Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

No boot after infection [Solved]


  • This topic is locked This topic is locked

#16
new-be

new-be

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I have the computer booted. What would be the next step you would like to take to make sure it is clean?

Thanks,
deltaboy
  • 0

Advertisements


#17
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts
Hi. :)

I have the computer booted. What would be the next step you would like to take to make sure it is clean?

I am surmising you mean via the bootable CD I asked you to create...if so refer to my prior instructions in post #9 for running the Farbar Recovery Scan Tool etc.
  • 0

#18
new-be

new-be

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Actually, I have it booted without the cd we created. It is booted by windows.
  • 0

#19
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts
Hi. :)

Actually, I have it booted without the cd we created. It is booted by windows.

OK, fair play then...

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Create a Startup Repair Disk:

I advise you do this now before proceeding to the OTL scan below. As we may have need of it and or it can be used in the future in-case of unforeseen circumstances for example.

To actually create the disk can be read in the below tutorial:-

How to create a Windows 7 Startup Repair Disk

Scan with OTL:

Please download OTL and save it to your Desktop.

Alternate downloads are here and here.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan/Fixes box cut & paste this in:-
netsvcs
%systemdrive%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CreateRestorePoint

  • Now click on the Quick Scan button.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Were you able to create a Startup Repair disk?
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#20
new-be

new-be

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
1. I haven't been using it very much. Scared it may crash again. It is working well for the time I have been on it.

2. Yes, I was able to create the disc.

3. First Log below:


OTL logfile created on: 8/7/2012 7:26:09 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Chris\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.60 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 64.14% Memory free
5.20 Gb Paging File | 3.82 Gb Available in Paging File | 73.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.29 Gb Total Space | 222.07 Gb Free Space | 77.84% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/07 19:21:35 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2012/05/03 13:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2012/03/02 14:41:20 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\DriverScanner\dsnotifier.exe
PRC - [2012/03/02 14:41:20 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/08 01:19:55 | 000,341,280 | ---- | M] () -- C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe
PRC - [2012/01/03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/11/29 13:28:04 | 002,177,536 | ---- | M] (Jackpot Rewards) -- C:\Program Files (x86)\Shop To Win\ShopToWin.exe
PRC - [2011/10/10 15:55:01 | 000,123,320 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe
PRC - [2011/09/05 10:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
PRC - [2011/02/03 14:50:10 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
PRC - [2011/02/03 14:40:58 | 004,442,552 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\hsplayer.exe
PRC - [2011/01/28 15:22:50 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/11/15 18:05:30 | 000,112,600 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/04/29 12:55:24 | 003,338,240 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Electronic Arts\EADM\Core.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/02 14:41:20 | 000,018,792 | ---- | M] () -- C:\Program Files (x86)\Uniblue\DriverScanner\cwebpage.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/10 14:52:04 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/20 16:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/28 14:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/26 18:00:34 | 000,827,456 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Windows\Temp\0026141344384374mcinst.exe -- (0026141344384374mcinstcleanup)
SRV - [2012/01/08 01:19:55 | 000,341,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe -- (SiteAdvisor Service)
SRV - [2011/10/10 15:55:01 | 000,123,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/09/05 10:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/10 11:53:46 | 000,102,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/07/27 06:06:44 | 000,267,488 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2011/02/03 14:50:10 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/01/28 15:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/07/01 12:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/06 09:23:59 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/08/02 18:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/04/20 20:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 14:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/02/10 15:22:00 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/02/10 14:15:08 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/02/08 21:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 00:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/01/05 03:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 14:58:54 | 000,137,512 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/05 09:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/05 09:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/10/08 13:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/09/27 17:24:42 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/03/29 22:32:59 | 000,079,052 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\windows\SysWow64\drivers\AFS.SYS -- (AFS)
DRV - [2011/09/20 22:11:39 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110921.002\EX64.SYS -- (NAVEX15)
DRV - [2011/09/20 22:11:39 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys -- (EraserUtilDrv11113)
DRV - [2011/09/20 22:11:39 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110921.002\ENG64.SYS -- (NAVENG)
DRV - [2011/09/09 12:44:05 | 001,152,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110909.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/08/17 20:33:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110917.033\IDSviA64.sys -- (IDSVia64)
DRV - [2011/08/06 09:23:15 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {926B08D6-41DF-4BC5-BCBA-1BA0F21FA3D0}
IE:64bit: - HKLM\..\SearchScopes\{926B08D6-41DF-4BC5-BCBA-1BA0F21FA3D0}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - C:\Program Files (x86)\Hot_MP3\prxtbHot_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1066435
IE - HKLM\..\SearchScopes\{EE25A3B3-A536-4146-9672-7B69D69A2420}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local



IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.com/ [binary data]
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blekko.com/ws...22&tbp=homepage
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\URLSearchHook: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - C:\Program Files (x86)\Hot_MP3\prxtbHot_.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\URLSearchHook: {FF365CDC-88FE-4ffa-A3F3-357855231DFA} - C:\Program Files (x86)\puredefmusic\toolbar\1.bin\p3SrcAs.dll (PureDef Music)
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\SearchScopes,DefaultScope = {E1F3415A-0DA2-44B7-846C-FC8639E37936}
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\SearchScopes\{027FCB67-3DD0-4615-8F63-22F4BF42E6B8}: "URL" = http://www.google.co...1I7TSNF_enUS443
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\SearchScopes\{181AC29E-593D-4985-81E0-8816D98DB271}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws...q={searchTerms}
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\SearchScopes\{4DD9C6B9-B3A4-4C43-A60C-08763F6E7E4B}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\SearchScopes\{AD43E158-63B0-4ECA-99FC-7822D2773A01}: "URL" = http://search.yahoo....0939,6901,0,8,0
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1066435
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\SearchScopes\{E1F3415A-0DA2-44B7-846C-FC8639E37936}: "URL" = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\SearchScopes\{EE25A3B3-A536-4146-9672-7B69D69A2420}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/10/09 19:57:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_9_4 [2012/08/06 19:30:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/10/23 15:54:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/10/23 15:54:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/08/07 19:06:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files (x86)\SiteAdvisor\6172\FF\ [2012/01/08 01:19:57 | 000,000,000 | ---D | M]

[2011/10/23 15:46:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - homepage: http://blekko.com/ws...22&tbp=homepage
CHR - default_search_provider: Blekko (Enabled)
CHR - default_search_provider: search_url = http://blekko.com/ws...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://blekko.com/ws...22&tbp=homepage
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\
CHR - Extension: We-Care Reminder = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.25_0\
CHR - Extension: Click to call with Skype = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\
CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files (x86)\blekkotb_031\blekkotb_019X.dll ()
O2 - BHO: (Shop to Win) - {91917DC6-93B9-4E62-B2D6-D39C9618C418} - C:\Program Files (x86)\Shop to Win 4\Shop to Win 4.dll File not found
O2 - BHO: (Hot MP3 Toolbar) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - C:\Program Files (x86)\Hot_MP3\prxtbHot_.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Dogpile Bundle Toolbar BHO) - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Toolbar BHO) - {E30A55B1-F1B7-43a4-B3F6-EC90CDC4FE60} - C:\Program Files (x86)\puredefmusic\toolbar\1.bin\p3bar.dll (PureDef Music)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (Search Assistant BHO) - {FF365CDB-88FE-4ffa-A3F3-357855231DFA} - C:\Program Files (x86)\puredefmusic\toolbar\1.bin\p3SrcAs.dll (PureDef Music)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files (x86)\blekkotb_031\blekkotb_019X.dll ()
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Hot MP3 Toolbar) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - C:\Program Files (x86)\Hot_MP3\prxtbHot_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (PureDef Music Toolbar) - {E30A55B9-F1B7-43a4-B3F6-EC90CDC4FE60} - C:\Program Files (x86)\puredefmusic\toolbar\1.bin\p3bar.dll (PureDef Music)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\Toolbar\WebBrowser: (Hot MP3 Toolbar) - {9384BD4C-DD14-4BE9-80F7-F6277511E4F5} - C:\Program Files (x86)\Hot_MP3\prxtbHot_.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\Toolbar\WebBrowser: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
O3 - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\Toolbar\WebBrowser: (PureDef Music Toolbar) - {E30A55B9-F1B7-43A4-B3F6-EC90CDC4FE60} - C:\Program Files (x86)\puredefmusic\toolbar\1.bin\p3bar.dll (PureDef Music)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [PureDef Music Plugin] C:\Program Files (x86)\puredefmusic\toolbar\1.bin\p3Plugin.dll (TightRope, Inc)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe ()
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" File not found
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000..\Run: [BearShare] C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe (MusicLab, LLC)
O4 - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000..\Run: [DriverScanner] C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000..\Run: [DW6] C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000..\Run: [Shop To Win] C:\Program Files (x86)\Shop To Win\ShopToWin.exe (Jackpot Rewards)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Search - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9498A65E-5757-4E7A-ACA7-E35CB31C6952}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACBF95E4-59DE-49F3-8984-5C77F316895E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2F40045-6A23-4413-B4B7-9E1A0893745F}: DhcpNameServer = 66.175.131.21 66.175.131.20
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAd64.dll ()
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll ()
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000 Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/07 19:21:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2012/08/07 19:01:10 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/08/07 19:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/07 19:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/08/06 19:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\2913B
[2012/08/06 14:13:28 | 000,000,000 | ---D | C] -- C:\boot
[90 C:\Users\Chris\AppData\Roaming\*.tmp files -> C:\Users\Chris\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/07 19:32:08 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/07 19:26:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/07 19:22:00 | 000,000,266 | ---- | M] () -- C:\windows\tasks\RMSchedule.job
[2012/08/07 19:21:35 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2012/08/07 19:07:49 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/07 19:07:49 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/07 19:00:35 | 000,001,119 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/07 19:00:25 | 000,000,939 | ---- | M] () -- C:\Users\Chris\Desktop\NTREGOPT.lnk
[2012/08/07 19:00:25 | 000,000,920 | ---- | M] () -- C:\Users\Chris\Desktop\ERUNT.lnk
[2012/08/07 18:59:23 | 000,740,720 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/08/07 18:59:23 | 000,633,390 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/08/07 18:59:23 | 000,110,734 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/08/07 18:55:40 | 000,000,324 | ---- | M] () -- C:\windows\tasks\HP Photo Creations Communicator.job
[2012/08/07 18:55:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/08/06 19:29:44 | 000,000,410 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro64 startups.job
[2012/08/06 19:29:44 | 000,000,340 | ---- | M] () -- C:\windows\tasks\DriverScanner.job
[2012/08/06 19:28:58 | 001,042,312 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/08/06 19:28:48 | 2094,161,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/06 19:19:58 | 000,003,416 | ---- | M] () -- C:\bootsqm.dat
[2012/08/06 14:13:28 | 000,386,226 | ---- | M] () -- C:\bootmgr
[90 C:\Users\Chris\AppData\Roaming\*.tmp files -> C:\Users\Chris\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/07 19:00:35 | 000,001,119 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/07 19:00:25 | 000,000,939 | ---- | C] () -- C:\Users\Chris\Desktop\NTREGOPT.lnk
[2012/08/07 19:00:24 | 000,000,920 | ---- | C] () -- C:\Users\Chris\Desktop\ERUNT.lnk
[2012/08/06 19:19:58 | 000,003,416 | ---- | C] () -- C:\bootsqm.dat
[2012/08/06 14:13:28 | 000,386,226 | ---- | C] () -- C:\bootmgr
[2011/10/21 08:16:52 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/21 08:16:52 | 000,000,112 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/21 08:16:45 | 000,000,464 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/09 23:16:36 | 000,009,154 | -H-- | C] () -- C:\Users\Chris\Jigga Juice sound track.aup
[2011/09/20 01:31:14 | 000,005,632 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/06 09:07:30 | 000,756,952 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/06/02 12:49:19 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2011/06/02 12:42:54 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/06/02 12:39:59 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/06/01 19:09:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Audacity
[2011/08/03 23:15:58 | 000,000,000 | -H-D | M] -- C:\Users\Chris\AppData\Roaming\Book Place
[2011/10/23 15:46:04 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\com.w3i.intune
[2012/06/01 18:01:06 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\EasyMP3Downloader
[2012/02/20 17:05:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Kingsoft
[2011/09/20 01:23:37 | 000,000,000 | -H-D | M] -- C:\Users\Chris\AppData\Roaming\MusicNet
[2011/08/07 11:58:24 | 000,000,000 | -H-D | M] -- C:\Users\Chris\AppData\Roaming\ooVoo Details
[2012/03/31 22:35:01 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenCandy
[2011/08/06 13:48:07 | 000,000,000 | -H-D | M] -- C:\Users\Chris\AppData\Roaming\Rovio
[2012/06/06 21:32:13 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\SoftGrid Client
[2011/08/04 00:56:12 | 000,000,000 | -H-D | M] -- C:\Users\Chris\AppData\Roaming\Tific
[2011/10/10 18:45:05 | 000,000,000 | -H-D | M] -- C:\Users\Chris\AppData\Roaming\Toshiba
[2011/08/06 09:10:24 | 000,000,000 | -H-D | M] -- C:\Users\Chris\AppData\Roaming\TP
[2012/06/04 15:52:35 | 000,000,000 | -H-D | M] -- C:\Users\Chris\AppData\Roaming\Uniblue
[2012/03/11 20:41:02 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Visan
[2011/10/12 04:18:40 | 000,000,000 | -H-D | M] -- C:\Users\Chris\AppData\Roaming\WhiteSmokeTranslator
[2011/08/03 23:01:54 | 000,000,000 | -H-D | M] -- C:\Users\Chris\AppData\Roaming\WinBatch
[2012/08/06 19:29:44 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\DriverScanner.job
[2012/08/06 19:29:44 | 000,000,410 | ---- | M] () -- C:\windows\Tasks\PC Optimizer Pro64 startups.job
[2012/08/07 19:22:00 | 000,000,266 | ---- | M] () -- C:\windows\Tasks\RMSchedule.job
[2012/06/17 19:04:57 | 000,032,556 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %systemdrive%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.ASFX >
[2011/09/05 12:05:00 | 000,001,836 | -H-- | M] () MD5=13C89B78521C07A31549C9D09FEF756D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pt_BR\Services\Services.asfx
[2011/09/05 12:04:58 | 000,001,888 | -H-- | M] () MD5=14A44E8C50067E903D81B951B0F20EC6 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_DE\Services\Services.asfx
[2011/09/05 12:05:06 | 000,002,333 | -H-- | M] () MD5=1F40CE84CCFD99E6EC5633890E6F5DFD -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\uk_UA\Services\Services.asfx
[2011/09/05 12:05:00 | 000,001,765 | -H-- | M] () MD5=250D79EB795013B6D926B2951024A3BB -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sv_SE\Services\Services.asfx
[2011/09/05 12:05:06 | 000,001,770 | -H-- | M] () MD5=326D5A150C48E137EF1A0A086C746888 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sl_SI\Services\Services.asfx
[2011/09/05 12:05:00 | 000,001,746 | -H-- | M] () MD5=3412870422FC0A2575E263BAAF0738CC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nb_NO\Services\Services.asfx
[2011/09/05 12:05:00 | 000,001,746 | -H-- | M] () MD5=3CC88D11998B6835AEB51BBE6D8DF0C3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\da_DK\Services\Services.asfx
[2011/09/05 12:05:06 | 000,001,792 | -H-- | M] () MD5=3E6DC2400B088DB84769C8ECD079273B -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\tr_TR\Services\Services.asfx
[2011/09/05 12:04:58 | 000,001,805 | -H-- | M] () MD5=48174B2E4B2CD1CD1907E5245A3A0B21 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\it_IT\Services\Services.asfx
[2011/09/05 12:05:04 | 000,001,936 | -H-- | M] () MD5=5F4B370E4002A64521BDD68624EB8108 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hu_HU\Services\Services.asfx
[2011/09/05 12:05:06 | 000,001,800 | -H-- | M] () MD5=7400B0AE9DDCA0F5913679E30C4C0658 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ca_ES\Services\Services.asfx
[2011/09/05 12:05:00 | 000,001,811 | -H-- | M] () MD5=91625FDA8230436DEFE5900C91A6621E -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nl_NL\Services\Services.asfx
[2011/09/05 12:05:04 | 000,001,750 | -H-- | M] () MD5=A340A1AC77219E2CA847F8D6F7FC3A86 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_TW\Services\Services.asfx
[2011/09/05 12:05:02 | 000,001,848 | -H-- | M] () MD5=ADC1F664D83173C7D8BB2F15FF78B35F -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ko_KR\Services\Services.asfx
[2011/09/05 12:05:04 | 000,001,842 | -H-- | M] () MD5=B37B456519095064DF61CD448EE5252D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\cs_CZ\Services\Services.asfx
[2011/09/05 12:04:58 | 000,001,959 | -H-- | M] () MD5=C021B27CC046FD08C010C61AAE81E9C7 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ja_JP\Services\Services.asfx
[2011/09/05 12:05:06 | 000,001,847 | -H-- | M] () MD5=C0EB4141140E016394875D39FAB0B709 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sk_SK\Services\Services.asfx
[2011/09/05 12:05:02 | 000,001,728 | -H-- | M] () MD5=C6C7116072CEB7533050E6D8A66373B9 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_CN\Services\Services.asfx
[2011/09/05 12:05:04 | 000,001,785 | -H-- | M] () MD5=CE2066D362ED22CA6B1D6F85F3CA68CE -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pl_PL\Services\Services.asfx
[2011/09/05 12:05:06 | 000,001,854 | -H-- | M] () MD5=D01B5387ADDFDC752452043424FEB665 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ro_RO\Services\Services.asfx
[2010/11/15 23:02:32 | 000,000,228 | RH-- | M] () MD5=E09422BE0C7636A7B63A1527C4C1372D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx
[2011/09/05 12:05:00 | 000,002,223 | -H-- | M] () MD5=E97C70B4BF9C3CB3DFE2DFF39BFA6C9E -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fi_FI\Services\Services.asfx
[2011/09/05 12:05:00 | 000,001,816 | -H-- | M] () MD5=ED4417FB4F270254B27E0D2A5FCAA65F -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\es_ES\Services\Services.asfx
[2011/09/05 12:05:06 | 000,002,376 | -H-- | M] () MD5=F6F160D19299A641F5F4F4CB2558301C -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ru_RU\Services\Services.asfx
[2011/09/05 12:05:08 | 000,001,763 | -H-- | M] () MD5=F74ACA6507409484E1DB2F344D61602B -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\eu_ES\Services\Services.asfx
[2011/09/05 12:05:06 | 000,001,793 | -H-- | M] () MD5=FA15C7EC21355391225D76C910089F50 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hr_HR\Services\Services.asfx
[2011/09/05 12:04:58 | 000,001,831 | -H-- | M] () MD5=FE3CE5C3CCD3DF6B436B0DA535E36744 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fr_FR\Services\Services.asfx

< MD5 for: SERVICES.ASFX1 >
[2010/11/15 23:02:32 | 000,000,228 | RH-- | M] () MD5=A7B7A4CC1A717292474115CD3A4AC121 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx1

< MD5 for: SERVICES.ASFX10 >
[2010/11/15 23:02:34 | 000,000,233 | RH-- | M] () MD5=3382FAB54FC906B0E40269D903A8D690 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx10

< MD5 for: SERVICES.ASFX11 >
[2010/11/15 23:02:26 | 000,000,227 | RH-- | M] () MD5=F36865AB3B9813962B7EDBE66FA1C28A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx11

< MD5 for: SERVICES.ASFX12 >
[2010/11/15 23:02:30 | 000,000,225 | RH-- | M] () MD5=9287C7268CC0F37F1DDE18CEBB128685 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx12

< MD5 for: SERVICES.ASFX13 >
[2010/11/15 23:02:30 | 000,000,228 | RH-- | M] () MD5=95326C46AC2654AFF5C8543DFE22CCB3 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx13

< MD5 for: SERVICES.ASFX14 >
[2010/11/15 23:02:26 | 000,000,228 | RH-- | M] () MD5=14DA84ECAF57B5ADA36B9093FF04CF32 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx14

< MD5 for: SERVICES.ASFX15 >
[2010/11/15 23:02:26 | 000,000,231 | RH-- | M] () MD5=CF94F061685A38BABE0BBD463191EDE7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx15

< MD5 for: SERVICES.ASFX16 >
[2010/11/15 23:02:34 | 000,000,232 | RH-- | M] () MD5=B6E63D87C73CED2D6B433C542C5C3965 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx16

< MD5 for: SERVICES.ASFX17 >
[2010/11/15 23:02:34 | 000,000,230 | RH-- | M] () MD5=545E97C4F4CEA743A8D86B685EE2EDBB -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx17

< MD5 for: SERVICES.ASFX18 >
[2010/11/15 23:02:24 | 000,000,230 | RH-- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx18

< MD5 for: SERVICES.ASFX19 >
[2010/11/15 23:02:26 | 000,000,225 | RH-- | M] () MD5=0A27F1D6595A69800A43CDE155B1E4A0 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx19

< MD5 for: SERVICES.ASFX2 >
[2010/11/15 23:02:36 | 000,000,264 | RH-- | M] () MD5=0652D24D4E2799851A6DF1705E2BFFDA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx2

< MD5 for: SERVICES.ASFX20 >
[2010/11/15 23:02:38 | 000,000,231 | RH-- | M] () MD5=C85F2519DC6AECF93F67AA613A320136 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx20

< MD5 for: SERVICES.ASFX21 >
[2010/11/15 23:02:26 | 000,000,231 | RH-- | M] () MD5=8C95C0528EA7049A1DFC7A7342461D75 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx21

< MD5 for: SERVICES.ASFX22 >
[2010/11/15 23:02:24 | 000,000,231 | RH-- | M] () MD5=9F2731666F5771CC5C1E4EEDC8FB8607 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx22

< MD5 for: SERVICES.ASFX23 >
[2010/11/15 23:02:26 | 000,000,225 | RH-- | M] () MD5=0E89BE53F56B22390CF61584B649CE01 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx23

< MD5 for: SERVICES.ASFX24 >
[2010/11/15 23:02:32 | 000,000,229 | RH-- | M] () MD5=E57594DB9B9D78AB4B53D34CAFEB8497 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx24

< MD5 for: SERVICES.ASFX25 >
[2010/11/15 23:02:36 | 000,000,232 | RH-- | M] () MD5=611CB9CC21D2DDAD711690671F70EF39 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx25

< MD5 for: SERVICES.ASFX3 >
[2010/11/15 23:02:34 | 000,000,229 | RH-- | M] () MD5=F9824728970AC8199BABDC9CBA5E038C -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx3

< MD5 for: SERVICES.ASFX4 >
[2010/11/15 23:02:26 | 000,000,226 | RH-- | M] () MD5=55EA57D90AE22BDF0132597EF0D7C9C7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx4

< MD5 for: SERVICES.ASFX5 >
[2010/11/15 23:02:34 | 000,000,233 | RH-- | M] () MD5=846C265B751189E88B74F0155DB6B828 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx5

< MD5 for: SERVICES.ASFX6 >
[2010/11/15 23:02:36 | 000,000,231 | RH-- | M] () MD5=89BD37C4118540FD5AA8CDD0C24D6C0A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx6

< MD5 for: SERVICES.ASFX7 >
[2010/11/15 23:02:34 | 000,000,245 | RH-- | M] () MD5=0B82FAB8FF5F988C5311DF1144A7D740 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx7

< MD5 for: SERVICES.ASFX8 >
[2010/11/15 23:02:34 | 000,000,231 | RH-- | M] () MD5=5226417D3C8206000A8983BDC1243075 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx8

< MD5 for: SERVICES.ASFX9 >
[2010/11/15 23:02:30 | 000,000,234 | RH-- | M] () MD5=EBD8D036504F2935675F5F432F076DBA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx9

< MD5 for: SERVICES.CFG >
[2011/09/05 12:04:56 | 000,584,808 | ---- | M] () MD5=B3B25937514C772FD2490108B91CE17F -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2010/11/15 23:02:22 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 02:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\windows\SysNative\en-US\services.exe.mui
[2010/11/21 02:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 02:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\services.msc
[2010/11/21 02:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 02:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 02:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

#21
new-be

new-be

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Second Log:


OTL Extras logfile created on: 8/7/2012 7:26:09 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Chris\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.60 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 64.14% Memory free
5.20 Gb Paging File | 3.82 Gb Available in Paging File | 73.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.29 Gb Total Space | 222.07 Gb Free Space | 77.84% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C58E12E-8ED5-488C-B605-E3D9D297CA7C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1264D83D-8D87-433C-8F28-56921ACF43F0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{16EA5E6A-F41F-4E7D-BD0E-9F22F2880584}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1B518503-585C-4304-B77F-21EEF955AF58}" = lport=138 | protocol=17 | dir=in | app=system |
"{1D9C026C-2DE9-4274-A6B4-9C6FC26DA144}" = rport=138 | protocol=17 | dir=out | app=system |
"{2BFA18D0-3B43-4AB7-935B-CD5F939B53B0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E2804E6-729C-42D1-BF27-2508C4FB71C0}" = rport=139 | protocol=6 | dir=out | app=system |
"{384DA191-58E7-4C14-B13A-369E8C44A652}" = rport=137 | protocol=17 | dir=out | app=system |
"{47308232-6F0C-4E8B-B9E2-6113892E145C}" = lport=137 | protocol=17 | dir=in | app=system |
"{4BBFC5AB-D249-4A2F-8B42-9CB2519AEC57}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{683E1B3C-9BC6-4059-9504-3F912A619CAF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{786DBAF2-8920-461B-BF5B-F391E3C12342}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{78CA489B-898D-437B-A999-FF9E6A7CA7C1}" = lport=139 | protocol=6 | dir=in | app=system |
"{929BF66F-3D02-48FF-890A-CA8A1156C669}" = lport=445 | protocol=6 | dir=in | app=system |
"{A038D2FE-2987-41B6-AAA7-E00B107F0E87}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0A35668-0231-4EB7-B67A-F442DDF270AC}" = rport=445 | protocol=6 | dir=out | app=system |
"{A5C3D188-98E5-4347-9ED6-AA1CE6ED3257}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A6FDBCAB-5463-448C-9743-BAFF40D49E78}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B73BBC5E-429C-48A2-816D-A74BA53E551C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD628944-AE40-4B65-8507-DF116D0732A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CE6011B1-631A-4325-9F66-A4842940784E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E154CEA0-0DB7-4D59-96B4-A3CDAA2BBFA1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E6E791C7-3A99-4104-BDA4-DA24B9B8599B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F39B94D1-FB09-4B4A-A9E6-E5B0FBA03FB3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F7E2D8FB-D4CA-49A0-A8F6-7EB1A78F29B0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06F4AA08-20DA-4E49-BFAE-8BAA54C7B527}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{0C30DE57-8515-4BBD-AD17-8B77003DB613}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{11AAFC1E-DE98-4E74-A70D-272CEE76D639}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{23469969-9A62-4FC5-8315-36D714BEE191}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{25C5FFCE-1945-4FCD-8330-8EE98270CB84}" = protocol=17 | dir=in | app=c:\program files (x86)\dogpile bundle toolbar\troubleshooter.exe |
"{2AC3EE25-83BA-4EAE-B4B5-11E6BA99A360}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{2CA828A0-0DB4-4BE8-BF29-5046C2B8BE57}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{2E8AFC88-38C1-4EC5-BBC3-526A93CF703E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3484DFD6-77C0-4D71-B2DF-FDEC6A7C48AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4810ED63-F4E2-4B65-BD39-FCD3708B2D6D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4E7A6B20-EA8D-4F09-8BD6-30A20ADDC977}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{543689BD-52BB-449C-BE0E-A658D2FCE6F5}" = protocol=6 | dir=in | app=c:\program files (x86)\dogpile bundle toolbar\troubleshooter.exe |
"{581B59D9-09F7-4C4A-B537-B1E51A10B289}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5957B13A-8067-4F34-9529-95BD72FF93E3}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{5A8CF5ED-7DF7-4E6E-989B-8DD52567BEF2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{633CDD47-5137-4781-8025-DDB159371387}" = protocol=17 | dir=in | app=c:\program files (x86)\dogpile bundle toolbar\toolbarupdate.exe |
"{63C57E60-A386-4F28-B509-59F0E3495AEE}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{63F9727C-F1FA-4EE3-B398-FB40E9141B4E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{722F87FC-89DC-4B86-95D7-38C38617A7BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7538C960-3A32-494F-82E0-EA8731436A21}" = protocol=6 | dir=in | app=c:\program files (x86)\dogpile bundle toolbar\toolbarupdate.exe |
"{7DD1AFD1-D9B9-40AB-AFD1-3187A500E307}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7E47F0A6-5531-4A60-A44C-CD967B4ECC82}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8CC21EE6-28DB-4DE0-90B9-669EE840B968}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{909837F4-A1AE-43E3-93B5-B277A978FDA0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{90FEF744-2253-416A-A385-43E29D3BF15A}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{91DBB59B-9AFE-484C-95E0-A8787E59387F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{95E9BD52-39F7-47CC-A092-34295F2D3406}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{975A8977-67D7-41F0-AFA1-074CE3DB0108}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B553803-16E5-4C5A-B107-AFA93C895AEC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A2F21C5C-A80B-4009-9C61-F60217B42128}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{AE2E2C5A-2BEA-4741-BF45-D3D6BF211897}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B632979E-86F2-447C-AF54-3945542D3CF0}" = protocol=1 | dir=out | [email protected],-28544 |
"{BC780360-355F-48F3-A238-17542E6D6A3A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C60E03FA-8FCC-44FA-97A0-2D08B1E8CABD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C7B1FA5B-651A-40DC-A26E-BCFA75973D79}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CB727FE1-926D-43B8-A10E-106892986F0E}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{E01E1ACA-3A5C-42C8-A557-BA4F3355208D}" = protocol=1 | dir=in | [email protected],-28543 |
"{E3CDEC98-81E2-4332-AB54-56C9F335829F}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{EBF9AC88-2CFC-4623-9E5D-7CF01EC130DD}" = protocol=58 | dir=in | [email protected],-28545 |
"{ED3EE8B0-1895-4C7D-B3F8-815FAA366DE9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{ED77E2BF-00F1-4976-90F4-1EFD9799D54A}" = protocol=58 | dir=out | [email protected],-28546 |
"{EEEF8D48-4191-4E87-8899-E7AD3B5E86D7}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{F4AC1F1F-911E-4EA5-9140-620E351E8B51}" = protocol=6 | dir=out | app=system |
"{F889D27D-E643-40B8-8837-FE367775C257}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FCB8509E-0F79-402D-837D-1FEA59469693}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"TCP Query User{61931B74-C328-47BB-953A-A356CC34B932}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{A101AEB3-BCC6-47E4-89A1-3133E64478A3}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{E1348CD6-727F-4C9F-AE9C-FC5C033EF412}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{E5C70C10-807C-46F6-9C82-A7329074B5DC}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{1C55774F-9178-415F-A787-B36D6FEA31D8}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{E58BCBAD-2108-472E-92F3-460417E2EC93}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{E6046460-D833-4505-AAD1-059E479E81AF}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{FA3456F1-931C-4D2B-AA14-C944DD6D4882}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series" = Canon MX320 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D27E8CF-7546-F200-4CA3-CD2F39909F5A}" = ATI Catalyst Install Manager
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{3EF6F8CE-BE77-0786-CA40-3CB5BF5EBCC8}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{522D5958-FFF0-2849-776B-442BE2A0004C}" = WMV9/VC-1 Video Playback
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7D220A57-969F-4D09-9297-D48195A8ABDD}" = HP Deskjet 3050 J610 series Basic Device Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{860B418B-F90B-465A-BC1D-04B518045C72}" = HP Deskjet 3050 J610 series Product Improvement Study
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-X64 8.0.8.0_R01
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PC Optimizer Pro" = PC Optimizer Pro

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04259F13-626E-814E-A80C-4601DFF3CE95}" = CCC Help Finnish
"{04D90620-2973-6F93-6E6C-C833F39C50C1}" = CCC Help Thai
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = [email protected] 1.0
"{0FC61261-B251-C870-C650-8A854F1B4CF0}" = CCC Help Chinese Standard
"{137EA7E1-D30B-4373-B8B6-CB7E85107F6D}" = Angry Birds Rio
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24C563C0-5569-A3BF-DF26-AAB3F25B5375}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2823D463-54F8-F7B4-818F-B7436FF70658}" = CCC Help Portuguese
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links
"{32F32D10-5190-7565-DD14-C235FAF81408}" = CCC Help Dutch
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{34F971C8-B75F-6B8D-4AFC-5DAB84241AE6}" = CCC Help French
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3798E892-DB93-6BE5-D4AD-8D1C4569F5EF}" = CCC Help Norwegian
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52A2A26B-59BE-DE58-67EA-AE33077248A0}" = CCC Help Greek
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{589EB570-9B45-8EF9-7A0F-2A5B3A37BC49}" = CCC Help Swedish
"{59F65EE9-3DD6-6944-8222-342A9947D40B}" = Catalyst Control Center InstallProxy
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{60A1C223-4D86-AD1E-FB21-DE75010DABE3}" = CCC Help Hungarian
"{618AF7BF-10CD-0118-EE52-ED9BC440487B}" = CCC Help Russian
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C313A41-2704-23C5-DA68-05BB34126233}" = CCC Help Italian
"{6C49A7D6-FD97-A573-29C7-87ED1756AC6D}" = CCC Help Chinese Traditional
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{70B4D913-147C-7084-961A-6728E8F2AC2E}" = CCC Help Korean
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = ooVoo toolbar, powered by Ask.com
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92C7DC44-DAD3-49FE-B89B-F92C6BA9A331}" = Toshiba Book Place
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94358C28-335B-4E43-BC4E-C59576BAB653}" = CWA Reminder by We-Care.com v4.0.16.3
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.1) MUI
"{ACB77FD0-7796-82B5-51B1-3ABAD84932E7}" = Catalyst Control Center Graphics Previews Common
"{AE26F217-2100-A52C-2A00-3829358E4930}" = ccc-core-static
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B35FB627-BB1F-E79D-9512-E7CF549B00AD}" = CCC Help Polish
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C22E50B4-B9D0-4a07-B1F3-12362514FEA7}" = The Sims™ 2 Double Deluxe
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C4F1B841-0C75-368C-0A54-1BAF7C8B6A91}" = CCC Help English
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE15C07B-32E3-0586-305C-975F0FEE559A}" = CCC Help Turkish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0D9F8EE-E123-4E0F-9BA3-2128C6588AF5}_is1" = Shop To Win
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DC280F21-4FD6-9D47-6323-7CD5C8712DFB}" = CCC Help Spanish
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E34351A4-4B10-4DFF-96BC-84C642D9C625}" = The Print Shop 22
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{ED8AB7F6-E885-A8E9-1E97-2218D89FAE8F}" = CCC Help German
"{EEE6C8F8-4FDD-A08F-2292-31B34E327C0C}" = CCC Help Japanese
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F4C03C2A-E14E-EB7C-AAD7-F4FB6396BEA1}" = Catalyst Control Center Localization All
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{F9E83908-4502-9B01-6B42-21E449DD2627}" = CCC Help Czech
"{FB90923E-F94F-4343-A084-F0AB39305C8B}" = Catalyst Control Center - Branding
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"BearShare" = BearShare
"blekkotb_031" = blekko search bar
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dogpile Bundle Toolbar" = Dogpile Bundle Toolbar
"EADM" = EA Download Manager
"EasyMP3Downloader" = Easy MP3 Downloader
"ERUNT_is1" = ERUNT 1.1j
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"FrostWire 5" = FrostWire 5.3.4
"Google Chrome" = Google Chrome
"Hot_MP3 Toolbar" = Hot MP3 Toolbar
"HP Photo Creations" = HP Photo Creations
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"NIS" = Norton Internet Security
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"puredefmusictoolbar Uninstall" = PureDef Music Toolbar
"Registry Mechanic_is1" = Registry Mechanic 10.0
"StartNow Toolbar" = StartNow Toolbar
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-59b54399-03b8-4acf-8b5d-feafde272834" = Zuma's Revenge
"WTA-8c4ef50a-63d5-4ecf-b7ea-934b0eadf1da" = Bejeweled 3
"WTA-9643d4f7-41ff-4d5e-87a5-03cce3c0212d" = Penguins!
"WTA-99b5eb5f-e162-44ea-b871-f1b847508529" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-c991088a-21d5-4177-b802-db11c04b42df" = Plants vs. Zombies - Game of the Year
"WTA-ca2ea899-41db-46bb-8322-bff4388eacbf" = Tom Clancy's Splinter Cell
"WTA-dc506f2e-1e95-4583-8706-d7aea8c70f83" = FATE - The Traitor Soul
"WTA-e32106a6-d185-4c29-8ff6-907a0835bf1c" = Polar Bowler
"WTA-f0b30d1b-43ab-478a-8a9f-dcace2ffbc04" = Chuzzle Deluxe
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3617893529-4059277085-4184883922-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = ooVoo toolbar, powered by Ask.com Updater
"FoxTab Media Player" = FoxTab Media Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/1/2012 7:49:44 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: B907.tmp, version: 5.1.2600.5512, time
stamp: 0x4fc7ec80 Faulting module name: B907.tmp, version: 5.1.2600.5512, time stamp:
0x4fc7ec80 Exception code: 0xc0000005 Fault offset: 0x00004af9 Faulting process id:
0x39e0 Faulting application start time: 0x01cd405137ce1191 Faulting application path:
C:\Users\Chris\AppData\Roaming\B907.tmp Faulting module path: C:\Users\Chris\AppData\Roaming\B907.tmp
Report
Id: 75daa7d2-ac44-11e1-b079-00266cc313b4

Error - 6/1/2012 7:54:36 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: 2664.tmp, version: 5.1.2600.5512, time
stamp: 0x4fc7ec80 Faulting module name: 2664.tmp, version: 5.1.2600.5512, time stamp:
0x4fc7ec80 Exception code: 0xc0000005 Fault offset: 0x00004af9 Faulting process id:
0x3c88 Faulting application start time: 0x01cd4051e4a10edc Faulting application path:
C:\Users\Chris\AppData\Roaming\2664.tmp Faulting module path: C:\Users\Chris\AppData\Roaming\2664.tmp
Report
Id: 23bc1fae-ac45-11e1-b079-00266cc313b4

Error - 6/1/2012 8:01:25 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: 4465.tmp, version: 0.0.0.0, time stamp:
0x4f13d339 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00003212 Faulting process id: 0x31bc Faulting application
start time: 0x01cd4052d910e389 Faulting application path: C:\Users\Chris\AppData\Roaming\4465.tmp
Faulting
module path: unknown Report Id: 176b25bd-ac46-11e1-b079-00266cc313b4

Error - 6/1/2012 8:01:25 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: 52E7.tmp, version: 0.0.0.0, time stamp:
0x4f13d398 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00003212 Faulting process id: 0x281c Faulting application
start time: 0x01cd4052d79672ff Faulting application path: C:\Users\Chris\AppData\Roaming\52E7.tmp
Faulting
module path: unknown Report Id: 176e3309-ac46-11e1-b079-00266cc313b4

Error - 6/1/2012 8:01:28 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: 6FFA.tmp, version: 5.1.2600.5512, time
stamp: 0x4fc7ec80 Faulting module name: 6FFA.tmp, version: 5.1.2600.5512, time stamp:
0x4fc7ec80 Exception code: 0xc0000005 Fault offset: 0x00004af9 Faulting process id:
0x3df0 Faulting application start time: 0x01cd4052da69c1d6 Faulting application path:
C:\Users\Chris\AppData\Roaming\6FFA.tmp Faulting module path: C:\Users\Chris\AppData\Roaming\6FFA.tmp
Report
Id: 195dd54b-ac46-11e1-b079-00266cc313b4

Error - 6/1/2012 8:06:13 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: D134.tmp, version: 5.1.2600.5512, time
stamp: 0x4fc7ec80 Faulting module name: D134.tmp, version: 5.1.2600.5512, time stamp:
0x4fc7ec80 Exception code: 0xc0000005 Fault offset: 0x00004af9 Faulting process id:
0x3ba4 Faulting application start time: 0x01cd405385436e17 Faulting application path:
C:\Users\Chris\AppData\Roaming\D134.tmp Faulting module path: C:\Users\Chris\AppData\Roaming\D134.tmp
Report
Id: c3909071-ac46-11e1-b079-00266cc313b4

Error - 6/1/2012 8:13:15 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: 40F7.tmp, version: 5.1.2600.5512, time
stamp: 0x4fc7ec80 Faulting module name: 40F7.tmp, version: 5.1.2600.5512, time stamp:
0x4fc7ec80 Exception code: 0xc0000005 Fault offset: 0x00004af9 Faulting process id:
0x41a0 Faulting application start time: 0x01cd405480b4cb88 Faulting application path:
C:\Users\Chris\AppData\Roaming\40F7.tmp Faulting module path: C:\Users\Chris\AppData\Roaming\40F7.tmp
Report
Id: beff0d79-ac47-11e1-b079-00266cc313b4

Error - 6/1/2012 8:20:07 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: 8669.tmp, version: 5.1.2600.5512, time
stamp: 0x4fc7ec80 Faulting module name: 8669.tmp, version: 5.1.2600.5512, time stamp:
0x4fc7ec80 Exception code: 0xc0000005 Fault offset: 0x00004af9 Faulting process id:
0xb30 Faulting application start time: 0x01cd405575a01cf3 Faulting application path:
C:\Users\Chris\AppData\Roaming\8669.tmp Faulting module path: C:\Users\Chris\AppData\Roaming\8669.tmp
Report
Id: b4958ffd-ac48-11e1-b079-00266cc313b4

Error - 6/1/2012 8:26:51 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: B676.tmp, version: 5.1.2600.5512, time
stamp: 0x4fc7ec80 Faulting module name: B676.tmp, version: 5.1.2600.5512, time stamp:
0x4fc7ec80 Exception code: 0xc0000005 Fault offset: 0x00004af9 Faulting process id:
0x43c Faulting application start time: 0x01cd40566754d106 Faulting application path:
C:\Users\Chris\AppData\Roaming\B676.tmp Faulting module path: C:\Users\Chris\AppData\Roaming\B676.tmp
Report
Id: a54fdad5-ac49-11e1-b079-00266cc313b4

Error - 6/1/2012 8:33:47 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: 933.tmp, version: 5.1.2600.5512, time stamp:
0x4fc7ec80 Faulting module name: 933.tmp, version: 5.1.2600.5512, time stamp: 0x4fc7ec80
Exception
code: 0xc0000005 Fault offset: 0x00004af9 Faulting process id: 0x22f8 Faulting application
start time: 0x01cd40575e626a18 Faulting application path: C:\Users\Chris\AppData\Roaming\933.tmp
Faulting
module path: C:\Users\Chris\AppData\Roaming\933.tmp Report Id: 9d696994-ac4a-11e1-b079-00266cc313b4

Error - 6/1/2012 8:40:36 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: 4360.tmp, version: 5.1.2600.5512, time
stamp: 0x4fc7ec80 Faulting module name: 4360.tmp, version: 5.1.2600.5512, time stamp:
0x4fc7ec80 Exception code: 0xc0000005 Fault offset: 0x00004af9 Faulting process id:
0x48b8 Faulting application start time: 0x01cd40585199d30c Faulting application path:
C:\Users\Chris\AppData\Roaming\4360.tmp Faulting module path: C:\Users\Chris\AppData\Roaming\4360.tmp
Report
Id: 9156cf69-ac4b-11e1-b079-00266cc313b4

[ Media Center Events ]
Error - 5/19/2012 10:57:26 PM | Computer Name = Chris-PC | Source = MCUpdate | ID = 0
Description = 9:57:26 PM - Error connecting to the internet. 9:57:26 PM - Unable
to contact server..

Error - 6/4/2012 3:30:10 PM | Computer Name = Chris-PC | Source = MCUpdate | ID = 0
Description = 2:30:10 PM - Error connecting to the internet. 2:30:10 PM - Unable
to contact server..

Error - 6/4/2012 3:30:27 PM | Computer Name = Chris-PC | Source = MCUpdate | ID = 0
Description = 2:30:15 PM - Error connecting to the internet. 2:30:15 PM - Unable
to contact server..

Error - 8/6/2012 8:37:09 PM | Computer Name = Chris-PC | Source = MCUpdate | ID = 0
Description = 7:36:55 PM - Error connecting to the internet. 7:36:55 PM - Unable
to contact server..

[ System Events ]
Error - 1/17/2012 12:49:58 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7034
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 3 time(s).

Error - 1/17/2012 12:50:45 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the DNS Client service, but this
action failed with the following error: %%1056

Error - 1/17/2012 12:51:14 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7034
Description = The Cryptographic Services service terminated unexpectedly. It has
done this 3 time(s).

Error - 1/17/2012 12:51:14 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7034
Description = The DNS Client service terminated unexpectedly. It has done this
3 time(s).

Error - 1/17/2012 12:51:14 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7034
Description = The Network Location Awareness service terminated unexpectedly. It
has done this 3 time(s).

Error - 1/17/2012 12:55:41 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7034
Description = The Cryptographic Services service terminated unexpectedly. It has
done this 4 time(s).

Error - 1/17/2012 12:55:41 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7034
Description = The DNS Client service terminated unexpectedly. It has done this
4 time(s).

Error - 1/17/2012 12:55:41 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7034
Description = The Workstation service terminated unexpectedly. It has done this
3 time(s).

Error - 1/17/2012 2:31:10 AM | Computer Name = Chris-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Silverlight (KB2617986).

Error - 1/18/2012 10:50:49 PM | Computer Name = Chris-PC | Source = Application Popup | ID = 1060
Description = \??\C:\PROGRA~2\McAfee\VIRUSS~1\mferkdk.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.


< End of report >
Thanks,
deltaboy
  • 0

#22
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts
Hi. :)

I haven't been using it very much. Scared it may crash again. It is working well for the time I have been on it.

OK/fair play...I appreciate your concern.

Yes, I was able to create the disc.

Good.

Next:

Is the subscription still active/valid for the presently installed Norton Internet Security?

Toshiba Recovery Media Creator

This is actually installed on your machine and I strongly advise you make use of it before proceeding any further. How to do so can be read in the following tutorials:-

How to use the TOSHIBA Recovery Media Creator

Creating system recovery media using the Toshiba Recovery Media Creator utility

So basically what I am advising is creating a set of Recovery Disks unique to your machine...

Peer to Peer Advice:

I see you have both BearShare and FrostWire installed. If you have used either recently, you can be fairly confident this is a principal reason your computer became infected.

It's really important, if you value your computer at all, to stay away from all types/variations of P2P file sharing programs.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".

My friendly advice would be to uninstall the aforementioned. However if you opt not to please refrain from using either for the duration of the malware removal process, thank you.

Next:

Out of date Adobe and Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. We will update both in due course.

Now please go to Start(Windows 7 Orb) >> Control Panel >> Programs and Features and remove the following (if present):

Dogpile Bundle Toolbar
Adobe Reader X (10.1.1) MUI
blekkotb_031(blekko search bar)
Hot MP3 Toolbar
Java™ 6 Update 20
PureDef Music Toolbar
Registry Mechanic 10.0
ooVoo toolbar, powered by Ask.com
Shop To Win
StartNow Toolbar
Uniblue DriverScanner
Yontoo Layers Runtime 1.10.01


To do so click once on each of the above to highlight, then click on Uninstall/Change and follow the prompts.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Custom OTL Script:

Note: Part of the custom script below will remove the Windows Sidebar from auto starting. Reason why can be read here.

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:OTL
IE - HKLM\..\URLSearchHook: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - C:\Program Files (x86)\Hot_MP3\prxtbHot_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1066435
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blekko.com/ws...22&tbp=homepage
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\URLSearchHook: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - C:\Program Files (x86)\Hot_MP3\prxtbHot_.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\URLSearchHook: {FF365CDC-88FE-4ffa-A3F3-357855231DFA} - C:\Program Files (x86)\puredefmusic\toolbar\1.bin\p3SrcAs.dll (PureDef Music)
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws...q={searchTerms}
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1066435
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\SearchScopes\{E1F3415A-0DA2-44B7-846C-FC8639E37936}: "URL" = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files (x86)\blekkotb_031\blekkotb_019X.dll ()
O2 - BHO: (Shop to Win) - {91917DC6-93B9-4E62-B2D6-D39C9618C418} - C:\Program Files (x86)\Shop to Win 4\Shop to Win 4.dll File not found
O2 - BHO: (Hot MP3 Toolbar) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - C:\Program Files (x86)\Hot_MP3\prxtbHot_.dll (Conduit Ltd.)
O2 - BHO: (Dogpile Bundle Toolbar BHO) - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Toolbar BHO) - {E30A55B1-F1B7-43a4-B3F6-EC90CDC4FE60} - C:\Program Files (x86)\puredefmusic\toolbar\1.bin\p3bar.dll (PureDef Music)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (Search Assistant BHO) - {FF365CDB-88FE-4ffa-A3F3-357855231DFA} - C:\Program Files (x86)\puredefmusic\toolbar\1.bin\p3SrcAs.dll (PureDef Music)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files (x86)\blekkotb_031\blekkotb_019X.dll ()
O3 - HKLM\..\Toolbar: (Hot MP3 Toolbar) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - C:\Program Files (x86)\Hot_MP3\prxtbHot_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (PureDef Music Toolbar) - {E30A55B9-F1B7-43a4-B3F6-EC90CDC4FE60} - C:\Program Files (x86)\puredefmusic\toolbar\1.bin\p3bar.dll (PureDef Music)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\Toolbar\WebBrowser: (Hot MP3 Toolbar) - {9384BD4C-DD14-4BE9-80F7-F6277511E4F5} - C:\Program Files (x86)\Hot_MP3\prxtbHot_.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\Toolbar\WebBrowser: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
O3 - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\Toolbar\WebBrowser: (PureDef Music Toolbar) - {E30A55B9-F1B7-43A4-B3F6-EC90CDC4FE60} - C:\Program Files (x86)\puredefmusic\toolbar\1.bin\p3bar.dll (PureDef Music)
O4:64bit: - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [PureDef Music Plugin] C:\Program Files (x86)\puredefmusic\toolbar\1.bin\p3Plugin.dll (TightRope, Inc)
O4 - HKLM..\Run: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000..\Run: [DriverScanner] C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000..\Run: [Shop To Win] C:\Program Files (x86)\Shop To Win\ShopToWin.exe (Jackpot Rewards)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O8:64bit: - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
[2012/08/06 19:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\2913B
[90 C:\Users\Chris\AppData\Roaming\*.tmp files -> C:\Users\Chris\AppData\Roaming\*.tmp -> ]
[2012/08/07 19:22:00 | 000,000,266 | ---- | M] () -- C:\windows\tasks\RMSchedule.job
[2012/08/06 19:29:44 | 000,000,410 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro64 startups.job
[2012/08/06 19:29:44 | 000,000,340 | ---- | M] () -- C:\windows\tasks\DriverScanner.job
[2011/10/21 08:16:52 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/21 08:16:52 | 000,000,112 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/21 08:16:45 | 000,000,464 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:Files
ipconfig /flushdns /c
C:\Program Files\PC Optimizer Pro
C:\Program Files (x86)\PC Optimizer Pro
C:\Users\Chris\AppData\Roaming\B907.tmp
C:\Users\Chris\AppData\Roaming\2664.tmp
C:\Users\Chris\AppData\Roaming\4465.tmp
C:\Users\Chris\AppData\Roaming\52E7.tmp
C:\Users\Chris\AppData\Roaming\6FFA.tmp
C:\Users\Chris\AppData\Roaming\D134.tmp
C:\Users\Chris\AppData\Roaming\40F7.tmp
C:\Users\Chris\AppData\Roaming\8669.tmp
C:\Users\Chris\AppData\Roaming\B676.tmp
C:\Users\Chris\AppData\Roaming\933.tmp
C:\Users\Chris\AppData\Roaming\4360.tmp
C:\Users\Chris\AppData\Roaming\ooVoo Details
C:\Users\Chris\AppData\Roaming\OpenCandy
C:\Users\Chris\AppData\Roaming\Uniblue

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Optimizer Pro]

:Commands
[ResetHosts]
[EmptyTemp]
[Reboot]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Note: Remember to right click MBAM and select Run As Administrator.

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Answer to my Norton Internet Security query.
  • Were you able to create the Toshiba Recovery disk(s)?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.

  • 0

#23
new-be

new-be

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
1. Computer seems to be running well. Only problem I see is on reboot i receive this message:

Catalyst Control Center: Host application has stopped working.
Check online for solution
Close program.
I used the check online for solution, but didn't fix it.

I also tried to uninstall registry mechanic 10.0 and uniblu driver scanner but could not for a message that said file is missing and please correct the problem or obtain a new copy.

2. no it is not. I had planned to download microsoft security essentials.

3. Yes, I created the disks

4. OTL log


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{9384bd4c-dd14-4be9-80f7-f6277511e4f5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}\ not found.
File C:\Program Files (x86)\Hot_MP3\prxtbHot_.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3617893529-4059277085-4184883922-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{9384bd4c-dd14-4be9-80f7-f6277511e4f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}\ not found.
File C:\Program Files (x86)\Hot_MP3\prxtbHot_.dll not found.
Registry value HKEY_USERS\S-1-5-21-3617893529-4059277085-4184883922-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{FF365CDC-88FE-4ffa-A3F3-357855231DFA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF365CDC-88FE-4ffa-A3F3-357855231DFA}\ not found.
File C:\Program Files (x86)\puredefmusic\toolbar\1.bin\p3SrcAs.dll not found.
Registry key HKEY_USERS\S-1-5-21-3617893529-4059277085-4184883922-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_USERS\S-1-5-21-3617893529-4059277085-4184883922-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-3617893529-4059277085-4184883922-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E1F3415A-0DA2-44B7-846C-FC8639E37936}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1F3415A-0DA2-44B7-846C-FC8639E37936}\ not found.
HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ not found.
File C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\ deleted successfully.
File C:\Program Files (x86)\blekkotb_031\blekkotb_019X.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91917DC6-93B9-4E62-B2D6-D39C9618C418}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91917DC6-93B9-4E62-B2D6-D39C9618C418}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}\ not found.
File C:\Program Files (x86)\Hot_MP3\prxtbHot_.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}\ deleted successfully.
C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\ deleted successfully.
C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E30A55B1-F1B7-43a4-B3F6-EC90CDC4FE60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E30A55B1-F1B7-43a4-B3F6-EC90CDC4FE60}\ not found.
C:\Program Files (x86)\puredefmusic\toolbar\1.bin\p3bar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
File C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF365CDB-88FE-4ffa-A3F3-357855231DFA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF365CDB-88FE-4ffa-A3F3-357855231DFA}\ not found.
File C:\Program Files (x86)\puredefmusic\toolbar\1.bin\p3SrcAs.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5911488E-9D1E-40ec-8CBB-06B231CC153F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\ not found.
File C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8769adce-dba5-48e9-afb5-67b12cdf2e61} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\ not found.
File C:\Program Files (x86)\blekkotb_031\blekkotb_019X.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9384bd4c-dd14-4be9-80f7-f6277511e4f5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}\ not found.
File C:\Program Files (x86)\Hot_MP3\prxtbHot_.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C80BDEB2-8735-44C6-BD55-A1CCD555667A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}\ deleted successfully.
File C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E30A55B9-F1B7-43a4-B3F6-EC90CDC4FE60} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E30A55B9-F1B7-43a4-B3F6-EC90CDC4FE60}\ not found.
File C:\Program Files (x86)\puredefmusic\toolbar\1.bin\p3bar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3617893529-4059277085-4184883922-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3617893529-4059277085-4184883922-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9384BD4C-DD14-4BE9-80F7-F6277511E4F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9384BD4C-DD14-4BE9-80F7-F6277511E4F5}\ not found.
File C:\Program Files (x86)\Hot_MP3\prxtbHot_.dll not found.
Registry value HKEY_USERS\S-1-5-21-3617893529-4059277085-4184883922-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C80BDEB2-8735-44C6-BD55-A1CCD555667A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}\ not found.
File C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3617893529-4059277085-4184883922-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3617893529-4059277085-4184883922-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E30A55B9-F1B7-43A4-B3F6-EC90CDC4FE60} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E30A55B9-F1B7-43A4-B3F6-EC90CDC4FE60}\ not found.
File C:\Program Files (x86)\puredefmusic\toolbar\1.bin\p3bar.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
File C:\Program Files (x86)\Ask.com\Updater\Updater.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PureDef Music Plugin not found.
File C:\Program Files (x86)\puredefmusic\toolbar\1.bin\p3Plugin.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\StartNowToolbarHelper not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
Registry key HKEY_USERS\S-1-5-21-3617893529-4059277085-4184883922-1000\Software\Microsoft\Windows\CurrentVersion\Run not found.
C:\Program Files (x86)\Uniblue\DriverScanner\Launcher.exe moved successfully.
Registry key HKEY_USERS\S-1-5-21-3617893529-4059277085-4184883922-1000\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Program Files (x86)\Shop To Win\ShopToWin.exe not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk moved successfully.
C:\Program Files (x86)\ERUNT\AUTOBACK.EXE moved successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Folder C:\ProgramData\2913B\ not found.
C:\Users\Chris\AppData\Roaming\125.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\1858.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\1A48.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\1F18.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\203B.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\25D9.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\2743.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\27E3.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\280E.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\2914.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\29AC.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\2DD4.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\2ECD.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\32A4.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\33ED.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\36C0.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\36CF.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\396.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\3A1E.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\3CD0.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\41F7.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\466F.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\477F.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\47B2.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\4818.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\496A.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\4C2A.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\4CE9.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\4D4E.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\4F1A.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\5488.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\58A1.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\5A1B.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\5CC.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\5E72.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\5EBB.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\5F3B.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\5F62.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\65B8.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\68B.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\69FB.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\6BD3.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\6DF5.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\6F6.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\7044.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\749E.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\75B.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\7CAD.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\88A.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\89B5.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\8B92.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\8F3C.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\96EE.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\9922.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\9A8C.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\9F69.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\A144.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\A2A.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\ADAE.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\B0A.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\B3C6.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\B3C7.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\B405.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\B64D.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\BC51.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\C63F.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\C733.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\C7B2.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\CAAB.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\CB2C.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\CEFC.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\CFBE.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\D433.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\D72E.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\D7B1.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\D7F1.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\D7FC.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\DB58.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\DD43.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\DEFA.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\E0FF.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\E5DC.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\EA2D.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\EDA1.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\EEA2.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\F1CE.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\F6D9.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\F6F1.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\FA98.tmp deleted successfully.
C:\Users\Chris\AppData\Roaming\FCC5.tmp deleted successfully.
C:\Windows\Tasks\RMSchedule.job moved successfully.
C:\Windows\Tasks\PC Optimizer Pro64 startups.job moved successfully.
C:\Windows\Tasks\DriverScanner.job moved successfully.
C:\ProgramData\~6DSS92c31Apgjk moved successfully.
C:\ProgramData\~6DSS92c31Apgjkr moved successfully.
C:\ProgramData\6DSS92c31Apgjk moved successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Chris\Desktop\cmd.bat deleted successfully.
C:\Users\Chris\Desktop\cmd.txt deleted successfully.
File\Folder C:\Program Files\PC Optimizer Pro not found.
File\Folder C:\Program Files (x86)\PC Optimizer Pro not found.
File\Folder C:\Users\Chris\AppData\Roaming\B907.tmp not found.
File\Folder C:\Users\Chris\AppData\Roaming\2664.tmp not found.
File\Folder C:\Users\Chris\AppData\Roaming\4465.tmp not found.
File\Folder C:\Users\Chris\AppData\Roaming\52E7.tmp not found.
File\Folder C:\Users\Chris\AppData\Roaming\6FFA.tmp not found.
File\Folder C:\Users\Chris\AppData\Roaming\D134.tmp not found.
File\Folder C:\Users\Chris\AppData\Roaming\40F7.tmp not found.
File\Folder C:\Users\Chris\AppData\Roaming\8669.tmp not found.
File\Folder C:\Users\Chris\AppData\Roaming\B676.tmp not found.
File\Folder C:\Users\Chris\AppData\Roaming\933.tmp not found.
File\Folder C:\Users\Chris\AppData\Roaming\4360.tmp not found.
C:\Users\Chris\AppData\Roaming\ooVoo Details\Users\chrismcknight61 folder moved successfully.
C:\Users\Chris\AppData\Roaming\ooVoo Details\Users folder moved successfully.
C:\Users\Chris\AppData\Roaming\ooVoo Details\Logs folder moved successfully.
C:\Users\Chris\AppData\Roaming\ooVoo Details\Cache folder moved successfully.
C:\Users\Chris\AppData\Roaming\ooVoo Details folder moved successfully.
C:\Users\Chris\AppData\Roaming\OpenCandy\OpenCandy_41E5962D29874289BCEC9D8A03D0238D folder moved successfully.
C:\Users\Chris\AppData\Roaming\OpenCandy\OpenCandy_1E5973D451B9401598B33BD2CA9CD9AF folder moved successfully.
C:\Users\Chris\AppData\Roaming\OpenCandy\41E5962D29874289BCEC9D8A03D0238D folder moved successfully.
C:\Users\Chris\AppData\Roaming\OpenCandy\1E5973D451B9401598B33BD2CA9CD9AF folder moved successfully.
C:\Users\Chris\AppData\Roaming\OpenCandy folder moved successfully.
C:\Users\Chris\AppData\Roaming\Uniblue\DriverScanner\_temp folder moved successfully.
C:\Users\Chris\AppData\Roaming\Uniblue\DriverScanner\drivers folder moved successfully.
C:\Users\Chris\AppData\Roaming\Uniblue\DriverScanner folder moved successfully.
C:\Users\Chris\AppData\Roaming\Uniblue folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Optimizer Pro\ not found.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Chris
->Temp folder emptied: 736793311 bytes
->Temporary Internet Files folder emptied: 139176317 bytes
->Java cache emptied: 3222999 bytes
->Google Chrome cache emptied: 17818909 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 7801 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 174238313 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 7689137 bytes

Total Files Cleaned = 1,029.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08092012_200255

Files\Folders moved on Reboot...
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
[2010/11/20 22:25:10 | 001,174,016 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe : MD5=DCCA4B04AF87E52EF9EAA2190E06CBAC
File C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

5. MBAM log


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.10.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Chris :: CHRIS-PC [administrator]

8/9/2012 8:28:29 PM
mbam-log-2012-08-09 (20-28-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192446
Time elapsed: 3 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Thanks
deltaboy
  • 0

#24
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts
Hi. :)

Only problem I see is on reboot i receive this message:

Catalyst Control Center: Host application has stopped working.
Check online for solution
Close program.
I used the check online for solution, but didn't fix it.

That relates to your machines graphic card, quite feasible the driver(s) are corrupted/damaged. A slim chance performing a actual Startup Repair may rectify this particular error. If it does not we will merely uninstall and update the ATI Catalyst Install Manager for example...

I also tried to uninstall registry mechanic 10.0 and uniblu driver scanner but could not for a message that said file is missing and please correct the problem or obtain a new copy.

I am not surprised being quite honest, those applications are of little good and have the propensity of creating more problems than anything else...especially Registry Mechanic. My friendly advice is steer well clear of any software that claims to optimise the registry in future.

Anyway I think we will try the easy option first, as reinstall then run the uninstallers again.

no it is not. I had planned to download microsoft security essentials.

OK.

Yes, I created the disks

Good.

Next:

Download both the installers for Registry Mechanic and Uniblue DriverScanner >> reinstall both.

Then click on Start(Windows 7 Orb) >> Control Panel >> Add/Remove Programs >> try uninstalling both Registry Mechanic and Uniblue DriverScanner again.

Next:

Download the installer for Microsoft Security Essentials and save to your Desktop.

Note: Do not install just yet, we will in due course.

Norton/Symantec RT:

Please download the Norton Removal Tool and Save it to your desktop.

  • Close all programs and right-click on Norton_Removal_Tool.exe and select Run as Administrator.
  • Follow the on-screen instructions.
  • Restart the computer if prompted.
  • Then delete Norton_Removal_Tool.exe from your desktop.
Run Windows 7 SRD:

Actually boot from the Windows 7 SRD disc I asked you to create...

  • If not sure how to, a very good tutorial can be read here.
  • You will have to answer a few basic questions then select the option Repair your computer
  • At the the System Recovery Options screen click Windows 7 to highlight then Next>
  • Now click on/select Startup Repair
  • If prompted to use System Restore, select Cancel.
  • The same if prompted to Send information about this problem (recommended), select Don't send.
  • Click Finish when Startup Repair has completed, remove the SRD disc and then click on Restart
Install Microsoft Security Essentials:

Right-click on the installer for Microsoft Security Essentials(mseinstall.exe) and select and select Run as Administrator.

Follow the prompts to install >> when(if) asked if you want to turn on the Windows Firewall, agree to this...

Update >> Carry Out a Complete Scan. Have it fix anything it finds.

Note: If anything was removed please make a note of it, to copy anything found/removed:-

Click on Start(Windows 7 Orb) >> Control Panel >> Administrative Tools >> Event Viewer >> Windows Logs >> System

Locate:-

Source= Microsoft Antimalware Event ID=1001 (scan finished)

Re-scan with OTL:

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • Anything removed by Microsoft Security Essentials?
  • New set of OTL logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#25
new-be

new-be

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
The only problem that i see so far is the same Catalyst Control Center error.

Microsoft Essentials did not find anything.

The two logs are posted below.


OTL logfile created on: 8/10/2012 9:16:28 PM - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Chris\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.60 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 59.17% Memory free
5.20 Gb Paging File | 3.80 Gb Available in Paging File | 73.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.29 Gb Total Space | 224.43 Gb Free Space | 78.67% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Chris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe ()
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SiteAdvisor Service) -- C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe ()
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (0128081344648389mcinstcleanup) -- C:\Windows\Temp\0128081344648389mcinst.exe (McAfee, Inc.)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe (Symantec Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (FwLnk) -- C:\Windows\SysNative\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (AFS) -- C:\Windows\SysWow64\drivers\AFS.SYS (Oak Technology Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {926B08D6-41DF-4BC5-BCBA-1BA0F21FA3D0}
IE:64bit: - HKLM\..\SearchScopes\{926B08D6-41DF-4BC5-BCBA-1BA0F21FA3D0}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=10-08-2012
IE - HKLM\..\SearchScopes\{EE25A3B3-A536-4146-9672-7B69D69A2420}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local



IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.com/ [binary data]
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?...gusaolp00000023
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 62 92 51 47 77 CD 01 [binary data]
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\SearchScopes,DefaultScope = {027FCB67-3DD0-4615-8F63-22F4BF42E6B8}
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\SearchScopes\{027FCB67-3DD0-4615-8F63-22F4BF42E6B8}: "URL" = http://www.google.co...1I7TSNF_enUS443
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\SearchScopes\{181AC29E-593D-4985-81E0-8816D98DB271}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=10-08-2012
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\SearchScopes\{4DD9C6B9-B3A4-4C43-A60C-08763F6E7E4B}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\SearchScopes\{AD43E158-63B0-4ECA-99FC-7822D2773A01}: "URL" = http://search.yahoo....0939,6901,0,8,0
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\..\SearchScopes\{EE25A3B3-A536-4146-9672-7B69D69A2420}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/10/23 15:54:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/10/23 15:54:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/08/10 20:26:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/08/10 20:26:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files (x86)\SiteAdvisor\6172\FF\ [2012/01/08 01:19:57 | 000,000,000 | ---D | M]

[2011/10/23 15:46:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - homepage: http://blekko.com/ws...22&tbp=homepage
CHR - default_search_provider: Blekko (Enabled)
CHR - default_search_provider: search_url = http://blekko.com/ws...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://blekko.com/ws...22&tbp=homepage
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.1_0\
CHR - Extension: We-Care Reminder = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.25_0\
CHR - Extension: Click to call with Skype = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\
CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/09 20:03:44 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9498A65E-5757-4E7A-ACA7-E35CB31C6952}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACBF95E4-59DE-49F3-8984-5C77F316895E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2F40045-6A23-4413-B4B7-9E1A0893745F}: DhcpNameServer = 66.175.131.21 66.175.131.20
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAd64.dll ()
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll ()
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-3617893529-4059277085-4184883922-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/10 20:13:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/08/10 20:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/10 19:47:16 | 012,621,696 | ---- | C] (Microsoft Corporation) -- C:\Users\Chris\Desktop\mseinstall (1).exe
[2012/08/10 17:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/08/10 17:44:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Product_RM
[2012/08/10 17:34:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2012/08/09 20:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/09 20:27:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/09 20:27:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/09 20:22:22 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/09 20:22:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/08/09 20:02:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/07 20:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\2338
[2012/08/07 19:21:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2012/08/07 19:01:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/08/07 19:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/07 19:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/08/06 14:13:28 | 000,000,000 | -HSD | C] -- C:\boot

========== Files - Modified Within 30 Days ==========

[2012/08/10 21:26:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/10 21:16:06 | 000,744,092 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/10 21:16:06 | 000,635,490 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/10 21:16:06 | 000,111,734 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/10 21:14:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/10 20:41:01 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/08/10 20:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/10 20:18:37 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/10 20:18:37 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/10 20:13:48 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/10 20:13:12 | 000,757,938 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/10 20:10:37 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/10 20:10:10 | 2094,161,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/10 19:46:50 | 000,920,096 | ---- | M] () -- C:\Users\Chris\Desktop\Norton_Removal_Tool.exe
[2012/08/10 19:34:47 | 012,621,696 | ---- | M] (Microsoft Corporation) -- C:\Users\Chris\Desktop\mseinstall (1).exe
[2012/08/09 20:29:26 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/09 20:29:26 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/09 20:27:30 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/09 20:03:44 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/07 19:21:35 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2012/08/07 19:00:25 | 000,000,939 | ---- | M] () -- C:\Users\Chris\Desktop\NTREGOPT.lnk
[2012/08/07 19:00:25 | 000,000,920 | ---- | M] () -- C:\Users\Chris\Desktop\ERUNT.lnk
[2012/08/06 19:28:58 | 001,042,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/06 19:19:58 | 000,003,416 | ---- | M] () -- C:\bootsqm.dat
[2012/08/06 14:13:28 | 000,386,226 | RHS- | M] () -- C:\bootmgr

========== Files Created - No Company Name ==========

[2012/08/10 20:13:23 | 000,001,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/10 19:47:04 | 000,920,096 | ---- | C] () -- C:\Users\Chris\Desktop\Norton_Removal_Tool.exe
[2012/08/10 19:36:08 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/08/09 20:27:30 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/09 20:22:24 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/07 19:00:25 | 000,000,939 | ---- | C] () -- C:\Users\Chris\Desktop\NTREGOPT.lnk
[2012/08/07 19:00:24 | 000,000,920 | ---- | C] () -- C:\Users\Chris\Desktop\ERUNT.lnk
[2012/08/06 19:19:58 | 000,003,416 | ---- | C] () -- C:\bootsqm.dat
[2012/08/06 14:13:28 | 000,386,226 | RHS- | C] () -- C:\bootmgr
[2011/10/09 23:16:36 | 000,009,154 | -H-- | C] () -- C:\Users\Chris\Jigga Juice sound track.aup
[2011/09/20 01:31:14 | 000,005,632 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/06 09:07:30 | 000,757,938 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/02 12:49:19 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/06/02 12:42:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/02 12:39:59 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >




OTL Extras logfile created on: 8/10/2012 9:16:28 PM - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Chris\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.60 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 59.17% Memory free
5.20 Gb Paging File | 3.80 Gb Available in Paging File | 73.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.29 Gb Total Space | 224.43 Gb Free Space | 78.67% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C58E12E-8ED5-488C-B605-E3D9D297CA7C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1264D83D-8D87-433C-8F28-56921ACF43F0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{16EA5E6A-F41F-4E7D-BD0E-9F22F2880584}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1B518503-585C-4304-B77F-21EEF955AF58}" = lport=138 | protocol=17 | dir=in | app=system |
"{1D9C026C-2DE9-4274-A6B4-9C6FC26DA144}" = rport=138 | protocol=17 | dir=out | app=system |
"{2BFA18D0-3B43-4AB7-935B-CD5F939B53B0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E2804E6-729C-42D1-BF27-2508C4FB71C0}" = rport=139 | protocol=6 | dir=out | app=system |
"{384DA191-58E7-4C14-B13A-369E8C44A652}" = rport=137 | protocol=17 | dir=out | app=system |
"{47308232-6F0C-4E8B-B9E2-6113892E145C}" = lport=137 | protocol=17 | dir=in | app=system |
"{4BBFC5AB-D249-4A2F-8B42-9CB2519AEC57}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{683E1B3C-9BC6-4059-9504-3F912A619CAF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{786DBAF2-8920-461B-BF5B-F391E3C12342}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{78CA489B-898D-437B-A999-FF9E6A7CA7C1}" = lport=139 | protocol=6 | dir=in | app=system |
"{929BF66F-3D02-48FF-890A-CA8A1156C669}" = lport=445 | protocol=6 | dir=in | app=system |
"{A038D2FE-2987-41B6-AAA7-E00B107F0E87}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0A35668-0231-4EB7-B67A-F442DDF270AC}" = rport=445 | protocol=6 | dir=out | app=system |
"{A5C3D188-98E5-4347-9ED6-AA1CE6ED3257}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A6FDBCAB-5463-448C-9743-BAFF40D49E78}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B73BBC5E-429C-48A2-816D-A74BA53E551C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD628944-AE40-4B65-8507-DF116D0732A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CE6011B1-631A-4325-9F66-A4842940784E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E154CEA0-0DB7-4D59-96B4-A3CDAA2BBFA1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E6E791C7-3A99-4104-BDA4-DA24B9B8599B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F39B94D1-FB09-4B4A-A9E6-E5B0FBA03FB3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F7E2D8FB-D4CA-49A0-A8F6-7EB1A78F29B0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06F4AA08-20DA-4E49-BFAE-8BAA54C7B527}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{0C30DE57-8515-4BBD-AD17-8B77003DB613}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{11AAFC1E-DE98-4E74-A70D-272CEE76D639}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{23469969-9A62-4FC5-8315-36D714BEE191}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{25C5FFCE-1945-4FCD-8330-8EE98270CB84}" = protocol=17 | dir=in | app=c:\program files (x86)\dogpile bundle toolbar\troubleshooter.exe |
"{2AC3EE25-83BA-4EAE-B4B5-11E6BA99A360}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{2CA828A0-0DB4-4BE8-BF29-5046C2B8BE57}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{2E8AFC88-38C1-4EC5-BBC3-526A93CF703E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3484DFD6-77C0-4D71-B2DF-FDEC6A7C48AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{47124815-F557-49D0-BD28-9EF42C573DED}" = protocol=17 | dir=in | app=c:\users\chris\appdata\local\temp\7zsd579.tmp\symnrt.exe |
"{4810ED63-F4E2-4B65-BD39-FCD3708B2D6D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4E7A6B20-EA8D-4F09-8BD6-30A20ADDC977}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{543689BD-52BB-449C-BE0E-A658D2FCE6F5}" = protocol=6 | dir=in | app=c:\program files (x86)\dogpile bundle toolbar\troubleshooter.exe |
"{581B59D9-09F7-4C4A-B537-B1E51A10B289}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5957B13A-8067-4F34-9529-95BD72FF93E3}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{5A8CF5ED-7DF7-4E6E-989B-8DD52567BEF2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{633CDD47-5137-4781-8025-DDB159371387}" = protocol=17 | dir=in | app=c:\program files (x86)\dogpile bundle toolbar\toolbarupdate.exe |
"{63C57E60-A386-4F28-B509-59F0E3495AEE}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{63F9727C-F1FA-4EE3-B398-FB40E9141B4E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{722F87FC-89DC-4B86-95D7-38C38617A7BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7538C960-3A32-494F-82E0-EA8731436A21}" = protocol=6 | dir=in | app=c:\program files (x86)\dogpile bundle toolbar\toolbarupdate.exe |
"{7DD1AFD1-D9B9-40AB-AFD1-3187A500E307}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7E47F0A6-5531-4A60-A44C-CD967B4ECC82}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8CC21EE6-28DB-4DE0-90B9-669EE840B968}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{909837F4-A1AE-43E3-93B5-B277A978FDA0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{90FEF744-2253-416A-A385-43E29D3BF15A}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{91DBB59B-9AFE-484C-95E0-A8787E59387F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{95E9BD52-39F7-47CC-A092-34295F2D3406}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{975A8977-67D7-41F0-AFA1-074CE3DB0108}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B553803-16E5-4C5A-B107-AFA93C895AEC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A2F21C5C-A80B-4009-9C61-F60217B42128}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{AE2E2C5A-2BEA-4741-BF45-D3D6BF211897}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B632979E-86F2-447C-AF54-3945542D3CF0}" = protocol=1 | dir=out | [email protected],-28544 |
"{BC780360-355F-48F3-A238-17542E6D6A3A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C60E03FA-8FCC-44FA-97A0-2D08B1E8CABD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C62D51EF-AC89-4861-B94C-CD4C2B8E7380}" = protocol=6 | dir=in | app=c:\users\chris\appdata\local\temp\7zsd579.tmp\symnrt.exe |
"{C7B1FA5B-651A-40DC-A26E-BCFA75973D79}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CB727FE1-926D-43B8-A10E-106892986F0E}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{E01E1ACA-3A5C-42C8-A557-BA4F3355208D}" = protocol=1 | dir=in | [email protected],-28543 |
"{E3CDEC98-81E2-4332-AB54-56C9F335829F}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{EBF9AC88-2CFC-4623-9E5D-7CF01EC130DD}" = protocol=58 | dir=in | [email protected],-28545 |
"{ED3EE8B0-1895-4C7D-B3F8-815FAA366DE9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{ED77E2BF-00F1-4976-90F4-1EFD9799D54A}" = protocol=58 | dir=out | [email protected],-28546 |
"{EEEF8D48-4191-4E87-8899-E7AD3B5E86D7}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{F4AC1F1F-911E-4EA5-9140-620E351E8B51}" = protocol=6 | dir=out | app=system |
"{F889D27D-E643-40B8-8837-FE367775C257}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FCB8509E-0F79-402D-837D-1FEA59469693}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"TCP Query User{61931B74-C328-47BB-953A-A356CC34B932}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{A101AEB3-BCC6-47E4-89A1-3133E64478A3}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{E1348CD6-727F-4C9F-AE9C-FC5C033EF412}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{E5C70C10-807C-46F6-9C82-A7329074B5DC}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{1C55774F-9178-415F-A787-B36D6FEA31D8}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{E58BCBAD-2108-472E-92F3-460417E2EC93}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{E6046460-D833-4505-AAD1-059E479E81AF}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{FA3456F1-931C-4D2B-AA14-C944DD6D4882}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series" = Canon MX320 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D27E8CF-7546-F200-4CA3-CD2F39909F5A}" = ATI Catalyst Install Manager
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{3EF6F8CE-BE77-0786-CA40-3CB5BF5EBCC8}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{522D5958-FFF0-2849-776B-442BE2A0004C}" = WMV9/VC-1 Video Playback
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7D220A57-969F-4D09-9297-D48195A8ABDD}" = HP Deskjet 3050 J610 series Basic Device Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{860B418B-F90B-465A-BC1D-04B518045C72}" = HP Deskjet 3050 J610 series Product Improvement Study
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-X64 8.0.8.0_R01
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04259F13-626E-814E-A80C-4601DFF3CE95}" = CCC Help Finnish
"{04D90620-2973-6F93-6E6C-C833F39C50C1}" = CCC Help Thai
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = [email protected] 1.0
"{0FC61261-B251-C870-C650-8A854F1B4CF0}" = CCC Help Chinese Standard
"{137EA7E1-D30B-4373-B8B6-CB7E85107F6D}" = Angry Birds Rio
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24C563C0-5569-A3BF-DF26-AAB3F25B5375}" = CCC Help Danish
"{2823D463-54F8-F7B4-818F-B7436FF70658}" = CCC Help Portuguese
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links
"{32F32D10-5190-7565-DD14-C235FAF81408}" = CCC Help Dutch
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{34F971C8-B75F-6B8D-4AFC-5DAB84241AE6}" = CCC Help French
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3798E892-DB93-6BE5-D4AD-8D1C4569F5EF}" = CCC Help Norwegian
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{52A2A26B-59BE-DE58-67EA-AE33077248A0}" = CCC Help Greek
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{589EB570-9B45-8EF9-7A0F-2A5B3A37BC49}" = CCC Help Swedish
"{59F65EE9-3DD6-6944-8222-342A9947D40B}" = Catalyst Control Center InstallProxy
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{60A1C223-4D86-AD1E-FB21-DE75010DABE3}" = CCC Help Hungarian
"{618AF7BF-10CD-0118-EE52-ED9BC440487B}" = CCC Help Russian
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C313A41-2704-23C5-DA68-05BB34126233}" = CCC Help Italian
"{6C49A7D6-FD97-A573-29C7-87ED1756AC6D}" = CCC Help Chinese Traditional
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{70B4D913-147C-7084-961A-6728E8F2AC2E}" = CCC Help Korean
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92C7DC44-DAD3-49FE-B89B-F92C6BA9A331}" = Toshiba Book Place
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94358C28-335B-4E43-BC4E-C59576BAB653}" = CWA Reminder by We-Care.com v4.0.16.3
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{ACB77FD0-7796-82B5-51B1-3ABAD84932E7}" = Catalyst Control Center Graphics Previews Common
"{AE26F217-2100-A52C-2A00-3829358E4930}" = ccc-core-static
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B35FB627-BB1F-E79D-9512-E7CF549B00AD}" = CCC Help Polish
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C22E50B4-B9D0-4a07-B1F3-12362514FEA7}" = The Sims™ 2 Double Deluxe
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C4F1B841-0C75-368C-0A54-1BAF7C8B6A91}" = CCC Help English
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE15C07B-32E3-0586-305C-975F0FEE559A}" = CCC Help Turkish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DC280F21-4FD6-9D47-6323-7CD5C8712DFB}" = CCC Help Spanish
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E34351A4-4B10-4DFF-96BC-84C642D9C625}" = The Print Shop 22
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{ED8AB7F6-E885-A8E9-1E97-2218D89FAE8F}" = CCC Help German
"{EEE6C8F8-4FDD-A08F-2292-31B34E327C0C}" = CCC Help Japanese
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F4C03C2A-E14E-EB7C-AAD7-F4FB6396BEA1}" = Catalyst Control Center Localization All
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{F9E83908-4502-9B01-6B42-21E449DD2627}" = CCC Help Czech
"{FB90923E-F94F-4343-A084-F0AB39305C8B}" = Catalyst Control Center - Branding
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dogpile Bundle Toolbar" = Dogpile Bundle Toolbar
"EADM" = EA Download Manager
"EasyMP3Downloader" = Easy MP3 Downloader
"ERUNT_is1" = ERUNT 1.1j
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"SoftwareUpdUtility" = Download Updater (AOL Inc.)
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-59b54399-03b8-4acf-8b5d-feafde272834" = Zuma's Revenge
"WTA-8c4ef50a-63d5-4ecf-b7ea-934b0eadf1da" = Bejeweled 3
"WTA-9643d4f7-41ff-4d5e-87a5-03cce3c0212d" = Penguins!
"WTA-99b5eb5f-e162-44ea-b871-f1b847508529" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-c991088a-21d5-4177-b802-db11c04b42df" = Plants vs. Zombies - Game of the Year
"WTA-ca2ea899-41db-46bb-8322-bff4388eacbf" = Tom Clancy's Splinter Cell
"WTA-dc506f2e-1e95-4583-8706-d7aea8c70f83" = FATE - The Traitor Soul
"WTA-e32106a6-d185-4c29-8ff6-907a0835bf1c" = Polar Bowler
"WTA-f0b30d1b-43ab-478a-8a9f-dcace2ffbc04" = Chuzzle Deluxe
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3617893529-4059277085-4184883922-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab Media Player" = FoxTab Media Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/31/2012 2:31:07 PM | Computer Name = Chris-PC | Source = Toshiba App Place | ID = 0
Description =

Error - 5/31/2012 2:36:20 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: 33C5.tmp, version: 6.0.2900.5512, time
stamp: 0x4fbad006 Faulting module name: 33C5.tmp, version: 6.0.2900.5512, time stamp:
0x4fbad006 Exception code: 0xc0000005 Fault offset: 0x00004c39 Faulting process id:
0x6c0 Faulting application start time: 0x01cd3f5c458f96aa Faulting application path:
C:\Users\Chris\AppData\Roaming\33C5.tmp Faulting module path: C:\Users\Chris\AppData\Roaming\33C5.tmp
Report
Id: 83a9a0d7-ab4f-11e1-aba5-00266cc313b4

Error - 5/31/2012 2:41:07 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: 8DBE.tmp, version: 6.0.2900.5512, time
stamp: 0x4fbad006 Faulting module name: 8DBE.tmp, version: 6.0.2900.5512, time stamp:
0x4fbad006 Exception code: 0xc0000005 Fault offset: 0x00004c39 Faulting process id:
0x1bc4 Faulting application start time: 0x01cd3f5cef6887cd Faulting application path:
C:\Users\Chris\AppData\Roaming\8DBE.tmp Faulting module path: C:\Users\Chris\AppData\Roaming\8DBE.tmp
Report
Id: 2e2df50d-ab50-11e1-aba5-00266cc313b4

Error - 5/31/2012 2:45:52 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: E9DB.tmp, version: 6.0.2900.5512, time
stamp: 0x4fbad006 Faulting module name: E9DB.tmp, version: 6.0.2900.5512, time stamp:
0x4fbad006 Exception code: 0xc0000005 Fault offset: 0x00004c39 Faulting process id:
0x18b0 Faulting application start time: 0x01cd3f5d99b17100 Faulting application path:
C:\Users\Chris\AppData\Roaming\E9DB.tmp Faulting module path: C:\Users\Chris\AppData\Roaming\E9DB.tmp
Report
Id: d8558afd-ab50-11e1-aba5-00266cc313b4

Error - 5/31/2012 2:50:36 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: 4089.tmp, version: 6.0.2900.5512, time
stamp: 0x4fbad006 Faulting module name: 4089.tmp, version: 6.0.2900.5512, time stamp:
0x4fbad006 Exception code: 0xc0000005 Fault offset: 0x00004c39 Faulting process id:
0x1bd8 Faulting application start time: 0x01cd3f5e432a38c6 Faulting application path:
C:\Users\Chris\AppData\Roaming\4089.tmp Faulting module path: C:\Users\Chris\AppData\Roaming\4089.tmp
Report
Id: 8199f47d-ab51-11e1-aba5-00266cc313b4

Error - 5/31/2012 2:57:16 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: 5AC4.tmp, version: 6.0.2900.5512, time
stamp: 0x4fbad006 Faulting module name: 5AC4.tmp, version: 6.0.2900.5512, time stamp:
0x4fbad006 Exception code: 0xc0000005 Fault offset: 0x00004c39 Faulting process id:
0x1fdc Faulting application start time: 0x01cd3f5f31886c51 Faulting application path:
C:\Users\Chris\AppData\Roaming\5AC4.tmp Faulting module path: C:\Users\Chris\AppData\Roaming\5AC4.tmp
Report
Id: 7008d1a9-ab52-11e1-aba5-00266cc313b4

Error - 5/31/2012 11:29:56 PM | Computer Name = Chris-PC | Source = McLogEvent | ID = 5004
Description =

Error - 5/31/2012 11:30:44 PM | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/31/2012 11:32:35 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e21213c Exception code: 0xe06d7363 Fault offset: 0x000000000000cacd
Faulting
process id: 0x4c8 Faulting application start time: 0x01cd3fa6b9b1ad5c Faulting application
path: C:\windows\system32\svchost.exe Faulting module path: C:\windows\system32\KERNELBASE.dll
Report
Id: 6d8b1d5f-ab9a-11e1-b068-00266cc313b4

Error - 5/31/2012 11:32:55 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: C479.tmp, version: 5.1.2600.5512, time
stamp: 0x4fc7ec80 Faulting module name: C479.tmp, version: 5.1.2600.5512, time stamp:
0x4fc7ec80 Exception code: 0xc0000005 Fault offset: 0x00004af9 Faulting process id:
0x10c4 Faulting application start time: 0x01cd3fa7399898ec Faulting application path:
C:\Users\Chris\AppData\Roaming\C479.tmp Faulting module path: C:\Users\Chris\AppData\Roaming\C479.tmp
Report
Id: 796b01ab-ab9a-11e1-b068-00266cc313b4

Error - 5/31/2012 11:33:07 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: BearShare.exe, version: 10.0.0.0, time
stamp: 0x4e4407d3 Faulting module name: BearShare.exe, version: 10.0.0.0, time stamp:
0x4e4407d3 Exception code: 0xc0000005 Fault offset: 0x00bbf8c2 Faulting process id:
0xbf8 Faulting application start time: 0x01cd3fa7232ccac5 Faulting application path:
C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe Faulting module
path: C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe Report
Id: 803e33b2-ab9a-11e1-b068-00266cc313b4

[ Media Center Events ]
Error - 5/19/2012 10:57:26 PM | Computer Name = Chris-PC | Source = MCUpdate | ID = 0
Description = 9:57:26 PM - Error connecting to the internet. 9:57:26 PM - Unable
to contact server..

Error - 6/4/2012 3:30:10 PM | Computer Name = Chris-PC | Source = MCUpdate | ID = 0
Description = 2:30:10 PM - Error connecting to the internet. 2:30:10 PM - Unable
to contact server..

Error - 6/4/2012 3:30:27 PM | Computer Name = Chris-PC | Source = MCUpdate | ID = 0
Description = 2:30:15 PM - Error connecting to the internet. 2:30:15 PM - Unable
to contact server..

Error - 8/6/2012 8:37:09 PM | Computer Name = Chris-PC | Source = MCUpdate | ID = 0
Description = 7:36:55 PM - Error connecting to the internet. 7:36:55 PM - Unable
to contact server..

[ System Events ]
Error - 1/17/2012 12:49:58 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7034
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 3 time(s).

Error - 1/17/2012 12:50:45 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the DNS Client service, but this
action failed with the following error: %%1056

Error - 1/17/2012 12:51:14 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7034
Description = The Cryptographic Services service terminated unexpectedly. It has
done this 3 time(s).

Error - 1/17/2012 12:51:14 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7034
Description = The DNS Client service terminated unexpectedly. It has done this
3 time(s).

Error - 1/17/2012 12:51:14 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7034
Description = The Network Location Awareness service terminated unexpectedly. It
has done this 3 time(s).

Error - 1/17/2012 12:55:41 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7034
Description = The Cryptographic Services service terminated unexpectedly. It has
done this 4 time(s).

Error - 1/17/2012 12:55:41 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7034
Description = The DNS Client service terminated unexpectedly. It has done this
4 time(s).

Error - 1/17/2012 12:55:41 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7034
Description = The Workstation service terminated unexpectedly. It has done this
3 time(s).

Error - 1/17/2012 2:31:10 AM | Computer Name = Chris-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Silverlight (KB2617986).

Error - 1/18/2012 10:50:49 PM | Computer Name = Chris-PC | Source = Application Popup | ID = 1060
Description = \??\C:\PROGRA~2\McAfee\VIRUSS~1\mferkdk.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.


< End of report >

Thanks,
deltaboy
  • 0

Advertisements


#26
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts
Hi. :)

The only problem that i see so far is the same Catalyst Control Center error.

OK we will deal with that via the other methodology I mentioned in my prior post.

Microsoft Essentials did not find anything.

Good.

Next:

Please download Catalyst Software Suite from here and save to your desktop.

Note: Do not use this just yet and there should now be a file named 12-6_vista_win7_64_dd_ccc.exe on the desktop.

Next:

Then click on Start(Windows 7 Orb) >> Control Panel >> Programs and Features and remove the following (if present):

ATI Catalyst Install Manager
ccc-utility64
Catalyst Control Center


To do so click once on each of the above to highlight then click on Uninstall/Change and follow the prompts.

Note: If the Uninstall/Change is not available for any of the above there should be a Repair option instead. Select that and then the option to uninstall via the on-screen prompts etc.

Reset Windows 7 Firewall:

Click on Start(Windows 7 Orb) >> Control Panel >> Windows Firewall

Now click click on Restore Defaults >> At the UAC prompt click on Yes >> Restore Defaults >> Yes.

Temp Disable MBAM's Protection Module:

This is so it will not hinder the custom OTL script below, it will automatically start again after your machine is rebooted.

Right-click on the Malwarebytes Anti-Malware System Tray icon >> Enable Protection >> Yes

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
[2012/08/10 17:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/08/10 17:44:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Product_RM
[2012/08/07 20:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\2338
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:Files
C:\Program Files (x86)\Dogpile Bundle Toolbar

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall/Dogpile Bundle Toolbar]

:Commands
[EmptyTemp]
[Reboot]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Install Catalyst Control Center:

Right-click on 12-6_vista_win7_64_dd_ccc.exe and select Run as Administrator >> follow the on-screen prompts.

Reboot your machine if not prompted to do so.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.

  • 0

#27
new-be

new-be

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
The computer seems to be doing fine. Error for the Catalyst Control center is fixed. The MBAM I had installed was a trial version, and it had expired so I uninstalled it.

Here is the next log.


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\ProgramData\PC Tools\DownloadManager\PC Tools Registry Mechanic\7.0.0.0\RM\NRM\1 folder moved successfully.
C:\ProgramData\PC Tools\DownloadManager\PC Tools Registry Mechanic\7.0.0.0\RM\NRM folder moved successfully.
C:\ProgramData\PC Tools\DownloadManager\PC Tools Registry Mechanic\7.0.0.0\RM folder moved successfully.
C:\ProgramData\PC Tools\DownloadManager\PC Tools Registry Mechanic\7.0.0.0 folder moved successfully.
C:\ProgramData\PC Tools\DownloadManager\PC Tools Registry Mechanic folder moved successfully.
C:\ProgramData\PC Tools\DownloadManager folder moved successfully.
C:\ProgramData\PC Tools folder moved successfully.
C:\Users\Chris\AppData\Roaming\Product_RM folder moved successfully.
C:\ProgramData\2338 folder moved successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== FILES ==========
C:\Program Files (x86)\Dogpile Bundle Toolbar\skins\radio\gray03 folder moved successfully.
C:\Program Files (x86)\Dogpile Bundle Toolbar\skins\radio folder moved successfully.
C:\Program Files (x86)\Dogpile Bundle Toolbar\skins folder moved successfully.
C:\Program Files (x86)\Dogpile Bundle Toolbar\images\weather\png folder moved successfully.
C:\Program Files (x86)\Dogpile Bundle Toolbar\images\weather folder moved successfully.
C:\Program Files (x86)\Dogpile Bundle Toolbar\images\ticker folder moved successfully.
C:\Program Files (x86)\Dogpile Bundle Toolbar\images\msgbox folder moved successfully.
C:\Program Files (x86)\Dogpile Bundle Toolbar\images folder moved successfully.
C:\Program Files (x86)\Dogpile Bundle Toolbar folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall/Dogpile Bundle Toolbar\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chris
->Temp folder emptied: 51479374 bytes
->Temporary Internet Files folder emptied: 82761098 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 28448268 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 965 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 54350 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 155.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08112012_084728

Files\Folders moved on Reboot...
C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...


Thanks,
deltaboy
  • 0

#28
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts
Hi. :)

My apologies for the delay...

The computer seems to be doing fine. Error for the Catalyst Control center is fixed.

Good.

The MBAM I had installed was a trial version, and it had expired so I uninstalled it.

Fair play, if I recall correctly once the trial period expires it should revert to a on-demand scanner only. My friendly advice would be consider re-installing but during the actual installation process decline the trial.

If you do opt to do so as a precaution download and run this file beforehand:-

mbam-clean.exe

Then go here to re-download the installer.

New Adobe Reader Installation:

  • Go here and click on AdbeRdr1013_en_US.exe to download the latest version of Adobe Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.
  • After the new Reader is installed, Open Adobe Reader X. (Right click and Run as administrator in with Windows 7)
  • OK the license.
  • Click on Edit and select Preferences.
  • On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
  • Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
  • Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
  • Click the OK button
New Java Installation:

Note:- This is for the 32 bit version of Internet Explorer only.

  • Click here to visit Java's website.
  • Scroll down to Java SE 7u5. Click on JRE Download.
  • Check (tick) Java SE Runtime Environment 7u5 License Agreement box.
  • Click on jre-7u5-windows-i586.exe link next to Windows x86 Offline to download it and save this to your desktop.
  • Right-click on on jre-7u5-windows-i586.exe and select Run as Administrator to install Java.
If you also use the Internet Explorer (64-bit) browser with Windows 7 and want Java installed you will require a separate 64 bit installation as follows:-

New 64 bit Java Installation:

  • Click here to visit Java's website.
  • Scroll down to Java SE 7u5. Click on JRE Download.
  • Check (tick) Java SE Runtime Environment 7u5 License Agreement box.
  • Click on jre-7u5-windows-x64.exe link next to Windows x64 to download it and save this and save this to your desktop.
  • Right-click on jre-7u5-windows-x64.exe and select Run as Administrator to install Java.
Next:

Let myself know when completed the above and if any further issues remaining. If not we will clean up all tools used during the Malware Removal process and I will provide some advice about online safety etc.
  • 0

#29
new-be

new-be

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
All seems to be going well. The size of the desktop icons seem to be larger than before. I reset the resolution to the highest at 1024 x 768.

Thanks for all the help.
deltaboy
  • 0

#30
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts
Hi. :)

All seems to be going well.

Good.

The size of the desktop icons seem to be larger than before. I reset the resolution to the highest at 1024 x 768.

You can also change that via right-clicking on the desktop and selecting Personalize >> Display etc.

Thanks for all the help.

You're most welcome!

Next:

Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Clean up with OTL:

  • Right-click OTL and select Run as Administrator to start the program.
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Reset the System Restore points:

Create a new, clean System Restore point:-

  • Right click on Computer and select Properties >> System protection >> Create.
  • Give this restore point a descriptive name and click Create.
  • When the new restore point is created click on OK >> close the System properties window.
Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Flush Old System Restore points:-

  • Next click Start(Windows 7 Orb) >> Run (or the Windows key and R together) to bring up the Run box and and copy and paste in:
    cleanmgr
  • in the box and press OK.
  • Select the system drive, C >> OK.
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Click on Clean up system files >> Select the system drive, C >> OK.
  • Now click on the More Options tab.
  • Under:-
System Restore and Shadow Copies
  • Click on Clean up... >> Delete >> OK >> Delete Files.
Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you do consider re-installing, though this is at your own discretion. If you do, check for updates and run a scan once at least once per week.

Other installed security software:

Your presently installed security application, Microsoft Security Essentials automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also at least once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:

  • Click on Start(Windows 7 Orb) >> All Programs >> Windows Update.
  • In the navigation pane, click Check for updates.
  • After Windows Update has finished checking for updates, click View available updates.
  • Click to select the check box for any found, then click Install.
  • When completed Reboot(restart) your computer if not prompted to do so.
Update Interent Explorer:

IE8 has been superseded by IE9, I strongly advise you download and install the new browser from here. This will increase overall security whist browsing online.

Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:

Only use one of the above!

Consider installing WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Check your third party software is upto date:

Via the visiting the Secunia Online Software Inspector periodically.

Next:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

Any questions? Feel free to ask, if not stay safe!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP