101CBA-D527-11D6-AD30-0050DAD88A02}\InprocServer32]
@="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09101CBA-D527-11D6-AD30-0050DAD88A02}\ToolboxBitmap32]
@="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll, 109"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09101CBE-D527-11D6-AD30-0050DAD88A02}\InprocServer32]
@="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37B3DEDD-A29C-450E-B959-08F628789D79}]
"Author"="Eastman Kodak Company"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37B3DEDD-A29C-450E-B959-08F628789D79}\InprocServer32]
@="C:\Program Files (x86)\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A091B81-8FAF-4B7D-85C7-7CB5D3FDD479}\InprocServer32]
@="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A091B81-8FAF-4B7D-85C7-7CB5D3FDD479}\ToolboxBitmap32]
@="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll, 121"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{406B870F-F4F6-4EDA-A48C-61129121589E}]
"Author"="Eastman Kodak Company"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{406B870F-F4F6-4EDA-A48C-61129121589E}\InprocServer32]
@="C:\Program Files (x86)\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{584FDB1D-51C4-4A1D-B674-D548D915EE01}]
"Author"="Eastman Kodak Company"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{584FDB1D-51C4-4A1D-B674-D548D915EE01}\InprocServer32]
@="C:\Program Files (x86)\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DDC8FCE-C470-444A-9425-8EAC662A99F7}]
"Author"="Eastman Kodak Company"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DDC8FCE-C470-444A-9425-8EAC662A99F7}\InprocServer32]
@="C:\Program Files (x86)\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{821C65A9-C22B-4387-9503-265472E25544}]
"Author"="Eastman Kodak Company"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{821C65A9-C22B-4387-9503-265472E25544}\InprocServer32]
@="C:\Program Files (x86)\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{884E4785-00AC-4994-BAAF-3304C788E976}\InprocServer32]
@="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cdf6a84-f726-11da-89c2-444553544200}\InprocServer32]
@="C:\PROGRA~3\Kodak\EASYSH~1\$REGIS~1\Registration_8.3.30.1.sxt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cdf6a86-f726-11da-89c2-444553544200}\InprocServer32]
@="C:\PROGRA~3\Kodak\EASYSH~1\$REGIS~1\Registration_8.3.30.1.sxt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cdf6a89-f726-11da-89c2-444553544200}\InprocServer32]
@="C:\PROGRA~3\Kodak\EASYSH~1\$REGIS~1\Registration_8.3.30.1.sxt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cdf6a8b-f726-11da-89c2-444553544200}]
@="RegAtKodakObj Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cdf6a8b-f726-11da-89c2-444553544200}\InprocServer32]
@="C:\PROGRA~3\Kodak\EASYSH~1\$REGIS~1\Registration_8.3.30.1.sxt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cdf6a8b-f726-11da-89c2-444553544200}\ProgID]
@="RegistrationPlugin.RegAtKodakObj.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cdf6a8b-f726-11da-89c2-444553544200}\VersionIndependentProgID]
@="RegistrationPlugin.RegAtKodakObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cdf6a8d-f726-11da-89c2-444553544200}\InprocServer32]
@="C:\PROGRA~3\Kodak\EASYSH~1\$REGIS~1\Registration_8.3.30.1.sxt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cdf6a92-f726-11da-89c2-444553544200}\InprocServer32]
@="C:\ProgramData\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_8.3.30.1.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90F5AF52-6D6C-4C83-8A7D-1C12923A1022}]
"Author"="Eastman Kodak Company"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90F5AF52-6D6C-4C83-8A7D-1C12923A1022}\InprocServer32]
@="C:\Program Files (x86)\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AC0CC0B-B0C5-4732-A805-E740830AAC1E}]
"Author"="Eastman Kodak Company"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AC0CC0B-B0C5-4732-A805-E740830AAC1E}\InprocServer32]
@="C:\Program Files (x86)\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C73B6814-9FF3-4D10-A5C0-678904F869E9}]
"Author"="Eastman Kodak Company"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C73B6814-9FF3-4D10-A5C0-678904F869E9}\InprocServer32]
@="C:\Program Files (x86)\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF2789D7-1101-43FE-A86C-4B373BDA90DB}]
"Author"="Eastman Kodak Company"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF2789D7-1101-43FE-A86C-4B373BDA90DB}\InprocServer32]
@="C:\Program Files (x86)\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E84A0F50-0402-48B9-A986-AA33EA909D8A}]
"Author"="Eastman Kodak Company"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E84A0F50-0402-48B9-A986-AA33EA909D8A}\InprocServer32]
@="C:\Program Files (x86)\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RegistrationPlugin.RegAtKodakObj]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RegistrationPlugin.RegAtKodakObj]
@="RegAtKodakObj Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RegistrationPlugin.RegAtKodakObj\CurVer]
@="RegistrationPlugin.RegAtKodakObj.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RegistrationPlugin.RegAtKodakObj.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RegistrationPlugin.RegAtKodakObj.1]
@="RegAtKodakObj Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{09101CA1-D527-11D6-AD30-0050DAD88A02}\1.0\0\win32]
@="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8CDF6A81-F726-11DA-89C2-444553544200}\1.0\0\win32]
@="C:\PROGRA~3\Kodak\EASYSH~1\$REGIS~1\Registration_8.3.30.1.sxt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8CDF6A90-F726-11DA-89C2-444553544200}\1.0\0\win32]
@="C:\ProgramData\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_8.3.30.1.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F546600-84FA-429B-A672-A616525966C6}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00FAE562-DACA-11D6-AD30-0050DAD88A02}\InprocServer32]
@="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00FAE568-DACA-11D6-AD30-0050DAD88A02}\InprocServer32]
@="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{09101CAF-D527-11D6-AD30-0050DAD88A02}\InprocServer32]
@="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{09101CB7-D527-11D6-AD30-0050DAD88A02}\InprocServer32]
@="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{09101CBA-D527-11D6-AD30-0050DAD88A02}\InprocServer32]
@="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{09101CBA-D527-11D6-AD30-0050DAD88A02}\ToolboxBitmap32]
@="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll, 109"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{09101CBE-D527-11D6-AD30-0050DAD88A02}\InprocServer32]
@="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{37B3DEDD-A29C-450E-B959-08F628789D79}]
"Author"="Eastman Kodak Company"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{37B3DEDD-A29C-450E-B959-08F628789D79}\InprocServer32]
@="C:\Program Files (x86)\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3A091B81-8FAF-4B7D-85C7-7CB5D3FDD479}\InprocServer32]
@="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3A091B81-8FAF-4B7D-85C7-7CB5D3FDD479}\ToolboxBitmap32]
@="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll, 121"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{406B870F-F4F6-4EDA-A48C-61129121589E}]
"Author"="Eastman Kodak Company"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{406B870F-F4F6-4EDA-A48C-61129121589E}\InprocServer32]
@="C:\Program Files (x86)\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{584FDB1D-51C4-4A1D-B674-D548D915EE01}]
"Author"="Eastman Kodak Company"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{584FDB1D-51C4-4A1D-B674-D548D915EE01}\InprocServer32]
@="C:\Program Files (x86)\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6DDC8FCE-C470-444A-9425-8EAC662A99F7}]
"Author"="Eastman Kodak Company"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6DDC8FCE-C470-444A-9425-8EAC662A99F7}\InprocServer32]
@="C:\Program Files (x86)\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{821C65A9-C22B-4387-9503-265472E25544}]
"Author"="Eastman Kodak Company"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{821C65A9-C22B-4387-9503-265472E25544}\InprocServer32]
@="C:\Program Files (x86)\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{884E4785-00AC-4994-BAAF-3304C788E976}\InprocServer32]
@="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8cdf6a84-f726-11da-89c2-444553544200}\InprocServer32]
@="C:\PROGRA~3\Kodak\EASYSH~1\$REGIS~1\Registration_8.3.30.1.sxt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8cdf6a86-f726-11da-89c2-444553544200}\InprocServer32]
@="C:\PROGRA~3\Kodak\EASYSH~1\$REGIS~1\Registration_8.3.30.1.sxt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8cdf6a89-f726-11da-89c2-444553544200}\InprocServer32]
@="C:\PROGRA~3\Kodak\EASYSH~1\$REGIS~1\Registration_8.3.30.1.sxt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8cdf6a8b-f726-11da-89c2-444553544200}]
@="RegAtKodakObj Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8cdf6a8b-f726-11da-89c2-444553544200}\InprocServer32]
@="C:\PROGRA~3\Kodak\EASYSH~1\$REGIS~1\Registration_8.3.30.1.sxt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8cdf6a8b-f726-11da-89c2-444553544200}\ProgID]
@="RegistrationPlugin.RegAtKodakObj.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8cdf6a8b-f726-11da-89c2-444553544200}\VersionIndependentProgID]
@="RegistrationPlugin.RegAtKodakObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8cdf6a8d-f726-11da-89c2-444553544200}\InprocServer32]
@="C:\PROGRA~3\Kodak\EASYSH~1\$REGIS~1\Registration_8.3.30.1.sxt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8cdf6a92-f726-11da-89c2-444553544200}\InprocServer32]
@="C:\ProgramData\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_8.3.30.1.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{90F5AF52-6D6C-4C83-8A7D-1C12923A1022}]
"Author"="Eastman Kodak Company"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{90F5AF52-6D6C-4C83-8A7D-1C12923A1022}\InprocServer32]
@="C:\Program Files (x86)\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9AC0CC0B-B0C5-4732-A805-E740830AAC1E}]
"Author"="Eastman Kodak Company"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9AC0CC0B-B0C5-4732-A805-E740830AAC1E}\InprocServer32]
@="C:\Program Files (x86)\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C73B6814-9FF3-4D10-A5C0-678904F869E9}]
"Author"="Eastman Kodak Company"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C73B6814-9FF3-4D10-A5C0-678904F869E9}\InprocServer32]
@="C:\Program Files (x86)\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CF2789D7-1101-43FE-A86C-4B373BDA90DB}]
"Author"="Eastman Kodak Company"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CF2789D7-1101-43FE-A86C-4B373BDA90DB}\InprocServer32]
@="C:\Program Files (x86)\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E84A0F50-0402-48B9-A986-AA33EA909D8A}]
"Author"="Eastman Kodak Company"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E84A0F50-0402-48B9-A986-AA33EA909D8A}\InprocServer32]
@="C:\Program Files (x86)\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{09101CA1-D527-11D6-AD30-0050DAD88A02}\1.0\0\win32]
@="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8CDF6A81-F726-11DA-89C2-444553544200}\1.0\0\win32]
@="C:\PROGRA~3\Kodak\EASYSH~1\$REGIS~1\Registration_8.3.30.1.sxt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8CDF6A90-F726-11DA-89C2-444553544200}\1.0\0\win32]
@="C:\ProgramData\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_8.3.30.1.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8F546600-84FA-429B-A672-A616525966C6}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0002]
"ProviderName"="Eastman Kodak"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0002]
"Vendor"="Eastman Kodak Company"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_040A&PID_05CB\KCXJZ84303349]
"Mfg"="Eastman Kodak Company"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0002]
"ProviderName"="Eastman Kodak"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0002]
"Vendor"="Eastman Kodak Company"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\USB\VID_040A&PID_05CB\KCXJZ84303349]
"Mfg"="Eastman Kodak Company"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0002]
"ProviderName"="Eastman Kodak"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0002]
"Vendor"="Eastman Kodak Company"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\VID_040A&PID_05CB\KCXJZ84303349]
"Mfg"="Eastman Kodak Company"

-= EOF =-

Edited by greghoffman, 07 July 2012 - 02:15 PM.

  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm I cannot see the run command there

Do you still have this folder on the system C:\Program Files (x86)\Kodak

If so could you see if there is an uninstall programme there
  • 0

#14
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
the install disc is not in my possession...it is 120 miles...if it is still there
  • 0

#15
greghoffman

greghoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 439 posts
been trying to use this comp...really slow loading stuff from yahoo and opening stuff on fb. sometimes it loses connectivity from the internet...i have to click on the icon for internet access to reconnect...our regular laptop never has that problem.

wish i knew what was going on with this thing...so frustrating.

i thank you Essexboy for all your help.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP