Here are the logs you requested:
Extras.Txt
OTL Extras logfile created on: 28/07/2012 11:45:38 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Blaine\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.87 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 49.39% Memory free
3.98 Gb Paging File | 3.03 Gb Available in Paging File | 76.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 6.59 Gb Free Space | 8.87% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 3.59 Gb Free Space | 96.35% Space Free | Partition Type: FAT32
Drive E: | 73.21 Gb Total Space | 22.50 Gb Free Space | 30.73% Space Free | Partition Type: NTFS
Computer Name: BLAINE-PC | User Name: Blaine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C43870A-E094-4AFA-93F4-565A9C55BD90}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{3371B3BE-4F53-40E0-9CA6-49EAAA3C4EF0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3ED58E31-38A9-485B-96CE-23195FB341CF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4087031E-E250-4F26-B279-D15CE9FA9A28}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5B031144-5C1C-4043-A353-7578383DA5DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A08350F3-C7B9-4541-9E35-2F2DD8D9752D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F38EC275-C75F-4F03-8523-B0ED4CDBFD45}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D81EA22-A38F-48A4-B96B-C916438888B2}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{1E13594B-1277-4C53-8092-0BDC19023C48}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{33F50703-3634-4F42-BC9C-DD22DB202647}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3BA6AD5F-B5C4-4A70-9B1E-DA764E2474B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{418D15BB-9094-4045-B4F3-7089DC5904D4}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.72\thunderservice.exe |
"{43597A08-21ED-471C-AE18-6998A0F6D651}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5061C825-EE73-4799-8339-1A653FAB1B3B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5A5AFA51-381B-4A4C-9174-46DFE9B99173}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{6915EDA0-4289-4A64-8888-1A305D7F482D}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.72\thunderliveud.exe |
"{69D2EE6F-31C1-46F4-BAE8-852D676AD0C0}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{6E3D529F-71CB-400C-A5FB-E8CE14BEDE3D}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{7DF447F1-DF9B-4640-BA78-46F79D3D4AEE}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.72\xlbugreport.exe |
"{825A7100-C9EB-4186-AC2B-B1959FDD95ED}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.72\thunderliveud.exe |
"{A03AE41B-B68F-405E-945A-21DA4FBD9E25}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{C4E69FA8-8CDB-42B9-A8B3-7027959E2D20}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.72\xlbugreport.exe |
"{DAEB9E02-5F2E-468C-9382-CB34081F42CD}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.72\thunderservice.exe |
"{DB36F4A5-E1D5-4794-B64A-9478611AAA81}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{FB5136F3-C621-46EC-A917-B9CB2E00DED8}" = protocol=6 | dir=out | app=system |
"TCP Query User{4EF681EC-3EA1-4489-8911-8220CAEF36E8}C:\program files\tencent\qqintl\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |
"UDP Query User{5BEB0CA3-F57D-4C8D-8CED-2E4FBA6700AD}C:\program files\tencent\qqintl\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Email Configuration Tool
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E21115EF-2B96-44F2-83CB-6347E017AC5F}" = FileOpen Client
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}" = TOSHIBA Manuals
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F413B69D-4AD6-42AB-AEA5-0548989FAD50}" = Norton 360
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BTHomeHub" = BTHomeHub
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"N360" = Norton 360
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trusted Software Assistant_is1" = File Type Assistant
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinX DVD Ripper_is1" = WinX DVD Ripper 5.5.1
"Yahoo! Applications" = BT Yahoo! Applications
"Yahoo! Toolbar" = Yahoo! Toolbar
"迅雷看看播放器" = 迅雷看看播放器
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 05/12/2010 13:27:05 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =
Error - 06/12/2010 14:21:18 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =
Error - 07/12/2010 06:27:13 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =
Error - 07/12/2010 15:43:34 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =
Error - 08/12/2010 08:46:33 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =
Error - 09/12/2010 12:51:04 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =
Error - 10/12/2010 07:20:27 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =
Error - 10/12/2010 09:42:54 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =
Error - 10/12/2010 13:52:44 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =
Error - 11/12/2010 07:06:19 | Computer Name = Blaine-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 27/07/2012 12:55:13 | Computer Name = Blaine-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 27/07/2012 14:03:59 | Computer Name = Blaine-PC | Source = DCOM | ID = 10000
Description =
Error - 27/07/2012 20:28:01 | Computer Name = Blaine-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
Error - 27/07/2012 20:28:03 | Computer Name = Blaine-PC | Source = DCOM | ID = 10005
Description =
Error - 27/07/2012 20:28:11 | Computer Name = Blaine-PC | Source = DCOM | ID = 10005
Description =
Error - 27/07/2012 20:28:13 | Computer Name = Blaine-PC | Source = DCOM | ID = 10005
Description =
Error - 27/07/2012 20:28:18 | Computer Name = Blaine-PC | Source = DCOM | ID = 10005
Description =
Error - 27/07/2012 20:28:54 | Computer Name = Blaine-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 27/07/2012 20:28:54 | Computer Name = Blaine-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 28/07/2012 04:10:29 | Computer Name = Blaine-PC | Source = Service Control Manager | ID = 7034
Description =
< End of report >
OTL.Txt
OTL logfile created on: 28/07/2012 11:45:37 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Blaine\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.87 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 49.39% Memory free
3.98 Gb Paging File | 3.03 Gb Available in Paging File | 76.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 6.59 Gb Free Space | 8.87% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 3.59 Gb Free Space | 96.35% Space Free | Partition Type: FAT32
Drive E: | 73.21 Gb Total Space | 22.50 Gb Free Space | 30.73% Space Free | Partition Type: NTFS
Computer Name: BLAINE-PC | User Name: Blaine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/07/28 10:31:38 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Blaine\Desktop\OTL.com
PRC - [2012/03/28 00:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.2.1.5\ccsvchst.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/24 13:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
========== Modules (No Company Name) ========== MOD - [2010/03/15 04:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ========== SRV - [2012/07/26 23:28:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/28 00:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/21 16:08:42 | 000,213,376 | ---- | M] (FileOpen Systems Inc.) [Disabled | Stopped] -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe -- (FileOpenManagerSvc)
SRV - [2009/02/27 16:20:10 | 000,262,144 | ---- | M] () [Disabled | Stopped] -- C:\Users\Blaine\AppData\Roaming\ZTEDRIVER\release\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2008/08/07 17:54:29 | 000,110,576 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service)
SRV - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Disabled | Stopped] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 16:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/02/06 15:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/07/27 19:15:27 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/06/19 01:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120711.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/06/14 19:39:26 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120727.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/05/31 07:16:39 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/31 07:16:39 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/16 08:19:25 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120727.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/16 08:19:25 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120727.033\NAVENG.SYS -- (NAVENG)
DRV - [2012/04/18 10:26:13 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/03/29 07:03:27 | 000,574,072 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\srtsp.sys -- (SRTSP)
DRV - [2012/03/29 07:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.sys -- (SRTSPX)
DRV - [2012/01/17 23:46:01 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symtdiv.sys -- (SYMTDIv)
DRV - [2012/01/17 23:45:57 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symefa.sys -- (SymEFA)
DRV - [2012/01/17 23:45:55 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symds.sys -- (SymDS)
DRV - [2012/01/17 23:35:24 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ironx86.sys -- (SymIRON)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/29 23:44:14 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.sys -- (ccSet_N360)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/02/06 18:04:36 | 000,104,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV - [2008/07/18 19:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/05/19 19:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/28 17:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/11/09 15:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/17 21:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/02/20 18:51:14 | 010,446,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.co...=TSEA&bmod=TSEAIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://search.myheritage.comIE - HKLM\..\SearchScopes,DefaultScope = {0A89C56E-6068-410E-B7EC-36DC53346C8B}
IE - HKLM\..\SearchScopes\{0A89C56E-6068-410E-B7EC-36DC53346C8B}: "URL" =
http://www.google.co...g}&rlz=1I7TSEA;IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" =
http://search.condui...&ctid=CT3078318IE - HKLM\..\SearchScopes\{d3f22a84-2a84-49eb-91e6-5dadaaf0165d}: "URL" =
http://search.mywebs...r={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.co...TSEA&bmod=TSEA;IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.ebay.co.uk/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKCU\..\URLSearchHook: {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0A89C56E-6068-410E-B7EC-36DC53346C8B}
IE - HKCU\..\SearchScopes\{0A89C56E-6068-410E-B7EC-36DC53346C8B}: "URL" =
http://www.google.co...z=1I7GGLL_en-GBIE - HKCU\..\SearchScopes\{d3f22a84-2a84-49eb-91e6-5dadaaf0165d}: "URL" =
http://search.mywebs...r={searchTerms}IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\IPSFFPlgn\ [2012/04/18 10:42:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\coFFPlgn\ [2012/07/28 11:38:01 | 000,000,000 | ---D | M]
========== Chrome ========== CHR - homepage:
http://start.iplay.com/?o=shpCHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url =
http://start.iplay.c...q={searchTerms}CHR - default_search_provider: suggest_url =
CHR - homepage:
http://start.iplay.com/?o=shpCHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.2.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O4 - HKCU..\Run: [TdrOxoid] C:\Users\Blaine\AppData\Local\laacnlyp\tdroxoid.exe File not found
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} -
http://rover.ebay.co...-44557-9400-3/4 File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} -
http://www.amazon.co...nk-21&site=home File not found
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258}
http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder
http://kiw.imgag.com...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7ABA7D1C-2245-478F-AC0D-26A25DC02473}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\Blaine\AppData\Local\laacnlyp\tdroxoid.exe) - C:\Users\Blaine\AppData\Local\laacnlyp\tdroxoid.exe File not found
O24 - Desktop WallPaper: C:\Users\Blaine\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Blaine\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{361e2aa7-9caa-11df-9603-001e3391517e}\Shell - "" = AutoRun
O33 - MountPoints2\{361e2aa7-9caa-11df-9603-001e3391517e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
MsConfig - StartUpReg:
00TCrdMain - hkey= - key= - File not found
MsConfig - StartUpReg:
Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg:
Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg:
btbb_McciTrayApp - hkey= - key= - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
MsConfig - StartUpReg:
cfFncEnabler.exe - hkey= - key= - File not found
MsConfig - StartUpReg:
ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg:
FileOpenBroker - hkey= - key= - C:\Program Files\FileOpen\Services\FileOpenBroker32.exe (FileOpen Systems Inc.)
MsConfig - StartUpReg:
Google EULA Launcher - hkey= - key= - c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
MsConfig - StartUpReg:
HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg:
HSON - hkey= - key= - File not found
MsConfig - StartUpReg:
IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg:
Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig - StartUpReg:
msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg:
NDSTray.exe - hkey= - key= - File not found
MsConfig - StartUpReg:
Persistence - hkey= - key= - File not found
MsConfig - StartUpReg:
QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg:
RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg:
SmoothView - hkey= - key= - File not found
MsConfig - StartUpReg:
snp2std - hkey= - key= - C:\Windows\vsnp2std.exe (Sonix)
MsConfig - StartUpReg:
swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg:
SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg:
TdrOxoid - hkey= - key= - C:\Users\Blaine\AppData\Local\laacnlyp\tdroxoid.exe File not found
MsConfig - StartUpReg:
topi - hkey= - key= - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
MsConfig - StartUpReg:
Toshiba Registration - hkey= - key= - C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
MsConfig - StartUpReg:
Toshiba TEMPO - hkey= - key= - C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
MsConfig - StartUpReg:
TPwrMain - hkey= - key= - File not found
MsConfig - StartUpReg:
Windows Defender - hkey= - key= - File not found
MsConfig - StartUpReg:
WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 1
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2012/07/28 11:44:13 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Blaine\Desktop\OTL.com
[2012/07/28 09:08:36 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{403CABCB-E0F2-426D-96D8-B1B3F3831002}
[2012/07/28 09:07:44 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{7D39817E-8327-4896-9A6E-13ED48CEFEB3}
[2012/07/28 01:29:37 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{32D5344F-5F51-4B65-89CD-F5807556BE2A}
[2012/07/27 19:15:27 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/07/27 11:20:47 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{51478703-3743-475E-9959-9B2F66B377E2}
[2012/07/27 11:20:36 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{AE50A433-B0F6-44AE-8D1D-79EAD088DC3A}
[2012/07/26 23:20:08 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{0DF2DAF9-5048-40EB-A197-FCDF2FE9C1F2}
[2012/07/26 23:19:57 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{C47D8431-6F46-4459-ADC7-38DEE630BB64}
[2012/07/26 11:19:43 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{721E4EEF-A17B-4FD9-8848-A5E8DB9A5869}
[2012/07/26 11:19:32 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{2437EA5F-6CB0-428E-B284-4ABB6600D7D2}
[2012/07/25 23:19:03 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{5F131194-C97B-4F9D-8AFD-AC49EAA91E41}
[2012/07/25 23:18:46 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{5B0388A6-8CFB-409E-8B89-7218A455805A}
[2012/07/25 11:14:39 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{EFAB5FAB-8F09-40A7-94A2-76BFC83FE368}
[2012/07/25 11:14:28 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{76BF1D83-0F0C-4507-A504-7B9116829DF4}
[2012/07/24 23:14:01 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{A3D14C27-DE79-4131-9ACF-78B854D286F8}
[2012/07/24 23:13:51 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{930481DC-1BCB-4D5E-B904-E28B2D9C83B7}
[2012/07/24 11:13:25 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{DA2E512A-6DC0-4C26-AAD8-50B15793486C}
[2012/07/24 11:13:14 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{CE1A6B5E-A837-47E3-83EF-1DFEF5234E84}
[2012/07/23 23:12:47 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{21322686-A50C-47A0-99E9-D5C15AEFD913}
[2012/07/23 23:12:36 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{CF7039B7-7E6A-44D2-87EA-2344C65F2918}
[2012/07/23 11:03:56 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{2D26B34A-4FC3-4B00-90B3-E0C96C1D529B}
[2012/07/23 11:03:45 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{D0B90317-4A5C-42E3-AA64-61AFFBAE4527}
[2012/07/22 22:09:57 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{684D01E0-E71D-4542-8ACC-FB2797CEEE8C}
[2012/07/22 22:09:45 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{5F9F48ED-9C0B-445A-BC4E-3D46CEB9F523}
[2012/07/22 10:09:31 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{2FE2B905-9B3A-45A1-84FA-D984A88A7881}
[2012/07/22 10:07:59 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{08BF2E8F-4B52-490C-B86F-595BA5EDA889}
[2012/07/21 16:59:46 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{38CE05A8-1433-4CD0-AD61-689F2787CEDF}
[2012/07/21 16:59:36 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{28BC298F-851A-4E3E-A4BE-5C8190BB3456}
[2012/07/20 23:18:22 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{47C95673-AB3F-416D-9B23-722845FD8D76}
[2012/07/20 23:18:10 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{40BAFCD4-EAF6-4FDE-8161-EFAF1A3C38DF}
[2012/07/20 10:45:37 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{56BC0AB0-68FE-468E-AB7A-4094B0D65A0C}
[2012/07/20 10:45:26 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{13DF71D6-A8E7-41C0-82EC-95AEEE52D71E}
[2012/07/19 22:44:58 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{68548B9F-17B8-443E-BDA3-A762C1875A45}
[2012/07/19 22:44:44 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{8D6C7403-5948-441C-9311-3114F8293E80}
[2012/07/19 10:44:23 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{F3E4924C-ADCF-4651-B813-D0A903CFF077}
[2012/07/19 10:44:11 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{D0C459B2-60F0-4FCF-BAFF-788AAFDCEB4E}
[2012/07/18 22:43:44 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{72BF9D41-9949-4AD8-BC4B-805CC0C4F832}
[2012/07/18 22:43:32 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{81F98A7C-41CA-423F-94FA-B60AFA27B2AB}
[2012/07/18 12:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\RAR Password Unlocker
[2012/07/18 10:13:14 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{A22A02B3-98BF-443F-8254-3CC5C4559353}
[2012/07/18 10:11:55 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{ED056EE7-B600-466D-99D7-9C9BD31AA555}
[2012/07/17 21:27:00 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{7642C882-603F-4510-AEBF-426C0B136452}
[2012/07/17 21:26:46 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{EAC6A4E6-6917-4680-8BFA-10839EB0AC46}
[2012/07/17 09:26:33 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{6C8CA0D4-49AC-4BFD-A7A8-617DE65566FC}
[2012/07/17 09:26:22 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{259F1395-1FBE-4F5C-85C7-F022180A45F7}
[2012/07/16 21:25:54 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{6134F63C-BE42-40D0-AC1A-3BC530A66FB1}
[2012/07/16 21:25:43 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{9F66C947-6006-4C52-B20C-38BF933C0D40}
[2012/07/16 09:25:16 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{8569DF4C-6F4F-47C9-9460-FCCDE5298EDE}
[2012/07/16 09:25:06 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{80861E90-5528-43FC-8AFB-86C05FAAAFCF}
[2012/07/15 21:24:37 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{35448B10-DBC9-45CA-BE44-F6DE2DB769F3}
[2012/07/15 21:24:25 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{B79B309D-2971-4464-AC15-609BAF61E54C}
[2012/07/15 09:24:02 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{3619ADF9-B91D-4F07-BD4E-2A410D95EBD5}
[2012/07/15 09:23:43 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{C22A4EE8-519A-4F7B-888E-20EF04FF30A0}
[2012/07/14 13:25:32 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{B04078C1-F75D-437D-B934-AF37B3DA0599}
[2012/07/14 13:25:21 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{0E59A09D-6273-4CF7-B51D-F0A8EB670B38}
[2012/07/14 01:24:55 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{E784DEC2-0052-4809-B68A-7C9593F23490}
[2012/07/14 01:24:45 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{B15BC22C-66F4-4A2B-AD51-1D319B0989E4}
[2012/07/13 13:24:21 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{799DABB7-D191-46DB-A532-25CAF1A42142}
[2012/07/13 13:23:48 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{A0DE03D8-060F-4EA8-B58D-1596462BA090}
[2012/07/13 01:23:17 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{208F7C2B-EE9F-4075-9FF2-02C9D4997FDE}
[2012/07/13 01:23:05 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{F6C5B564-6529-49BA-98A5-C77309CC8641}
[2012/07/12 13:22:52 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{C3D8106A-398A-4848-86B4-B795143DA3A8}
[2012/07/12 13:22:40 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{88AA7A01-CC27-4172-A548-F93304186977}
[2012/07/12 01:22:19 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{C5D8F0BD-41EA-4EC5-B3A6-FCF9C171C213}
[2012/07/12 01:22:08 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{E3D28E87-D58B-4BDF-BB59-5A032EF1711D}
[2012/07/11 11:46:25 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{5FDC5B3B-6B2E-4551-B72E-5DA91ADB0EDC}
[2012/07/11 11:46:12 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{9B4ED76B-B9FC-4989-A4D2-9201F78593C0}
[2012/07/10 23:48:30 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/10 23:45:40 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{D02D9EE6-0FBA-4D28-8BB4-CEA2E7389473}
[2012/07/10 23:45:28 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{C9912BB3-966A-47EE-B46E-EE4C320C84F2}
[2012/07/10 23:44:45 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/07/10 23:44:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/10 23:44:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/10 23:44:42 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/10 23:44:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/10 23:44:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/10 23:44:41 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/07/10 23:35:17 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/10 11:45:11 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{E3E5C3BD-EED1-433A-87C0-517999784B49}
[2012/07/10 11:44:49 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{5C0DD0A7-8214-4E98-BC4E-05DCBC8D1641}
[2012/07/09 19:08:23 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{0736BD0E-3609-483F-99D8-5B58909B7861}
[2012/07/09 19:08:13 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{97A6B70A-19CE-4CFF-A9E2-A86E62F76C7F}
[2012/07/08 23:38:29 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{1ADB49BC-9B88-4697-BDFF-01AB7BA35740}
[2012/07/08 23:38:16 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{4F7C4F9A-03B6-439C-9E9C-AF059EA7BCFA}
[2012/07/08 11:38:03 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{F5B08DA2-8E60-4AD7-B885-157484943E57}
[2012/07/08 11:37:52 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{33B3476D-75FB-4A65-9B04-E04859E2C98A}
[2012/07/07 23:37:25 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{50193F45-4B9A-43E7-AA7C-302D2C4C6677}
[2012/07/07 23:37:13 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{81373DF9-F447-4478-B31E-1062D70E46F6}
[2012/07/07 11:36:58 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{70C9D3EB-4990-4A6A-B27A-9F6B87AEAD3B}
[2012/07/07 11:35:53 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{803F15CC-8E9C-4E0A-AE65-71FA5020D532}
[2012/07/06 22:39:53 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{2829D2CD-989A-41AD-8929-511F3B7994A3}
[2012/07/06 22:39:42 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{F3A5B812-0BCA-41C7-8691-F3162D0973E6}
[2012/07/06 10:25:11 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{805430EA-26C9-4589-A9E0-ED40B30096E2}
[2012/07/06 10:25:00 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{E7E7CAB7-8153-4D53-AD0A-15F0E89C067B}
[2012/07/05 18:25:15 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{DDABB8CC-709D-4EFD-B4F8-90991B007279}
[2012/07/05 18:24:59 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{8E8BDCDD-4CEB-49B4-9262-A34D4667D6DA}
[2012/07/04 01:01:48 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{736FB5C3-E222-49CF-B1F7-A1C9571E54E2}
[2012/07/04 01:01:36 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{FA6B7823-FBB1-4015-83A4-93AA88A35CC2}
[2012/07/03 12:03:08 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{DDB95FF0-1A20-452D-9B35-0AD42F4EA70D}
[2012/07/03 12:02:57 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{15D8C447-842B-458B-BCED-3BE800E444B2}
[2012/07/03 00:02:30 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{44E35712-9367-4FC9-9DD4-68107E88E780}
[2012/07/03 00:02:18 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{B3D5F3E1-3A35-4A27-ADD7-2F6A35923344}
[2012/07/02 12:01:51 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{8DAED965-14E6-4E95-A545-6F8635B9746C}
[2012/07/02 12:01:40 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{BD76DDF7-C30C-48CD-B628-80BACA525A59}
[2012/07/02 00:01:14 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{C7E3A918-0DDF-4A34-B093-F242C0EE0B50}
[2012/07/02 00:01:03 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{D3845F0A-A0BB-4C1A-B7BB-8CA4973F59C9}
[2012/07/01 12:00:46 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{6C95136A-DE3D-46D4-A1FB-ED8E3C12293E}
[2012/07/01 11:59:32 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{0ED5AA7B-E5E5-4FB7-BB32-BD6D36E71ADA}
[2012/06/30 23:06:24 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{01A9D32C-46B9-4A12-BD16-7C9118E14560}
[2012/06/30 23:06:14 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{9A1A0072-EDD6-41AC-B71A-3B614CE5662C}
[2012/06/30 11:05:53 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{EC6980FE-2A6A-43A4-9AD5-378BD8B131C8}
[2012/06/30 11:05:00 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{ABA68842-063A-4AF8-9193-2BD47E86F4DF}
[2012/06/29 22:00:02 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{527BF8AF-17A9-42B7-8205-1787DCDDCE84}
[2012/06/29 21:59:51 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{AEF547DD-149C-4460-89CD-A412C7F3E5FF}
[2012/06/29 09:59:38 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{E119FC5D-E4CD-470C-9B69-6B0CBDF17BFC}
[2012/06/29 09:59:26 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{7F2F705E-1D8D-4E29-8F40-F13B05A9078F}
[2012/06/28 22:53:18 | 000,000,000 | ---D | C] -- C:\Users\Blaine\AppData\Local\{4A284E36-E6A1-433B-97D1-6606BE61081F}
[2009/06/01 00:29:56 | 000,210,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Blaine\uninstall_flash_player.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2012/07/28 11:42:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/28 11:38:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/28 11:37:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 11:37:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 11:37:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/28 11:37:29 | 2009,067,520 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/28 10:37:04 | 001,012,656 | ---- | M] () -- C:\Users\Blaine\Desktop\rkill.exe
[2012/07/28 10:31:38 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Blaine\Desktop\OTL.com
[2012/07/28 09:27:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/28 01:27:47 | 000,360,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/28 01:25:00 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/07/27 19:35:37 | 000,183,538 | ---- | M] () -- C:\Users\Blaine\Documents\cc_20120727_193520.reg
[2012/07/27 19:15:27 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/07/26 23:28:03 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/26 23:28:03 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/23 21:22:31 | 000,621,966 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/23 21:22:31 | 000,114,848 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/19 09:55:29 | 000,219,648 | ---- | M] () -- C:\Users\Blaine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/11 19:40:55 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/03 00:36:54 | 000,596,323 | ---- | M] () -- C:\Users\Blaine\Desktop\CV BLAINE HOLLOWAY TEACHING.pdf
[2012/07/03 00:36:28 | 000,390,953 | ---- | M] () -- C:\Users\Blaine\Desktop\CV BLAINE HOLLOWAY BUSINESS.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ========== [2012/07/28 11:42:11 | 001,012,656 | ---- | C] () -- C:\Users\Blaine\Desktop\rkill.exe
[2012/07/28 09:05:30 | 2009,067,520 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/27 19:35:29 | 000,183,538 | ---- | C] () -- C:\Users\Blaine\Documents\cc_20120727_193520.reg
[2012/07/27 16:41:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/02/09 22:01:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\Snape50.bin
[2012/02/09 22:01:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\Snape40.bin
[2012/02/09 21:59:35 | 000,032,768 | ---- | C] () -- C:\Windows\System32\snape20.bin
[2011/11/16 04:48:14 | 000,000,680 | ---- | C] () -- C:\Users\Blaine\AppData\Local\d3d9caps.dat
[2011/08/08 10:58:14 | 000,000,020 | ---- | C] () -- C:\Windows\System32\pub_store.dat
[2011/05/19 13:39:31 | 000,001,940 | ---- | C] () -- C:\Users\Blaine\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/24 22:15:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/03 06:53:17 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Unl.exe
[2009/03/30 15:21:36 | 000,103,784 | ---- | C] () -- C:\Users\Blaine\GoToAssistDownloadHelper.exe
[2009/03/09 22:29:21 | 000,219,648 | ---- | C] () -- C:\Users\Blaine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== Custom Scans ========== ========== Drive Information ========== Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: FUJITSU MHZ2160BH G1
Partitions: 3
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE1 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: Kingston DataTraveler G2 USB Device
Partitions: 1
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1.00GB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 74.00GB
Starting Offset: 1573912576
Hidden sectors: 0
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 73.00GB
Starting Offset: 81427169280
Hidden sectors: 0
DeviceID: Disk #1, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 4.00GB
Starting Offset: 4128768
Hidden sectors: 0
< %SYSTEMDRIVE%\*.exe > < %systemroot%\assembly\GAC_32\*.ini > < %systemroot%\assembly\GAC_64\*.ini > < %SYSTEMDRIVE%\*.exe > < %ALLUSERSPROFILE%\Application Data\*.exe > < %APPDATA%\*. >[2009/06/01 00:32:02 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Adobe
[2011/11/05 12:32:10 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Amazon
[2010/09/22 01:32:19 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Apple Computer
[2011/11/26 03:52:08 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\BitZipper
[2010/08/08 03:28:01 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Chinatelecom
[2009/03/08 17:15:45 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Datalayer
[2011/12/15 19:54:56 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Digiarty
[2011/04/16 20:47:27 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\DivX
[2009/09/16 21:44:50 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\DriverCure
[2012/01/03 20:44:53 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\dvdcss
[2011/11/03 23:37:50 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\FileOpen
[2011/04/01 13:28:34 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\GetRightToGo
[2011/11/14 12:28:11 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Google
[2009/03/08 16:25:33 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Identities
[2009/03/08 16:25:16 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\InstallShield
[2009/03/30 13:52:09 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Macromedia
[2012/01/12 12:07:44 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Malwarebytes
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Media Center Programs
[2012/04/10 18:49:42 | 000,000,000 | --SD | M] -- C:\Users\Blaine\AppData\Roaming\Microsoft
[2009/03/30 15:10:28 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Motive
[2010/10/21 00:08:18 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Moyea
[2009/05/09 13:33:48 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\myphotobook
[2009/03/10 23:57:37 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Nokia
[2011/09/04 04:50:49 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Panasonic
[2009/03/10 23:58:09 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\PC Suite
[2011/11/24 13:19:20 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Real
[2011/09/04 04:48:03 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Skype
[2011/06/13 00:14:20 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\skypePM
[2011/09/27 14:04:39 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\SmartDraw
[2010/05/01 19:13:03 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Symantec
[2012/07/27 19:30:37 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\Tencent
[2010/09/10 08:30:29 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\WinRAR
[2010/08/08 03:16:38 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\ZTEDRIVER
[2010/08/08 02:38:41 | 000,000,000 | ---D | M] -- C:\Users\Blaine\AppData\Roaming\ZTEEVDO
< MD5 for: ATAPI.SYS >[2008/03/12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/03/12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/03/12 07:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
< MD5 for: CSRSS.EXE >[2008/01/21 03:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\System32\csrss.exe
[2008/01/21 03:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe
< MD5 for: EXPLORER.EXE >[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: MSWSOCK.DLL >[2009/04/11 07:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\System32\mswsock.dll
[2009/04/11 07:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/21 03:24:02 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
< MD5 for: NAPINSP.DLL >[2008/01/21 03:24:29 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\System32\NapiNSP.dll
[2008/01/21 03:24:29 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll
< MD5 for: NLAAPI.DLL >[2008/01/21 03:23:44 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\System32\nlaapi.dll
[2008/01/21 03:23:44 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_6785f5c70aea4565\nlaapi.dll
< MD5 for: PNRPNSP.DLL >[2008/01/21 03:25:26 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\System32\pnrpnsp.dll
[2008/01/21 03:25:26 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpnsp.dll
< MD5 for: SERVICES.EXE >[2008/01/21 03:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
< MD5 for: SVCHOST.EXE >[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< MD5 for: USERINIT.EXE >[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WINLOGON.EXE >[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WINRNR.DLL >[2009/04/11 07:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\System32\winrnr.dll
[2009/04/11 07:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 10:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\winrnr.dll
< MD5 for: WSHELPER.DLL >[2006/11/02 10:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\System32\wshelper.dll
[2006/11/02 10:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll
< %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/11/14 12:11:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/11/14 12:11:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/11/14 12:11:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/02 10:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/06/02 10:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/11/14 12:11:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/11/14 12:11:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/11/14 12:11:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/02 10:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/06/02 10:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
< %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > ========== Files - Unicode (All) ==========(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件
========== Alternate Data Streams ========== @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >