Browsers too?
Totally Screwed Up Laptop
Started by
Ardant
, Oct 02 2012 05:19 PM
#16
Posted 04 October 2012 - 11:16 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Browsers too?
#17
Posted 05 October 2012 - 05:24 AM
Ardant
- Topic Starter
-
- Member
-
- 229 posts
Member
Yes. It looks like wireless and hardwire connections are working.
#18
Posted 05 October 2012 - 10:14 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Great. Then we can get back to cleaning the system.
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml
You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 32
Java™ 6 Update 6
Get the latest Java at:
http://www.java.com/en/
Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.
Now turn off Java in your browser per the instructions in http://www.geekstogo...ur-web-browser/
Also uninstall any of these that you can find:
BabylonObjectInstaller -adware
Ask Toolbar -adware
NetZero Internet Access Installer -surely you are not on dialup any more
Adobe Reader 9.5.0 -This is obsolete. Visit adobe.com and get the latest version of Adobe reader (and Adobe Flash). Do not let them install any foistware like Yahoo toolbar, Ask toolbar or McAfee Security Scan
Bing Bar -unneeded
Advanced SystemCare 4 -Chinese ripoff of MalwareBytes
IObit Malware Fighter -Not needed
IObitCom Toolbar -adware
McAfee Security Scan Plus -adware
Search-Results Toolbar -adware
Yahoo! Toolbar -adware
iLivid -not recommended
Download the adwCleaner
Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply
ComboFix
:!: It must be saved to your desktop, do not run it from your browser:!:
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html
Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Rightclick on ComboFix and select Run As Administrator to start the program.
* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.
If TDSSKiller alerts you that the system needs to reboot, please consent.
Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', make sure it updates before doing a scan:!:
http://www.malwareby...lwarebytes_free
SAVE Malwarebytes' Anti-Malware to your desktop.
* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.
Reboot.
1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application.
Copy the text in the code box:
Run OTL (Vista or Win 7 => right click and Run As Administrator)
Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
Select the All option in the Extra Registry group then Run Scan.
You should get two logs. Please copy and paste both of them.
Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner
Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml
You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 32
Java™ 6 Update 6
Get the latest Java at:
http://www.java.com/en/
Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.
Now turn off Java in your browser per the instructions in http://www.geekstogo...ur-web-browser/
Also uninstall any of these that you can find:
BabylonObjectInstaller -adware
Ask Toolbar -adware
NetZero Internet Access Installer -surely you are not on dialup any more
Adobe Reader 9.5.0 -This is obsolete. Visit adobe.com and get the latest version of Adobe reader (and Adobe Flash). Do not let them install any foistware like Yahoo toolbar, Ask toolbar or McAfee Security Scan
Bing Bar -unneeded
Advanced SystemCare 4 -Chinese ripoff of MalwareBytes
IObit Malware Fighter -Not needed
IObitCom Toolbar -adware
McAfee Security Scan Plus -adware
Search-Results Toolbar -adware
Yahoo! Toolbar -adware
iLivid -not recommended
Download the adwCleaner
- Run the Tool
Windows Vista and Windows 7 users:
Right click in the adwCleaner.exe and select the option
- Select the Delete button.
- When the scan completes, it will open a notepad windows.
- Please, copy the content of this file in your next reply.
Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply
ComboFix
:!: It must be saved to your desktop, do not run it from your browser:!:
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html
Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Rightclick on ComboFix and select Run As Administrator to start the program.
* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.
If TDSSKiller alerts you that the system needs to reboot, please consent.
Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', make sure it updates before doing a scan:!:
http://www.malwareby...lwarebytes_free
SAVE Malwarebytes' Anti-Malware to your desktop.
* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc /scannow
(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.
Reboot.
1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application.
Copy the text in the code box:
DRIVES nnetsvcs %SYSTEMDRIVE%\*.exe %systemroot%\assembly\GAC_32\*.ini %systemroot%\assembly\GAC_64\*.ini msconfig safebootminimal safebootnetwork activex drivers32 %SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*.exe %APPDATA%\*. /md5start pnrpnsp.dll nwprovau.dll nlaapi.dll napinsp.dll mswsock.dll winrnr.dll wshelper.dll services.exe atapi.sys explorer.exe winlogon.exe Userinit.exe svchost.exe csrss.exe PrintIsolationHost.exe consrv.dll /md5stop %systemroot%\*. /mp /s hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemdrive%\$Recycle.Bin|@;true;true;true /fp %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT
Run OTL (Vista or Win 7 => right click and Run As Administrator)
Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
Select the All option in the Extra Registry group then Run Scan.
You should get two logs. Please copy and paste both of them.
Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner
Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
#19
Posted 06 October 2012 - 11:22 AM
Ardant
- Topic Starter
-
- Member
-
- 229 posts
Member
AdwCleaner v2.003 - Logfile created 10/05/2012 at 19:01:25
# Updated 23/09/2012 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : Lindsay - SUMMERCAMP20-PC
# Boot Mode : Normal
# Running from : C:\Users\Lindsay\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Deleted on reboot : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkidpdfiogmbfogbadljpeeljpildncm
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Lindsay\AppData\Local\funmoods.crx
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\Funmoods
Folder Deleted : C:\Program Files\Playbryte
Folder Deleted : C:\Program Files\PricePeep
Folder Deleted : C:\Program Files\searchresults1
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkidpdfiogmbfogbadljpeeljpildncm
Folder Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki
Folder Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Folder Deleted : C:\Users\Lindsay\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Lindsay\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Lindsay\AppData\LocalLow\Playbryte
Folder Deleted : C:\Users\Lindsay\AppData\LocalLow\searchresults1
Folder Deleted : C:\Users\Nathan\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Nathan\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Summer Camp 2009\AppData\Local\Temp\{94366e2c-9923-431c-b0d6-747447dd0f2b}
Folder Deleted : C:\Users\Summer Camp 2009\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Summer Camp 2009\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\Summer Camp 2009\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Summer Camp 2009\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Summer Camp 2009\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Summer Camp 2009\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Summer Camp 2009\AppData\Roaming\Mozilla\Firefox\Profiles\ho0x604r.default\extensions\{94366e2c-9923-431c-b0d6-747447dd0f2b}
Folder Deleted : C:\Users\Summer Camp 2009\AppData\Roaming\Mozilla\Firefox\Profiles\ho0x604r.default\extensions\[email protected]
Folder Deleted : C:\Users\Summer Camp 2009\AppData\Roaming\Mozilla\Firefox\Profiles\ho0x604r.default\searchresults1
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registry] *****
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bkidpdfiogmbfogbadljpeeljpildncm
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Funmoods Web Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Playbryte
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{61E0EF7A-9BC0-45ea-9B2F-F3E9F02692BD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{61E0EF7A-9BC0-45ea-9B2F-F3E9F02692BD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods Web Search
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61E0EF7A-9BC0-45ea-9B2F-F3E9F02692BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2384137
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bkidpdfiogmbfogbadljpeeljpildncm
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61E0EF7A-9BC0-45ea-9B2F-F3E9F02692BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Playbryte
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Key Deleted : HKLM\Software\Playbryte
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com/web?l=dis&o=41648007&gct=hp&apn_dtid=^YYYYYY^YY^CA&apn_ptnrs=^8M&apn_uid=0155073995034773&p2=^8M^YYYYYY^YY^CA --> hxxp://www.google.com
-\\ Mozilla Firefox v9.0.1 (en-US)
Profile name : default
File : C:\Users\Summer Camp 2009\AppData\Roaming\Mozilla\Firefox\Profiles\ho0x604r.default\prefs.js
C:\Users\Summer Camp 2009\AppData\Roaming\Mozilla\Firefox\Profiles\ho0x604r.default\user.js ... Deleted !
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=112555&tt=220512_53all&babsr[...]
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=220512_53all");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "1e7e77810000000000000024d23ee356");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "1e7e77810000000000000024d23ee356");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15488");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112555&tt=22051[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:07:06");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Profile name : default
File : C:\Users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\tchnz5cr.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Users\Summer Camp 2009\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.35] : icon_url = "hxxp://search.conduit.com/fav.ico",
Deleted [l.38] : keyword = "search.conduit.com",
Deleted [l.41] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3212692",
Deleted [l.42] : suggest_url = "hxxp://search.conduit.com/"
File : C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [15853 octets] - [05/10/2012 19:01:25]
########## EOF - C:\AdwCleaner[S1].txt - [15914 octets] ##########
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-05 19:20:01
-----------------------------
19:20:01.161 OS Version: Windows 6.0.6002 Service Pack 2
19:20:01.161 Number of processors: 2 586 0xF0D
19:20:01.177 ComputerName: SUMMERCAMP20-PC UserName: Lindsay
19:20:02.206 Initialize success
19:21:05.990 AVAST engine defs: 12100502
19:21:27.986 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:21:27.986 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
19:21:28.001 Disk 0 MBR read successfully
19:21:28.001 Disk 0 MBR scan
19:21:28.017 Disk 0 Windows VISTA default MBR code
19:21:28.017 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:21:28.033 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 229585 MB offset 3074048
19:21:28.095 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 7389 MB offset 473264128
19:21:28.111 Disk 0 scanning sectors +488396800
19:21:28.173 Disk 0 scanning C:\Windows\system32\drivers
19:21:47.299 Service scanning
19:22:18.190 Modules scanning
19:22:26.598 AVAST engine scan C:\Windows
19:22:34.259 AVAST engine scan C:\Windows\system32
19:28:29.600 AVAST engine scan C:\Windows\system32\drivers
19:28:49.787 AVAST engine scan C:\Users\Lindsay
19:39:41.390 File: C:\Users\Lindsay\Downloads\Setup.exe **INFECTED** Win32:Rootkit-gen [Rtk]
19:40:47.178 AVAST engine scan C:\ProgramData
19:52:29.062 Scan finished successfully
20:32:15.331 Disk 0 MBR has been saved successfully to "C:\Users\Lindsay\Desktop\october issues\MBR.dat"
20:32:15.347 The log file has been saved successfully to "C:\Users\Lindsay\Desktop\october issues\aswMBR.txt"
ComboFix 12-10-04.02 - Lindsay 10/05/2012 20:44:10.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1915.938 [GMT -4:00]
Running from: c:\users\Lindsay\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-06 to 2012-10-06 )))))))))))))))))))))))))))))))
.
.
2012-10-06 00:57 . 2012-10-06 00:57 -------- d-----w- c:\users\Summer Camp 2009\AppData\Local\temp
2012-10-06 00:57 . 2012-10-06 00:57 -------- d-----w- c:\users\Nathan\AppData\Local\temp
2012-10-06 00:57 . 2012-10-06 00:58 -------- d-----w- c:\users\Lindsay\AppData\Local\temp
2012-10-06 00:57 . 2012-10-06 00:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-05 22:03 . 2012-10-05 22:03 -------- d-----w- c:\program files\Common Files\Java
2012-10-05 22:02 . 2012-10-05 22:01 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-05 04:50 . 2012-10-05 04:51 -------- d-----w- c:\program files\McAfeeMOBK
2012-10-05 04:50 . 2010-04-14 00:10 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2012-10-05 04:50 . 2012-10-05 04:50 -------- d-----w- c:\program files\McAfee Online Backup
2012-10-05 04:49 . 2012-04-20 20:40 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2012-10-05 04:49 . 2012-09-14 20:26 64832 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
2012-10-05 04:49 . 2012-10-05 04:49 -------- d-----w- c:\users\Lindsay\AppData\Local\McAfee Anti-Theft
2012-10-05 04:49 . 2012-07-17 19:08 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-10-05 04:49 . 2012-07-17 19:12 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-10-05 04:49 . 2012-07-17 19:08 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-10-05 04:49 . 2012-07-17 19:05 360792 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-10-05 04:49 . 2012-07-17 19:05 61912 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-10-05 04:49 . 2012-07-17 19:05 230224 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-10-05 04:48 . 2012-10-05 04:48 -------- d-----w- c:\program files\McAfee.com
2012-10-05 04:40 . 2012-07-17 19:09 166320 ----a-w- c:\windows\system32\mfevtps.exe
2012-10-05 04:37 . 2012-10-05 04:37 -------- d-----w- c:\users\Lindsay\AppData\Local\Macromedia
2012-10-05 04:05 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-10-05 03:57 . 2012-02-11 19:43 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACEF80A1-16AD-44F3-B52D-631839B3C201}\gapaengine.dll
2012-10-05 03:57 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-10-05 03:57 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-10-05 03:56 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-10-05 03:56 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-10-05 03:56 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-10-05 03:56 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-10-05 03:56 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-10-05 03:46 . 2012-09-19 04:59 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CFB2450-DEAE-47E5-9025-9088B8640D9F}\mpengine.dll
2012-10-05 03:43 . 2012-09-19 04:59 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F219359-16D4-468A-947E-CD8F88CEEF13}\mpengine.dll
2012-10-04 23:37 . 2012-10-04 23:37 -------- d-----w- c:\users\Lindsay\AppData\Local\MigWiz
2012-10-01 05:08 . 2012-10-01 05:08 -------- d-----w- c:\users\Lindsay\AppData\Local\Mozilla
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-05 22:01 . 2012-05-03 05:22 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-05 22:01 . 2012-05-03 05:22 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-31 02:03 . 2012-08-31 02:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 02:03 . 2012-03-21 00:44 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-24 15:02 . 2012-08-11 19:48 21840 ----atw- c:\windows\system32\SIntfNT.dll
2012-08-24 15:02 . 2012-08-11 19:48 17212 ----atw- c:\windows\system32\SIntf32.dll
2012-08-24 15:02 . 2012-08-11 19:48 12067 ----atw- c:\windows\system32\SIntf16.dll
2012-08-11 19:48 . 2012-08-11 19:48 1409 ----a-w- c:\windows\QTFont.for
2012-07-17 19:09 . 2012-07-17 19:09 206784 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-07-17 19:07 . 2012-07-17 19:07 554048 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-07-17 19:04 . 2012-07-17 19:04 127992 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-03-10 00:58 . 2011-12-09 01:37 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"NDSTray.exe"="NDSTray.exe" [BU]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"TMWebProtectTray"="c:\program files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe" [2009-09-02 288136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-06-05 296056]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Auto Detect.lnk - c:\program files\iConcepts Music Express\MEAutoDetect.exe [2010-3-20 270336]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-29 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-10 00:57]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-10 00:57]
.
2012-06-24 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
.
2012-10-05 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-01-30 22:17]
.
2012-06-24 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Lindsay\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Lindsay\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 64.71.255.198
FF - ProfilePath - c:\users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\tchnz5cr.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKU-Default-Run-Advanced SystemCare 4 - c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe
AddRemove-Scooby-Doo™, Phantom of the Knight™ - c:\program files\The Learning Company\Scooby-Doo™
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-05 20:58
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????g?R,$??h?????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}"=hex:51,66,7a,6c,4c,1d,38,12,07,04,c9,
0f,40,b3,9a,0c,ed,70,a2,bb,05,11,09,9b
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:1d,e4,e2,89,7d,3e,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,9f,60,5d,f3,43,a2,48,9e,cd,72,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,9f,60,5d,f3,43,a2,48,9e,cd,72,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,9f,60,5d,f3,43,a2,48,9e,cd,72,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-10-05 21:01:59
ComboFix-quarantined-files.txt 2012-10-06 01:01
.
Pre-Run: 73,305,907,200 bytes free
Post-Run: 74,464,067,584 bytes free
.
- - End Of File - - 506D1F6736DB135378397FC8256BED07
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 06/10/2012 11:45:50 AM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 06/10/2012 3:32:37 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 06/10/2012 11:50:52 AM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 06/10/2012 3:37:31 PM
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {8e170d5c-a72b-4a1f-94d2-b7df54cb2467}
Log: 'Application' Date/Time: 06/10/2012 3:35:17 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL logfile created on: 10/6/2012 11:54:11 AM - Run 4
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Lindsay\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.87 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 54.75% Memory free
3.98 Gb Paging File | 2.69 Gb Available in Paging File | 67.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.20 Gb Total Space | 68.87 Gb Free Space | 30.72% Space Free | Partition Type: NTFS
Drive D: | 575.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: SUMMERCAMP20-PC | User Name: Lindsay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/10/02 18:34:30 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Lindsay\Desktop\OTL.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/09/12 12:21:04 | 001,278,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/09/10 21:08:30 | 000,513,888 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MAT\McPvTray.exe
PRC - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2012/08/14 13:58:58 | 000,646,800 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\saUI.exe
PRC - [2012/07/17 15:09:30 | 000,166,320 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2012/07/17 15:05:48 | 000,168,368 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2012/07/17 15:03:46 | 000,200,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2012/06/15 12:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2012/06/05 13:57:25 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/03/09 20:58:55 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/11 12:00:30 | 000,028,766 | ---- | M] (IObit) -- C:\Program Files\IObitBar\toolbar\1.bin\i0barsvc.exe
PRC - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2009/09/02 03:29:54 | 000,288,136 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe
PRC - [2009/09/02 03:29:52 | 000,591,232 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtect.exe
PRC - [2009/07/20 15:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 15:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/11 12:05:06 | 000,685,320 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Web Protection Add-On\TmProxy.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/08/04 17:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2008/07/19 00:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/02 17:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/05/09 15:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/24 16:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/17 03:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/17 03:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 03:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/15 21:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 21:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/08 19:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 17:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/02/06 17:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/12/03 21:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2005/12/28 07:21:37 | 000,270,336 | ---- | M] () -- C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
========== Modules (No Company Name) ==========
MOD - [2012/03/09 20:58:54 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/20 15:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2008/03/06 14:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2007/12/25 16:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007/12/15 01:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/10/10 14:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 14:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2005/12/28 07:21:37 | 000,270,336 | ---- | M] () -- C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
========== Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/10/04 23:15:17 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/10 17:44:06 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012/07/17 15:09:30 | 000,166,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/07/17 15:05:48 | 000,168,368 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/07/17 15:03:46 | 000,200,816 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/06/15 12:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/05/04 09:38:03 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/07/06 19:28:00 | 003,980,648 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/07/11 12:00:30 | 000,028,766 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObitBar\toolbar\1.bin\i0barsvc.exe -- (IObitBarService)
SRV - [2010/06/18 21:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2009/09/02 03:29:52 | 000,591,232 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtect.exe -- (TMWebProtect)
SRV - [2009/07/20 15:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/03/11 12:05:06 | 000,685,320 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Web Protection Add-On\TmProxy.exe -- (TmProxy)
SRV - [2008/08/04 17:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2008/07/19 00:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/17 03:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 19:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/15 21:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/02/06 17:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 21:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Lindsay\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/10/05 22:47:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/09/14 16:26:32 | 000,064,832 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\McPvDrv.sys -- (McPvDrv)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/07/17 15:12:34 | 000,060,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2012/07/17 15:09:42 | 000,206,784 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/07/17 15:08:10 | 000,092,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/07/17 15:07:00 | 000,554,048 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/07/17 15:05:58 | 000,360,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/07/17 15:05:38 | 000,061,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/07/17 15:05:18 | 000,230,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/07/17 15:04:46 | 000,127,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/04/20 16:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/03/11 12:05:20 | 000,083,728 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2008/07/28 19:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/18 22:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 20:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/15 13:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/02 03:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TMPassthru.sys -- (TMPassthruMP)
DRV - [2008/03/02 03:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TMPassthru.sys -- (TMPassthru)
DRV - [2008/01/18 12:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/14 15:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 18:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 17:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 02:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/09 02:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSHB&bmod=TSHB
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{099EF85B-3260-4b87-9239-33355EE6A548}: "URL" = http://results.myway...r={searchTerms}
IE - HKLM\..\SearchScopes\{5D7ECE36-D93B-4DD9-B3A4-71B183018E6D}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{5788BBE2-AAE4-452F-8448-E2918185C310}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{5D7ECE36-D93B-4DD9-B3A4-71B183018E6D}: "URL" = http://www.google.co...&rlz=1I7TSHB_en
IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = Playbryte/search/redirect/?type=default&user_id=1f8cacb7-bf35-4b56-8be4-587c70d1dd74&query={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@IObitBar.com/Plugin: C:\Program Files\IObitBar\toolbar\1.bin\NPi0Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\IObitBar\toolbar\1.bin [2011/05/01 14:58:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/10/05 07:22:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/29 13:40:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/06 22:53:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/09 20:58:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/05 18:10:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2012/10/05 00:49:52 | 000,000,000 | ---D | M]
[2012/10/01 01:08:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lindsay\AppData\Roaming\Mozilla\Extensions
[2012/10/05 18:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\tchnz5cr.default\extensions
[2012/10/05 17:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/03 01:48:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012/03/09 20:58:56 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/05 13:57:51 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/03/09 20:58:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/28 18:11:00 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/06/05 13:58:00 | 000,000,686 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\searchresultstb.xml
[2012/03/09 20:58:51 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U32 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Belly Fat Loss = C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigheomkejbcjibbidhmnafdehjmfdan\3.2.9_0\
CHR - Extension: SiteAdvisor = C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: SiteAdvisor = C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: We Heart It = C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblenkmcolcdonmlfknbpbgjebabcoae\2.1.6_0\
CHR - Extension: We Heart It = C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblenkmcolcdonmlfknbpbgjebabcoae\2.4.4_0\
CHR - Extension: ShopAtHome.com extension = C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp\6.0.5.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
O1 HOSTS File: ([2012/10/05 20:58:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TMWebProtectTray] C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Lindsay\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lindsay\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6099CFF0-8952-40D1-9DB5-CBF03C339178}: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEA9D800-00C2-4C5B-95BF-100AA44EA173}: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img29.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img29.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/02 18:41:32 | 000,094,208 | R--- | M] (Knowledge Adventure) - D:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2005/09/07 12:12:19 | 000,003,930 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: Messenger - Service
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SafeBootNet: mfefirek - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/10/05 22:47:06 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/10/05 21:10:53 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lindsay\Desktop\tdsskiller.exe
[2012/10/05 21:02:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/05 21:02:01 | 000,000,000 | ---D | C] -- C:\Users\Lindsay\AppData\Local\temp
[2012/10/05 20:39:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/05 20:39:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/05 20:39:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/05 20:39:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/05 20:37:18 | 004,762,471 | R--- | C] (Swearware) -- C:\Users\Lindsay\Desktop\ComboFix.exe
[2012/10/05 19:14:57 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Lindsay\Desktop\aswMBR.exe
[2012/10/05 19:11:18 | 000,000,000 | ---D | C] -- C:\Users\Lindsay\Desktop\october issues
[2012/10/05 18:07:20 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/10/05 18:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/10/05 18:02:49 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/10/05 18:02:10 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/10/05 18:02:10 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/10/05 18:02:10 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/10/05 00:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
[2012/10/05 00:50:34 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Online Backup
[2012/10/05 00:50:31 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\Windows\System32\drivers\MOBK.sys
[2012/10/05 00:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2012/10/05 00:49:59 | 000,146,872 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\HipShieldK.sys
[2012/10/05 00:49:55 | 000,064,832 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\McPvDrv.sys
[2012/10/05 00:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/10/05 00:49:43 | 000,000,000 | R-SD | C] -- C:\Users\Lindsay\Documents\McAfee Vaults
[2012/10/05 00:49:43 | 000,000,000 | ---D | C] -- C:\Users\Lindsay\AppData\Local\McAfee Anti-Theft
[2012/10/05 00:49:11 | 000,009,648 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2012/10/05 00:49:05 | 000,360,792 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2012/10/05 00:49:05 | 000,230,224 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2012/10/05 00:49:05 | 000,092,192 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2012/10/05 00:49:05 | 000,061,912 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2012/10/05 00:49:05 | 000,060,480 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2012/10/05 00:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2012/10/05 00:40:31 | 000,166,320 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2012/10/05 00:37:15 | 000,000,000 | ---D | C] -- C:\Users\Lindsay\AppData\Local\Macromedia
[2012/10/05 00:16:52 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/10/05 00:16:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/10/05 00:16:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/10/05 00:16:51 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/10/05 00:16:50 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/10/05 00:16:49 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/10/05 00:16:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/10/05 00:16:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/10/05 00:05:18 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/10/04 23:56:55 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/10/04 19:37:24 | 000,000,000 | ---D | C] -- C:\Users\Lindsay\AppData\Local\MigWiz
[2012/10/03 17:57:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2012/10/03 17:56:39 | 000,693,265 | ---- | C] (Farbar) -- C:\Users\Lindsay\Desktop\FSS.exe
[2012/10/02 18:37:18 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Lindsay\Desktop\OTL.exe
[2012/10/01 01:08:21 | 000,000,000 | ---D | C] -- C:\Users\Lindsay\AppData\Local\Mozilla
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/10/06 11:42:42 | 000,001,746 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2012/10/06 11:41:04 | 000,061,440 | ---- | M] ( ) -- C:\Users\Lindsay\Desktop\VEW.exe
[2012/10/06 11:38:04 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/06 11:35:10 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/06 11:35:10 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/06 11:35:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/06 11:35:01 | 2009,067,520 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/06 11:24:08 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/05 22:47:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/10/05 22:32:22 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2012/10/05 22:21:37 | 000,000,941 | ---- | M] () -- C:\Users\Lindsay\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/10/05 22:21:37 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/05 21:10:56 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lindsay\Desktop\tdsskiller.exe
[2012/10/05 20:58:35 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/05 20:37:20 | 004,762,471 | R--- | M] (Swearware) -- C:\Users\Lindsay\Desktop\ComboFix.exe
[2012/10/05 19:14:13 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Lindsay\Desktop\aswMBR.exe
[2012/10/05 18:49:52 | 000,513,501 | ---- | M] () -- C:\Users\Lindsay\Desktop\adwcleaner.exe
[2012/10/05 18:01:45 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/10/05 18:01:39 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/10/05 18:01:39 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/10/05 18:01:38 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/10/05 18:01:38 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/10/05 18:01:38 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/10/05 18:00:00 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/10/05 00:25:27 | 000,394,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/10/05 00:13:07 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/05 00:13:04 | 000,613,270 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/05 00:13:04 | 000,108,196 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/04 23:25:47 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/10/03 17:52:12 | 000,693,265 | ---- | M] (Farbar) -- C:\Users\Lindsay\Desktop\FSS.exe
[2012/10/03 17:52:00 | 004,009,167 | ---- | M] () -- C:\Users\Lindsay\Desktop\ServicesRepair.exe
[2012/10/02 18:34:30 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Lindsay\Desktop\OTL.exe
[2012/10/01 15:47:38 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2012/09/14 16:26:32 | 000,064,832 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\McPvDrv.sys
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/10/06 11:40:38 | 000,061,440 | ---- | C] ( ) -- C:\Users\Lindsay\Desktop\VEW.exe
[2012/10/05 22:32:22 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2012/10/05 22:21:37 | 000,000,941 | ---- | C] () -- C:\Users\Lindsay\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/10/05 22:21:37 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/05 20:39:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/05 20:39:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/05 20:39:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/05 20:39:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/05 20:39:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/05 18:57:27 | 000,513,501 | ---- | C] () -- C:\Users\Lindsay\Desktop\adwcleaner.exe
[2012/10/05 00:51:54 | 000,001,746 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2012/10/04 19:08:19 | 2009,067,520 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/03 17:56:55 | 004,009,167 | ---- | C] () -- C:\Users\Lindsay\Desktop\ServicesRepair.exe
[2012/08/12 18:30:06 | 000,000,295 | ---- | C] () -- C:\Windows\ka.ini
[2012/08/11 15:48:16 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2012/08/11 15:48:16 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2012/08/11 15:48:16 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2012/08/11 15:48:12 | 000,000,305 | ---- | C] () -- C:\Windows\EReg515.dat
[2012/08/11 15:45:49 | 000,000,909 | ---- | C] () -- C:\Windows\disney.ini
[2012/06/03 15:48:20 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012/06/03 15:46:08 | 000,000,095 | ---- | C] () -- C:\Users\Lindsay\AppData\Local\fusioncache.dat
[2012/06/02 21:54:38 | 000,015,872 | ---- | C] () -- C:\Users\Lindsay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/15 17:35:50 | 000,004,096 | -H-- | C] () -- C:\Users\Lindsay\AppData\Local\keyfile3.drm
[2012/01/14 17:26:14 | 000,022,032 | ---- | C] () -- C:\Windows\DCEBoot.exe
[2011/10/29 13:29:15 | 000,207,226 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011/07/10 18:21:47 | 000,000,075 | ---- | C] () -- C:\Windows\muppets2pc.ini
[2011/07/10 18:21:47 | 000,000,026 | ---- | C] () -- C:\Windows\ESINSTALL.INI
[2010/10/21 20:41:51 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2010/10/09 15:57:59 | 000,017,929 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010/10/09 14:13:17 | 000,000,484 | ---- | C] () -- C:\Windows\eReg.dat
========== ZeroAccess Check ==========
[2006/11/02 08:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD2500BEVS-26VAT0
Partitions: 3
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1.00GB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 224.00GB
Starting Offset: 1573912576
Hidden sectors: 0
DeviceID: Disk #0, Partition #2
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 7.00GB
Starting Offset: 242311233536
Hidden sectors: 0
< %SYSTEMDRIVE%\*.exe >
[2011/08/11 13:06:26 | 002,551,808 | ---- | M] (MarvelQuest) -- C:\MFPatcher.exe
< %systemroot%\assembly\GAC_32\*.ini >
< %systemroot%\assembly\GAC_64\*.ini >
< %SYSTEMDRIVE%\*.exe >
[2011/08/11 13:06:26 | 002,551,808 | ---- | M] (MarvelQuest) -- C:\MFPatcher.exe
< %ALLUSERSPROFILE%\Application Data\*.exe >
< %APPDATA%\*. >
[2012/04/23 00:57:07 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\Adobe
[2012/04/20 10:20:30 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\Apple Computer
[2012/08/11 15:40:54 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\ArcSoft
[2012/06/03 16:25:43 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\DVDVideoSoft
[2012/06/03 16:07:46 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/05/09 22:22:43 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\HP
[2012/03/25 15:39:55 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\Identities
[2012/10/05 18:11:53 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\IObit
[2012/03/25 15:40:47 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\Logitech
[2012/03/25 20:24:28 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\Macromedia
[2012/03/25 15:41:10 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\Malwarebytes
[2012/10/05 00:37:15 | 000,000,000 | --SD | M] -- C:\Users\Lindsay\AppData\Roaming\Microsoft
[2012/10/01 01:08:32 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\Mozilla
[2012/10/05 15:33:53 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\MP3Rocket
[2012/10/04 23:18:50 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\Real
[2012/06/27 07:37:16 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\Sony
[2012/04/20 17:16:20 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\vlc
[2012/08/22 14:25:48 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\WildTangent
[2012/04/15 00:23:49 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\Yahoo!
< MD5 for: ATAPI.SYS >
[2008/03/12 02:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\ERDNT\cache\atapi.sys
[2008/03/12 02:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008/03/12 02:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/03/12 02:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/03/12 02:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
< MD5 for: CSRSS.EXE >
[2008/01/20 22:34:43 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\System32\csrss.exe
[2008/01/20 22:34:43 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe
< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: MSWSOCK.DLL >
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\ERDNT\cache\mswsock.dll
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\System32\mswsock.dll
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 22:33:36 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
< MD5 for: NAPINSP.DLL >
[2008/01/20 22:34:16 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\System32\NapiNSP.dll
[2008/01/20 22:34:16 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll
< MD5 for: NLAAPI.DLL >
[2008/01/20 22:33:15 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\System32\nlaapi.dll
[2008/01/20 22:33:15 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_6785f5c70aea4565\nlaapi.dll
< MD5 for: PNRPNSP.DLL >
[2008/01/20 22:35:17 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\System32\pnrpnsp.dll
[2008/01/20 22:35:17 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpnsp.dll
< MD5 for: SERVICES.EXE >
[2008/01/20 22:34:36 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\ERDNT\cache\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
< MD5 for: SVCHOST.EXE >
[2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< MD5 for: USERINIT.EXE >
[2008/01/20 22:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 22:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 22:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WINLOGON.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WINRNR.DLL >
[2009/04/11 02:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\System32\winrnr.dll
[2009/04/11 02:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 05:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\winrnr.dll
< MD5 for: WSHELPER.DLL >
[2006/11/02 05:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\System32\wshelper.dll
[2006/11/02 05:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/09 20:58:51 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/09 20:58:51 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/09 20:58:51 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/09 20:58:55 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/09 20:58:55 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/09 20:58:55 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/09/25 05:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/09/25 05:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/09/25 05:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/09/25 05:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/12 20:31:48 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/12 20:31:48 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/12 20:31:48 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/09 20:58:51 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/09 20:58:51 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/09 20:58:51 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/09 20:58:55 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/09 20:58:55 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/09 20:58:55 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/09/25 05:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/09/25 05:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/09/25 05:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/09/25 05:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/12 20:31:48 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/12 20:31:48 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/12 20:31:48 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< >
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >
OTL Extras logfile created on: 10/6/2012 11:54:11 AM - Run 4
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Lindsay\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.87 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 54.75% Memory free
3.98 Gb Paging File | 2.69 Gb Available in Paging File | 67.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.20 Gb Total Space | 68.87 Gb Free Space | 30.72% Space Free | Partition Type: NTFS
Drive D: | 575.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: SUMMERCAMP20-PC | User Name: Lindsay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Unable to open value key
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{79670A2A-A127-47AE-84F4-FC7FF738D6D8}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{B89AB3DE-162D-4C9C-B4C8-F0776A3187D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F59DE8BB-721D-474F-98BD-B610FAB8A5BD}" = lport=49166 | protocol=6 | dir=in | name=akamai netsession interface |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0750D301-1075-43B1-934A-F7D20EF267EB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{0AB3C233-AC7A-41EE-B55D-905C6DF9536C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{0BA78073-86C8-4030-8D1F-175668BEEF3C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{0E3F966F-DDD1-4CA8-9E5E-006692C4BE6F}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{10D5786B-5CB2-475E-A2F5-D4EAE4251DD2}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{155E65B7-57F0-48B5-8B51-C55B868BB654}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{15E1D63F-A4EB-42BE-A21F-455D136F0082}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{1BB07EF1-51E1-4158-B8BF-334A8AE4D6B1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1C99D370-2A51-4243-BF3E-F53EA3B03716}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{1D928F5D-C318-4F07-9BC2-76F6D056872B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{25DA7DFE-F3DF-4933-A28F-1EA81249398C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{2725CA94-B2D4-4D84-B41B-926A64BEAEAA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{27282627-C9E0-4A74-8816-E30BAC03BB05}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{29984DF0-3778-477D-B427-66B456A07851}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{2AD2DAD1-86A2-4C98-828D-783D8D798701}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{2F00160B-85E3-4054-8D6F-3ADCFE0CEE06}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4491E210-D3B8-48A9-A2A1-7F64ED2866AF}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{46250208-625D-4EBD-BA79-F2EAA6304698}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{515D5AE7-2255-46EC-84FA-FF3D905D2939}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{5C02A992-EE60-4EB1-BEA6-8DBB88545F35}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{5F924961-1C17-4CC2-8DCC-43FAFBCAC24E}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{5FE18143-6DEB-4C84-9FBD-D7C2188B689A}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{616A7ED4-4EF1-46D8-9BB2-7AC6B27B456E}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{69D0FECF-0BD9-4F57-9386-56A9FC1E5CB9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{72B6E631-1411-48E6-A7BF-58278F1CBC25}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{73ACBAD6-1763-4A4E-842E-472A9926DEBC}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{74CCD666-37D5-46AF-8B0B-242B29721925}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7BBA6405-145E-4479-BFAA-F7C574C54E7F}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A2C5F3D1-4F33-43BD-A23A-196E909C3CD9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{AE9C932F-C1CD-497B-9E3B-7E195030C9CB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{B0CF2A17-AB04-4D8B-B67F-BFCBF548B6E2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{B74B819D-9590-4C7A-82BE-BD2C120AC073}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{BF0F773C-A372-48A4-909A-DA317F69B9B0}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BF2E5D63-B792-482E-BFA5-D1F71960277E}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{CE742052-93C7-4D8A-B239-BD6BF9C27A4E}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CF273075-7246-45E7-B6AA-90FE7DB59598}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{DAFEFAFD-2FA7-4A7B-A8BA-E5FEFC63F79C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{DC7C048D-FA15-4224-9E0D-90D14BB92BED}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{E61CA2B4-C9D3-476E-BF61-EE913BCC1905}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{E81DB8ED-F416-42AC-9A34-9CAA4B3E53B6}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{EAF659DF-A79E-4A29-8144-5F68E7807A0F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{FF6CA63C-8259-4C8F-B98A-FADAEFCBDF3A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"TCP Query User{0400A81F-9447-4DDF-B7BE-90BF1FD0539D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{040A37C8-F403-48E5-9352-04A03864AA04}C:\netmarbleglobal\marblestation\nmgdownloader\nmgdownload.exe" = protocol=6 | dir=in | app=c:\netmarbleglobal\marblestation\nmgdownloader\nmgdownload.exe |
"TCP Query User{0C849874-C9D9-445E-8192-3DEC8762216C}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{2535D571-4587-4626-A78C-F24EFFC7E19F}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{2DBF2363-3EC9-4E2E-8C8C-CA4599F42797}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{2FBAC549-0B19-401D-81F3-8D3F8B085810}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{375E7DB6-93BB-440F-9E4F-8256C55ED4BB}C:\program files\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"TCP Query User{38FFB8C8-F9C2-4082-90F1-CBA9052FDFB2}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe |
"TCP Query User{41E3E763-64CB-4209-AA31-5853EBBB2E83}C:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{4CF91A4F-A273-4A83-B940-DE29DBACCC29}C:\users\nathan\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\nathan\appdata\local\akamai\netsession_win.exe |
"TCP Query User{5EEE7CA4-955B-4A7D-9C76-64F790553670}C:\program files\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16605\sc2.exe |
"TCP Query User{63F7075A-A622-4183-A726-653BADC5795B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{6D605771-2BB2-4D2C-9BAF-99E8058917BB}C:\users\nathan\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\nathan\appdata\local\akamai\netsession_win.exe |
"TCP Query User{77F2E537-9C71-4F01-838C-8F90BCEC1FD4}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{ACB114D2-DA75-4D1E-BD87-53539B29B854}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{B8600E13-C528-43C9-82BC-E6FA5B2D757A}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{ECCC3D5F-BB6B-4951-8105-3FD16C47BDBF}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{F0420849-9A90-46E2-BD8A-0BE0CFA84401}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe |
"TCP Query User{F20BDE95-A432-40C3-8DA1-97A22ABB0BF5}C:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"TCP Query User{F5368AA6-24B8-4D7D-A577-6DD10899E75C}C:\program files\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"UDP Query User{0C4F8041-DA30-4E2B-AB0D-3896B283FA95}C:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{135F9354-823F-4996-BABE-33449BCFA54A}C:\users\nathan\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\nathan\appdata\local\akamai\netsession_win.exe |
"UDP Query User{2C78EB7D-9A14-4D78-8381-15761254D9C6}C:\netmarbleglobal\marblestation\nmgdownloader\nmgdownload.exe" = protocol=17 | dir=in | app=c:\netmarbleglobal\marblestation\nmgdownloader\nmgdownload.exe |
"UDP Query User{38F93169-EE78-4A0B-8D48-D4445F5E1421}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{3ACDFD8D-3894-4915-93C5-2AEA1B001190}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{59CFB5C0-0288-460F-A265-CCC96CAF2875}C:\users\nathan\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\nathan\appdata\local\akamai\netsession_win.exe |
"UDP Query User{68A6B155-108B-4E4E-8C0B-99B8B2B0887F}C:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"UDP Query User{84ACA12E-7182-4F88-83D0-004603B8B0D6}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{A8665EC7-7B92-4C63-90FB-6B67B543BADC}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{BD2E3237-3BF1-48AF-BE3F-3316976504DF}C:\program files\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"UDP Query User{C06B9013-F5E3-40EE-BA33-D0F745D3A173}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe |
"UDP Query User{CD2037FF-A319-4CC6-8B79-06396F424AA0}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{D2F54B5C-9303-4871-B439-D5741E694E0C}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe |
"UDP Query User{D5E02B64-4901-4E95-AE69-0C7486E228BD}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{DC4E2BE4-2CB6-4BD6-9978-1E2E0B8EE78E}C:\program files\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"UDP Query User{E23D4106-E10D-440D-8489-8211C3FD3008}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{EE00F8E5-8A39-46B6-8928-37B2CE506830}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{EFBD7DA8-76BA-4F12-B10D-AD8A155FEACA}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{FDA4D09E-90C6-4BD8-94C7-E81E6BADD8CA}C:\program files\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16605\sc2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02034A48-25C6-4BB4-8186-54917E5D49DA}" = SpongeBob SquarePants - Lights, Camera, Pants!
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.3.11
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37003C6E-DC86-4233-B5CE-665D82DFA7EB}" = Backyard Skateboarding
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DD2E9EA-0544-4162-B8BE-E21E994E9F3B}" = LEGO Racers 2
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F87EF36-A373-11D5-AA2E-0008C760B784}" = Monsters Jr
"{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6957E4AA-5D37-437C-9B70-F240C3EB4592}" = Uncharted Waters Online
"{6AF31E48-F4B3-4110-88BB-CA38D625D0B7}" = Uncharted Waters Online
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{808D541D-FDE5-407B-83BE-E4A7689A7A00}" = Trend Micro Web Protection Add-On
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D410AED-607D-492D-B07D-D3ABD1823011}" = ArcSoft Funhouse
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{9534FAC9-E04C-4B5A-871C-A52A783986DB}" = Netmarble Launcher
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BBB19C0-1FE1-4A4E-B25F-C9E1B0497EC5}" = Shaiya(US)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}" = Garmin Communicator Plugin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1983EC1-9919-4D3A-915C-79A3EE94D705}" = Backyard Hockey
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}" = Garmin POI Loader
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Akamai" = Akamai NetSession Interface Service
"Backyard Football 2002" = Backyard Football 2002
"Bugs Bunny Lost In Time" = Bugs Bunny Lost In Time
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Free Studio_is1" = Free Studio version 5.5.0
"Free YouTube Download_is1" = Free YouTube Download version 3.1.27.508
"FreeApp v1" = FreeApps
"Game Booster_is1" = Game Booster
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{C1983EC1-9919-4D3A-915C-79A3EE94D705}" = Backyard Hockey
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"JumpStart Advanced Language Club" = JumpStart Advanced Language Club
"JumpStart Advanced Preschool" = JumpStart Advanced Preschool
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Math Blaster" = Math Blaster
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MP3 Rocket" = MP3 Rocket
"MSC" = McAfee Total Protection
"NetDevil_LEGO_Universe_is1" = LEGO Universe
"Photags Music Express" = iConcepts Music Express
"Picasa2" = Picasa 2
"Pokemon PC 2.0_is1" = Pokemon PC 2.0
"PROHYBRIDR" = 2007 Microsoft Office system
"Protected Folder_is1" = Protected Folder
"Putt-Putt Travels Through Time" = Putt-Putt Travels Through Time
"QuickTime" = QuickTime
"Reader Rabbit Math Ages 6-9" = Reader Rabbit Math Ages 6-9
"RealPlayer 15.0" = RealPlayer
"RollerCoaster Tycoon Setup" = Roll
"Scholastic's I SPY Fantasy" = Scholastic's I SPY Fantasy
"Scholastic's I SPY School Days" = Scholastic's I SPY School Days
"Shop for HP Supplies" = Shop for HP Supplies
"Smart Defrag_is1" = Smart Defrag
"SpongeBob SquarePants Typing" = SpongeBob SquarePants Typing
"Spy Muppets" = Spy Muppets
"SpywareBlaster_is1" = SpywareBlaster 4.4
"StarCraft II" = StarCraft II
"Steam App 8930" = Sid Meier's Civilization V
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Warcraft III" = Warcraft III
"Wheel of Fortune Deluxe" = Wheel of Fortune Deluxe (remove only)
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WT087095" = Big Rig Europe
"WT089127" = Epic Adventures - La Jangada
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10/6/2012 11:35:17 AM | Computer Name = SummerCamp20-PC | Source = WinMgmt | ID = 10
Description =
Error - 10/6/2012 11:37:31 AM | Computer Name = SummerCamp20-PC | Source = VSS | ID = 8194
Description =
< End of report >
Farbar Service Scanner Version: 19-09-2012
Ran by Lindsay (administrator) on 06-10-2012 at 12:34:15
Running from "C:\Users\Lindsay\Desktop"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-20 22:33] - [2008-01-20 22:33] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
# Updated 23/09/2012 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : Lindsay - SUMMERCAMP20-PC
# Boot Mode : Normal
# Running from : C:\Users\Lindsay\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Deleted on reboot : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkidpdfiogmbfogbadljpeeljpildncm
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Lindsay\AppData\Local\funmoods.crx
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\Funmoods
Folder Deleted : C:\Program Files\Playbryte
Folder Deleted : C:\Program Files\PricePeep
Folder Deleted : C:\Program Files\searchresults1
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkidpdfiogmbfogbadljpeeljpildncm
Folder Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki
Folder Deleted : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Folder Deleted : C:\Users\Lindsay\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Lindsay\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Lindsay\AppData\LocalLow\Playbryte
Folder Deleted : C:\Users\Lindsay\AppData\LocalLow\searchresults1
Folder Deleted : C:\Users\Nathan\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Nathan\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Summer Camp 2009\AppData\Local\Temp\{94366e2c-9923-431c-b0d6-747447dd0f2b}
Folder Deleted : C:\Users\Summer Camp 2009\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Summer Camp 2009\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\Summer Camp 2009\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Summer Camp 2009\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Summer Camp 2009\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Summer Camp 2009\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Summer Camp 2009\AppData\Roaming\Mozilla\Firefox\Profiles\ho0x604r.default\extensions\{94366e2c-9923-431c-b0d6-747447dd0f2b}
Folder Deleted : C:\Users\Summer Camp 2009\AppData\Roaming\Mozilla\Firefox\Profiles\ho0x604r.default\extensions\[email protected]
Folder Deleted : C:\Users\Summer Camp 2009\AppData\Roaming\Mozilla\Firefox\Profiles\ho0x604r.default\searchresults1
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registry] *****
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bkidpdfiogmbfogbadljpeeljpildncm
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Funmoods Web Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Playbryte
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{61E0EF7A-9BC0-45ea-9B2F-F3E9F02692BD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{61E0EF7A-9BC0-45ea-9B2F-F3E9F02692BD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods Web Search
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61E0EF7A-9BC0-45ea-9B2F-F3E9F02692BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2384137
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bkidpdfiogmbfogbadljpeeljpildncm
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61E0EF7A-9BC0-45ea-9B2F-F3E9F02692BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Playbryte
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Key Deleted : HKLM\Software\Playbryte
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com/web?l=dis&o=41648007&gct=hp&apn_dtid=^YYYYYY^YY^CA&apn_ptnrs=^8M&apn_uid=0155073995034773&p2=^8M^YYYYYY^YY^CA --> hxxp://www.google.com
-\\ Mozilla Firefox v9.0.1 (en-US)
Profile name : default
File : C:\Users\Summer Camp 2009\AppData\Roaming\Mozilla\Firefox\Profiles\ho0x604r.default\prefs.js
C:\Users\Summer Camp 2009\AppData\Roaming\Mozilla\Firefox\Profiles\ho0x604r.default\user.js ... Deleted !
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=112555&tt=220512_53all&babsr[...]
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=220512_53all");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "1e7e77810000000000000024d23ee356");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "1e7e77810000000000000024d23ee356");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15488");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112555&tt=22051[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:07:06");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Profile name : default
File : C:\Users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\tchnz5cr.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Users\Summer Camp 2009\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.35] : icon_url = "hxxp://search.conduit.com/fav.ico",
Deleted [l.38] : keyword = "search.conduit.com",
Deleted [l.41] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3212692",
Deleted [l.42] : suggest_url = "hxxp://search.conduit.com/"
File : C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [15853 octets] - [05/10/2012 19:01:25]
########## EOF - C:\AdwCleaner[S1].txt - [15914 octets] ##########
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-05 19:20:01
-----------------------------
19:20:01.161 OS Version: Windows 6.0.6002 Service Pack 2
19:20:01.161 Number of processors: 2 586 0xF0D
19:20:01.177 ComputerName: SUMMERCAMP20-PC UserName: Lindsay
19:20:02.206 Initialize success
19:21:05.990 AVAST engine defs: 12100502
19:21:27.986 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:21:27.986 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
19:21:28.001 Disk 0 MBR read successfully
19:21:28.001 Disk 0 MBR scan
19:21:28.017 Disk 0 Windows VISTA default MBR code
19:21:28.017 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:21:28.033 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 229585 MB offset 3074048
19:21:28.095 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 7389 MB offset 473264128
19:21:28.111 Disk 0 scanning sectors +488396800
19:21:28.173 Disk 0 scanning C:\Windows\system32\drivers
19:21:47.299 Service scanning
19:22:18.190 Modules scanning
19:22:26.598 AVAST engine scan C:\Windows
19:22:34.259 AVAST engine scan C:\Windows\system32
19:28:29.600 AVAST engine scan C:\Windows\system32\drivers
19:28:49.787 AVAST engine scan C:\Users\Lindsay
19:39:41.390 File: C:\Users\Lindsay\Downloads\Setup.exe **INFECTED** Win32:Rootkit-gen [Rtk]
19:40:47.178 AVAST engine scan C:\ProgramData
19:52:29.062 Scan finished successfully
20:32:15.331 Disk 0 MBR has been saved successfully to "C:\Users\Lindsay\Desktop\october issues\MBR.dat"
20:32:15.347 The log file has been saved successfully to "C:\Users\Lindsay\Desktop\october issues\aswMBR.txt"
ComboFix 12-10-04.02 - Lindsay 10/05/2012 20:44:10.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1915.938 [GMT -4:00]
Running from: c:\users\Lindsay\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-06 to 2012-10-06 )))))))))))))))))))))))))))))))
.
.
2012-10-06 00:57 . 2012-10-06 00:57 -------- d-----w- c:\users\Summer Camp 2009\AppData\Local\temp
2012-10-06 00:57 . 2012-10-06 00:57 -------- d-----w- c:\users\Nathan\AppData\Local\temp
2012-10-06 00:57 . 2012-10-06 00:58 -------- d-----w- c:\users\Lindsay\AppData\Local\temp
2012-10-06 00:57 . 2012-10-06 00:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-05 22:03 . 2012-10-05 22:03 -------- d-----w- c:\program files\Common Files\Java
2012-10-05 22:02 . 2012-10-05 22:01 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-05 04:50 . 2012-10-05 04:51 -------- d-----w- c:\program files\McAfeeMOBK
2012-10-05 04:50 . 2010-04-14 00:10 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2012-10-05 04:50 . 2012-10-05 04:50 -------- d-----w- c:\program files\McAfee Online Backup
2012-10-05 04:49 . 2012-04-20 20:40 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2012-10-05 04:49 . 2012-09-14 20:26 64832 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
2012-10-05 04:49 . 2012-10-05 04:49 -------- d-----w- c:\users\Lindsay\AppData\Local\McAfee Anti-Theft
2012-10-05 04:49 . 2012-07-17 19:08 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-10-05 04:49 . 2012-07-17 19:12 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-10-05 04:49 . 2012-07-17 19:08 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-10-05 04:49 . 2012-07-17 19:05 360792 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-10-05 04:49 . 2012-07-17 19:05 61912 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-10-05 04:49 . 2012-07-17 19:05 230224 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-10-05 04:48 . 2012-10-05 04:48 -------- d-----w- c:\program files\McAfee.com
2012-10-05 04:40 . 2012-07-17 19:09 166320 ----a-w- c:\windows\system32\mfevtps.exe
2012-10-05 04:37 . 2012-10-05 04:37 -------- d-----w- c:\users\Lindsay\AppData\Local\Macromedia
2012-10-05 04:05 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-10-05 03:57 . 2012-02-11 19:43 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACEF80A1-16AD-44F3-B52D-631839B3C201}\gapaengine.dll
2012-10-05 03:57 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-10-05 03:57 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-10-05 03:56 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-10-05 03:56 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-10-05 03:56 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-10-05 03:56 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-10-05 03:56 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-10-05 03:46 . 2012-09-19 04:59 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CFB2450-DEAE-47E5-9025-9088B8640D9F}\mpengine.dll
2012-10-05 03:43 . 2012-09-19 04:59 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F219359-16D4-468A-947E-CD8F88CEEF13}\mpengine.dll
2012-10-04 23:37 . 2012-10-04 23:37 -------- d-----w- c:\users\Lindsay\AppData\Local\MigWiz
2012-10-01 05:08 . 2012-10-01 05:08 -------- d-----w- c:\users\Lindsay\AppData\Local\Mozilla
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-05 22:01 . 2012-05-03 05:22 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-05 22:01 . 2012-05-03 05:22 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-31 02:03 . 2012-08-31 02:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 02:03 . 2012-03-21 00:44 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-24 15:02 . 2012-08-11 19:48 21840 ----atw- c:\windows\system32\SIntfNT.dll
2012-08-24 15:02 . 2012-08-11 19:48 17212 ----atw- c:\windows\system32\SIntf32.dll
2012-08-24 15:02 . 2012-08-11 19:48 12067 ----atw- c:\windows\system32\SIntf16.dll
2012-08-11 19:48 . 2012-08-11 19:48 1409 ----a-w- c:\windows\QTFont.for
2012-07-17 19:09 . 2012-07-17 19:09 206784 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-07-17 19:07 . 2012-07-17 19:07 554048 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-07-17 19:04 . 2012-07-17 19:04 127992 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-03-10 00:58 . 2011-12-09 01:37 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"NDSTray.exe"="NDSTray.exe" [BU]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"TMWebProtectTray"="c:\program files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe" [2009-09-02 288136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-06-05 296056]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Auto Detect.lnk - c:\program files\iConcepts Music Express\MEAutoDetect.exe [2010-3-20 270336]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-29 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-10 00:57]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-10 00:57]
.
2012-06-24 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
.
2012-10-05 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-01-30 22:17]
.
2012-06-24 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Lindsay\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Lindsay\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 64.71.255.198
FF - ProfilePath - c:\users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\tchnz5cr.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKU-Default-Run-Advanced SystemCare 4 - c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe
AddRemove-Scooby-Doo™, Phantom of the Knight™ - c:\program files\The Learning Company\Scooby-Doo™
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-05 20:58
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????g?R,$??h?????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}"=hex:51,66,7a,6c,4c,1d,38,12,07,04,c9,
0f,40,b3,9a,0c,ed,70,a2,bb,05,11,09,9b
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:1d,e4,e2,89,7d,3e,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,9f,60,5d,f3,43,a2,48,9e,cd,72,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,9f,60,5d,f3,43,a2,48,9e,cd,72,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,9f,60,5d,f3,43,a2,48,9e,cd,72,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-10-05 21:01:59
ComboFix-quarantined-files.txt 2012-10-06 01:01
.
Pre-Run: 73,305,907,200 bytes free
Post-Run: 74,464,067,584 bytes free
.
- - End Of File - - 506D1F6736DB135378397FC8256BED07
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 06/10/2012 11:45:50 AM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 06/10/2012 3:32:37 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 06/10/2012 11:50:52 AM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 06/10/2012 3:37:31 PM
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {8e170d5c-a72b-4a1f-94d2-b7df54cb2467}
Log: 'Application' Date/Time: 06/10/2012 3:35:17 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL logfile created on: 10/6/2012 11:54:11 AM - Run 4
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Lindsay\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.87 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 54.75% Memory free
3.98 Gb Paging File | 2.69 Gb Available in Paging File | 67.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.20 Gb Total Space | 68.87 Gb Free Space | 30.72% Space Free | Partition Type: NTFS
Drive D: | 575.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: SUMMERCAMP20-PC | User Name: Lindsay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/10/02 18:34:30 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Lindsay\Desktop\OTL.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/09/12 12:21:04 | 001,278,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/09/10 21:08:30 | 000,513,888 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MAT\McPvTray.exe
PRC - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2012/08/14 13:58:58 | 000,646,800 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\saUI.exe
PRC - [2012/07/17 15:09:30 | 000,166,320 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2012/07/17 15:05:48 | 000,168,368 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2012/07/17 15:03:46 | 000,200,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2012/06/15 12:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2012/06/05 13:57:25 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/03/09 20:58:55 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/11 12:00:30 | 000,028,766 | ---- | M] (IObit) -- C:\Program Files\IObitBar\toolbar\1.bin\i0barsvc.exe
PRC - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2009/09/02 03:29:54 | 000,288,136 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe
PRC - [2009/09/02 03:29:52 | 000,591,232 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtect.exe
PRC - [2009/07/20 15:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 15:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/11 12:05:06 | 000,685,320 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Web Protection Add-On\TmProxy.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/08/04 17:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2008/07/19 00:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/02 17:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/05/09 15:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/24 16:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/17 03:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/17 03:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 03:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/15 21:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 21:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/08 19:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 17:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/02/06 17:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/12/03 21:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2005/12/28 07:21:37 | 000,270,336 | ---- | M] () -- C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
========== Modules (No Company Name) ==========
MOD - [2012/03/09 20:58:54 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/20 15:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2008/03/06 14:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2007/12/25 16:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007/12/15 01:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/10/10 14:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 14:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2005/12/28 07:21:37 | 000,270,336 | ---- | M] () -- C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
========== Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/10/04 23:15:17 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/10 17:44:06 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012/07/17 15:09:30 | 000,166,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/07/17 15:05:48 | 000,168,368 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/07/17 15:03:46 | 000,200,816 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/06/15 12:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/05/04 09:38:03 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/07/06 19:28:00 | 003,980,648 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/07/11 12:00:30 | 000,028,766 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObitBar\toolbar\1.bin\i0barsvc.exe -- (IObitBarService)
SRV - [2010/06/18 21:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2009/09/02 03:29:52 | 000,591,232 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtect.exe -- (TMWebProtect)
SRV - [2009/07/20 15:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/03/11 12:05:06 | 000,685,320 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Web Protection Add-On\TmProxy.exe -- (TmProxy)
SRV - [2008/08/04 17:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2008/07/19 00:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/17 03:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 19:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/15 21:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/02/06 17:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 21:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Lindsay\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/10/05 22:47:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/09/14 16:26:32 | 000,064,832 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\McPvDrv.sys -- (McPvDrv)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/07/17 15:12:34 | 000,060,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2012/07/17 15:09:42 | 000,206,784 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/07/17 15:08:10 | 000,092,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/07/17 15:07:00 | 000,554,048 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/07/17 15:05:58 | 000,360,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/07/17 15:05:38 | 000,061,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/07/17 15:05:18 | 000,230,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/07/17 15:04:46 | 000,127,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/04/20 16:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/03/11 12:05:20 | 000,083,728 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2008/07/28 19:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/18 22:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 20:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/15 13:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/02 03:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TMPassthru.sys -- (TMPassthruMP)
DRV - [2008/03/02 03:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TMPassthru.sys -- (TMPassthru)
DRV - [2008/01/18 12:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/14 15:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 18:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 17:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 02:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/09 02:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSHB&bmod=TSHB
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{099EF85B-3260-4b87-9239-33355EE6A548}: "URL" = http://results.myway...r={searchTerms}
IE - HKLM\..\SearchScopes\{5D7ECE36-D93B-4DD9-B3A4-71B183018E6D}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{5788BBE2-AAE4-452F-8448-E2918185C310}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{5D7ECE36-D93B-4DD9-B3A4-71B183018E6D}: "URL" = http://www.google.co...&rlz=1I7TSHB_en
IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = Playbryte/search/redirect/?type=default&user_id=1f8cacb7-bf35-4b56-8be4-587c70d1dd74&query={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@IObitBar.com/Plugin: C:\Program Files\IObitBar\toolbar\1.bin\NPi0Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\IObitBar\toolbar\1.bin [2011/05/01 14:58:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/10/05 07:22:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/29 13:40:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/06 22:53:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/09 20:58:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/05 18:10:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2012/10/05 00:49:52 | 000,000,000 | ---D | M]
[2012/10/01 01:08:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lindsay\AppData\Roaming\Mozilla\Extensions
[2012/10/05 18:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\tchnz5cr.default\extensions
[2012/10/05 17:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/03 01:48:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012/03/09 20:58:56 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/05 13:57:51 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/03/09 20:58:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/28 18:11:00 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/06/05 13:58:00 | 000,000,686 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\searchresultstb.xml
[2012/03/09 20:58:51 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U32 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Belly Fat Loss = C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigheomkejbcjibbidhmnafdehjmfdan\3.2.9_0\
CHR - Extension: SiteAdvisor = C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: SiteAdvisor = C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: We Heart It = C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblenkmcolcdonmlfknbpbgjebabcoae\2.1.6_0\
CHR - Extension: We Heart It = C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblenkmcolcdonmlfknbpbgjebabcoae\2.4.4_0\
CHR - Extension: ShopAtHome.com extension = C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp\6.0.5.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
O1 HOSTS File: ([2012/10/05 20:58:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TMWebProtectTray] C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Lindsay\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lindsay\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6099CFF0-8952-40D1-9DB5-CBF03C339178}: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEA9D800-00C2-4C5B-95BF-100AA44EA173}: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img29.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img29.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/02 18:41:32 | 000,094,208 | R--- | M] (Knowledge Adventure) - D:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2005/09/07 12:12:19 | 000,003,930 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: Messenger - Service
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SafeBootNet: mfefirek - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/10/05 22:47:06 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/10/05 21:10:53 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lindsay\Desktop\tdsskiller.exe
[2012/10/05 21:02:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/05 21:02:01 | 000,000,000 | ---D | C] -- C:\Users\Lindsay\AppData\Local\temp
[2012/10/05 20:39:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/05 20:39:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/05 20:39:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/05 20:39:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/05 20:37:18 | 004,762,471 | R--- | C] (Swearware) -- C:\Users\Lindsay\Desktop\ComboFix.exe
[2012/10/05 19:14:57 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Lindsay\Desktop\aswMBR.exe
[2012/10/05 19:11:18 | 000,000,000 | ---D | C] -- C:\Users\Lindsay\Desktop\october issues
[2012/10/05 18:07:20 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/10/05 18:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/10/05 18:02:49 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/10/05 18:02:10 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/10/05 18:02:10 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/10/05 18:02:10 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/10/05 00:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
[2012/10/05 00:50:34 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Online Backup
[2012/10/05 00:50:31 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\Windows\System32\drivers\MOBK.sys
[2012/10/05 00:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2012/10/05 00:49:59 | 000,146,872 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\HipShieldK.sys
[2012/10/05 00:49:55 | 000,064,832 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\McPvDrv.sys
[2012/10/05 00:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/10/05 00:49:43 | 000,000,000 | R-SD | C] -- C:\Users\Lindsay\Documents\McAfee Vaults
[2012/10/05 00:49:43 | 000,000,000 | ---D | C] -- C:\Users\Lindsay\AppData\Local\McAfee Anti-Theft
[2012/10/05 00:49:11 | 000,009,648 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2012/10/05 00:49:05 | 000,360,792 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2012/10/05 00:49:05 | 000,230,224 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2012/10/05 00:49:05 | 000,092,192 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2012/10/05 00:49:05 | 000,061,912 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2012/10/05 00:49:05 | 000,060,480 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2012/10/05 00:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2012/10/05 00:40:31 | 000,166,320 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2012/10/05 00:37:15 | 000,000,000 | ---D | C] -- C:\Users\Lindsay\AppData\Local\Macromedia
[2012/10/05 00:16:52 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/10/05 00:16:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/10/05 00:16:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/10/05 00:16:51 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/10/05 00:16:50 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/10/05 00:16:49 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/10/05 00:16:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/10/05 00:16:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/10/05 00:05:18 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/10/04 23:56:55 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/10/04 19:37:24 | 000,000,000 | ---D | C] -- C:\Users\Lindsay\AppData\Local\MigWiz
[2012/10/03 17:57:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2012/10/03 17:56:39 | 000,693,265 | ---- | C] (Farbar) -- C:\Users\Lindsay\Desktop\FSS.exe
[2012/10/02 18:37:18 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Lindsay\Desktop\OTL.exe
[2012/10/01 01:08:21 | 000,000,000 | ---D | C] -- C:\Users\Lindsay\AppData\Local\Mozilla
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/10/06 11:42:42 | 000,001,746 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2012/10/06 11:41:04 | 000,061,440 | ---- | M] ( ) -- C:\Users\Lindsay\Desktop\VEW.exe
[2012/10/06 11:38:04 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/06 11:35:10 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/06 11:35:10 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/06 11:35:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/06 11:35:01 | 2009,067,520 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/06 11:24:08 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/05 22:47:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/10/05 22:32:22 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2012/10/05 22:21:37 | 000,000,941 | ---- | M] () -- C:\Users\Lindsay\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/10/05 22:21:37 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/05 21:10:56 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lindsay\Desktop\tdsskiller.exe
[2012/10/05 20:58:35 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/05 20:37:20 | 004,762,471 | R--- | M] (Swearware) -- C:\Users\Lindsay\Desktop\ComboFix.exe
[2012/10/05 19:14:13 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Lindsay\Desktop\aswMBR.exe
[2012/10/05 18:49:52 | 000,513,501 | ---- | M] () -- C:\Users\Lindsay\Desktop\adwcleaner.exe
[2012/10/05 18:01:45 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/10/05 18:01:39 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/10/05 18:01:39 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/10/05 18:01:38 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/10/05 18:01:38 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/10/05 18:01:38 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/10/05 18:00:00 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/10/05 00:25:27 | 000,394,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/10/05 00:13:07 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/05 00:13:04 | 000,613,270 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/05 00:13:04 | 000,108,196 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/04 23:25:47 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/10/03 17:52:12 | 000,693,265 | ---- | M] (Farbar) -- C:\Users\Lindsay\Desktop\FSS.exe
[2012/10/03 17:52:00 | 004,009,167 | ---- | M] () -- C:\Users\Lindsay\Desktop\ServicesRepair.exe
[2012/10/02 18:34:30 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Lindsay\Desktop\OTL.exe
[2012/10/01 15:47:38 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2012/09/14 16:26:32 | 000,064,832 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\McPvDrv.sys
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/10/06 11:40:38 | 000,061,440 | ---- | C] ( ) -- C:\Users\Lindsay\Desktop\VEW.exe
[2012/10/05 22:32:22 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2012/10/05 22:21:37 | 000,000,941 | ---- | C] () -- C:\Users\Lindsay\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/10/05 22:21:37 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/05 20:39:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/05 20:39:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/05 20:39:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/05 20:39:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/05 20:39:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/05 18:57:27 | 000,513,501 | ---- | C] () -- C:\Users\Lindsay\Desktop\adwcleaner.exe
[2012/10/05 00:51:54 | 000,001,746 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2012/10/04 19:08:19 | 2009,067,520 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/03 17:56:55 | 004,009,167 | ---- | C] () -- C:\Users\Lindsay\Desktop\ServicesRepair.exe
[2012/08/12 18:30:06 | 000,000,295 | ---- | C] () -- C:\Windows\ka.ini
[2012/08/11 15:48:16 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2012/08/11 15:48:16 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2012/08/11 15:48:16 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2012/08/11 15:48:12 | 000,000,305 | ---- | C] () -- C:\Windows\EReg515.dat
[2012/08/11 15:45:49 | 000,000,909 | ---- | C] () -- C:\Windows\disney.ini
[2012/06/03 15:48:20 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012/06/03 15:46:08 | 000,000,095 | ---- | C] () -- C:\Users\Lindsay\AppData\Local\fusioncache.dat
[2012/06/02 21:54:38 | 000,015,872 | ---- | C] () -- C:\Users\Lindsay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/15 17:35:50 | 000,004,096 | -H-- | C] () -- C:\Users\Lindsay\AppData\Local\keyfile3.drm
[2012/01/14 17:26:14 | 000,022,032 | ---- | C] () -- C:\Windows\DCEBoot.exe
[2011/10/29 13:29:15 | 000,207,226 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011/07/10 18:21:47 | 000,000,075 | ---- | C] () -- C:\Windows\muppets2pc.ini
[2011/07/10 18:21:47 | 000,000,026 | ---- | C] () -- C:\Windows\ESINSTALL.INI
[2010/10/21 20:41:51 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2010/10/09 15:57:59 | 000,017,929 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010/10/09 14:13:17 | 000,000,484 | ---- | C] () -- C:\Windows\eReg.dat
========== ZeroAccess Check ==========
[2006/11/02 08:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD2500BEVS-26VAT0
Partitions: 3
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1.00GB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 224.00GB
Starting Offset: 1573912576
Hidden sectors: 0
DeviceID: Disk #0, Partition #2
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 7.00GB
Starting Offset: 242311233536
Hidden sectors: 0
< %SYSTEMDRIVE%\*.exe >
[2011/08/11 13:06:26 | 002,551,808 | ---- | M] (MarvelQuest) -- C:\MFPatcher.exe
< %systemroot%\assembly\GAC_32\*.ini >
< %systemroot%\assembly\GAC_64\*.ini >
< %SYSTEMDRIVE%\*.exe >
[2011/08/11 13:06:26 | 002,551,808 | ---- | M] (MarvelQuest) -- C:\MFPatcher.exe
< %ALLUSERSPROFILE%\Application Data\*.exe >
< %APPDATA%\*. >
[2012/04/23 00:57:07 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\Adobe
[2012/04/20 10:20:30 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\Apple Computer
[2012/08/11 15:40:54 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\ArcSoft
[2012/06/03 16:25:43 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\DVDVideoSoft
[2012/06/03 16:07:46 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/05/09 22:22:43 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\HP
[2012/03/25 15:39:55 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\Identities
[2012/10/05 18:11:53 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\IObit
[2012/03/25 15:40:47 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\Logitech
[2012/03/25 20:24:28 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\Macromedia
[2012/03/25 15:41:10 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\Malwarebytes
[2012/10/05 00:37:15 | 000,000,000 | --SD | M] -- C:\Users\Lindsay\AppData\Roaming\Microsoft
[2012/10/01 01:08:32 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\Mozilla
[2012/10/05 15:33:53 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\MP3Rocket
[2012/10/04 23:18:50 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\Real
[2012/06/27 07:37:16 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\Sony
[2012/04/20 17:16:20 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\vlc
[2012/08/22 14:25:48 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\WildTangent
[2012/04/15 00:23:49 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\Yahoo!
< MD5 for: ATAPI.SYS >
[2008/03/12 02:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\ERDNT\cache\atapi.sys
[2008/03/12 02:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008/03/12 02:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/03/12 02:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/03/12 02:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
< MD5 for: CSRSS.EXE >
[2008/01/20 22:34:43 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\System32\csrss.exe
[2008/01/20 22:34:43 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe
< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: MSWSOCK.DLL >
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\ERDNT\cache\mswsock.dll
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\System32\mswsock.dll
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 22:33:36 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
< MD5 for: NAPINSP.DLL >
[2008/01/20 22:34:16 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\System32\NapiNSP.dll
[2008/01/20 22:34:16 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll
< MD5 for: NLAAPI.DLL >
[2008/01/20 22:33:15 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\System32\nlaapi.dll
[2008/01/20 22:33:15 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_6785f5c70aea4565\nlaapi.dll
< MD5 for: PNRPNSP.DLL >
[2008/01/20 22:35:17 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\System32\pnrpnsp.dll
[2008/01/20 22:35:17 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpnsp.dll
< MD5 for: SERVICES.EXE >
[2008/01/20 22:34:36 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\ERDNT\cache\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
< MD5 for: SVCHOST.EXE >
[2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< MD5 for: USERINIT.EXE >
[2008/01/20 22:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 22:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 22:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WINLOGON.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WINRNR.DLL >
[2009/04/11 02:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\System32\winrnr.dll
[2009/04/11 02:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 05:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\winrnr.dll
< MD5 for: WSHELPER.DLL >
[2006/11/02 05:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\System32\wshelper.dll
[2006/11/02 05:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/09 20:58:51 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/09 20:58:51 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/09 20:58:51 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/09 20:58:55 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/09 20:58:55 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/09 20:58:55 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/09/25 05:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/09/25 05:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/09/25 05:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/09/25 05:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/12 20:31:48 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/12 20:31:48 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/12 20:31:48 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/09 20:58:51 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/09 20:58:51 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/09 20:58:51 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/09 20:58:55 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/09 20:58:55 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/09 20:58:55 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/09/25 05:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/09/25 05:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/09/25 05:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/09/25 05:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/12 20:31:48 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/12 20:31:48 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/12 20:31:48 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< >
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >
OTL Extras logfile created on: 10/6/2012 11:54:11 AM - Run 4
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Lindsay\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.87 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 54.75% Memory free
3.98 Gb Paging File | 2.69 Gb Available in Paging File | 67.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.20 Gb Total Space | 68.87 Gb Free Space | 30.72% Space Free | Partition Type: NTFS
Drive D: | 575.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: SUMMERCAMP20-PC | User Name: Lindsay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Unable to open value key
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{79670A2A-A127-47AE-84F4-FC7FF738D6D8}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{B89AB3DE-162D-4C9C-B4C8-F0776A3187D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F59DE8BB-721D-474F-98BD-B610FAB8A5BD}" = lport=49166 | protocol=6 | dir=in | name=akamai netsession interface |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0750D301-1075-43B1-934A-F7D20EF267EB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{0AB3C233-AC7A-41EE-B55D-905C6DF9536C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{0BA78073-86C8-4030-8D1F-175668BEEF3C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{0E3F966F-DDD1-4CA8-9E5E-006692C4BE6F}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{10D5786B-5CB2-475E-A2F5-D4EAE4251DD2}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{155E65B7-57F0-48B5-8B51-C55B868BB654}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{15E1D63F-A4EB-42BE-A21F-455D136F0082}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{1BB07EF1-51E1-4158-B8BF-334A8AE4D6B1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1C99D370-2A51-4243-BF3E-F53EA3B03716}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{1D928F5D-C318-4F07-9BC2-76F6D056872B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{25DA7DFE-F3DF-4933-A28F-1EA81249398C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{2725CA94-B2D4-4D84-B41B-926A64BEAEAA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{27282627-C9E0-4A74-8816-E30BAC03BB05}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{29984DF0-3778-477D-B427-66B456A07851}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{2AD2DAD1-86A2-4C98-828D-783D8D798701}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{2F00160B-85E3-4054-8D6F-3ADCFE0CEE06}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4491E210-D3B8-48A9-A2A1-7F64ED2866AF}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{46250208-625D-4EBD-BA79-F2EAA6304698}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{515D5AE7-2255-46EC-84FA-FF3D905D2939}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{5C02A992-EE60-4EB1-BEA6-8DBB88545F35}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{5F924961-1C17-4CC2-8DCC-43FAFBCAC24E}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{5FE18143-6DEB-4C84-9FBD-D7C2188B689A}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{616A7ED4-4EF1-46D8-9BB2-7AC6B27B456E}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{69D0FECF-0BD9-4F57-9386-56A9FC1E5CB9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{72B6E631-1411-48E6-A7BF-58278F1CBC25}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{73ACBAD6-1763-4A4E-842E-472A9926DEBC}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{74CCD666-37D5-46AF-8B0B-242B29721925}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7BBA6405-145E-4479-BFAA-F7C574C54E7F}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A2C5F3D1-4F33-43BD-A23A-196E909C3CD9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{AE9C932F-C1CD-497B-9E3B-7E195030C9CB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{B0CF2A17-AB04-4D8B-B67F-BFCBF548B6E2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{B74B819D-9590-4C7A-82BE-BD2C120AC073}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{BF0F773C-A372-48A4-909A-DA317F69B9B0}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BF2E5D63-B792-482E-BFA5-D1F71960277E}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{CE742052-93C7-4D8A-B239-BD6BF9C27A4E}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CF273075-7246-45E7-B6AA-90FE7DB59598}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{DAFEFAFD-2FA7-4A7B-A8BA-E5FEFC63F79C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{DC7C048D-FA15-4224-9E0D-90D14BB92BED}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{E61CA2B4-C9D3-476E-BF61-EE913BCC1905}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{E81DB8ED-F416-42AC-9A34-9CAA4B3E53B6}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{EAF659DF-A79E-4A29-8144-5F68E7807A0F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{FF6CA63C-8259-4C8F-B98A-FADAEFCBDF3A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"TCP Query User{0400A81F-9447-4DDF-B7BE-90BF1FD0539D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{040A37C8-F403-48E5-9352-04A03864AA04}C:\netmarbleglobal\marblestation\nmgdownloader\nmgdownload.exe" = protocol=6 | dir=in | app=c:\netmarbleglobal\marblestation\nmgdownloader\nmgdownload.exe |
"TCP Query User{0C849874-C9D9-445E-8192-3DEC8762216C}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{2535D571-4587-4626-A78C-F24EFFC7E19F}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{2DBF2363-3EC9-4E2E-8C8C-CA4599F42797}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{2FBAC549-0B19-401D-81F3-8D3F8B085810}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{375E7DB6-93BB-440F-9E4F-8256C55ED4BB}C:\program files\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"TCP Query User{38FFB8C8-F9C2-4082-90F1-CBA9052FDFB2}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe |
"TCP Query User{41E3E763-64CB-4209-AA31-5853EBBB2E83}C:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{4CF91A4F-A273-4A83-B940-DE29DBACCC29}C:\users\nathan\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\nathan\appdata\local\akamai\netsession_win.exe |
"TCP Query User{5EEE7CA4-955B-4A7D-9C76-64F790553670}C:\program files\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16605\sc2.exe |
"TCP Query User{63F7075A-A622-4183-A726-653BADC5795B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{6D605771-2BB2-4D2C-9BAF-99E8058917BB}C:\users\nathan\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\nathan\appdata\local\akamai\netsession_win.exe |
"TCP Query User{77F2E537-9C71-4F01-838C-8F90BCEC1FD4}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{ACB114D2-DA75-4D1E-BD87-53539B29B854}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{B8600E13-C528-43C9-82BC-E6FA5B2D757A}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{ECCC3D5F-BB6B-4951-8105-3FD16C47BDBF}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{F0420849-9A90-46E2-BD8A-0BE0CFA84401}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe |
"TCP Query User{F20BDE95-A432-40C3-8DA1-97A22ABB0BF5}C:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"TCP Query User{F5368AA6-24B8-4D7D-A577-6DD10899E75C}C:\program files\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"UDP Query User{0C4F8041-DA30-4E2B-AB0D-3896B283FA95}C:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{135F9354-823F-4996-BABE-33449BCFA54A}C:\users\nathan\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\nathan\appdata\local\akamai\netsession_win.exe |
"UDP Query User{2C78EB7D-9A14-4D78-8381-15761254D9C6}C:\netmarbleglobal\marblestation\nmgdownloader\nmgdownload.exe" = protocol=17 | dir=in | app=c:\netmarbleglobal\marblestation\nmgdownloader\nmgdownload.exe |
"UDP Query User{38F93169-EE78-4A0B-8D48-D4445F5E1421}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{3ACDFD8D-3894-4915-93C5-2AEA1B001190}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{59CFB5C0-0288-460F-A265-CCC96CAF2875}C:\users\nathan\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\nathan\appdata\local\akamai\netsession_win.exe |
"UDP Query User{68A6B155-108B-4E4E-8C0B-99B8B2B0887F}C:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"UDP Query User{84ACA12E-7182-4F88-83D0-004603B8B0D6}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{A8665EC7-7B92-4C63-90FB-6B67B543BADC}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{BD2E3237-3BF1-48AF-BE3F-3316976504DF}C:\program files\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"UDP Query User{C06B9013-F5E3-40EE-BA33-D0F745D3A173}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe |
"UDP Query User{CD2037FF-A319-4CC6-8B79-06396F424AA0}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{D2F54B5C-9303-4871-B439-D5741E694E0C}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe |
"UDP Query User{D5E02B64-4901-4E95-AE69-0C7486E228BD}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{DC4E2BE4-2CB6-4BD6-9978-1E2E0B8EE78E}C:\program files\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"UDP Query User{E23D4106-E10D-440D-8489-8211C3FD3008}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{EE00F8E5-8A39-46B6-8928-37B2CE506830}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{EFBD7DA8-76BA-4F12-B10D-AD8A155FEACA}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{FDA4D09E-90C6-4BD8-94C7-E81E6BADD8CA}C:\program files\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16605\sc2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02034A48-25C6-4BB4-8186-54917E5D49DA}" = SpongeBob SquarePants - Lights, Camera, Pants!
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.3.11
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37003C6E-DC86-4233-B5CE-665D82DFA7EB}" = Backyard Skateboarding
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DD2E9EA-0544-4162-B8BE-E21E994E9F3B}" = LEGO Racers 2
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F87EF36-A373-11D5-AA2E-0008C760B784}" = Monsters Jr
"{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6957E4AA-5D37-437C-9B70-F240C3EB4592}" = Uncharted Waters Online
"{6AF31E48-F4B3-4110-88BB-CA38D625D0B7}" = Uncharted Waters Online
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{808D541D-FDE5-407B-83BE-E4A7689A7A00}" = Trend Micro Web Protection Add-On
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D410AED-607D-492D-B07D-D3ABD1823011}" = ArcSoft Funhouse
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{9534FAC9-E04C-4B5A-871C-A52A783986DB}" = Netmarble Launcher
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BBB19C0-1FE1-4A4E-B25F-C9E1B0497EC5}" = Shaiya(US)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}" = Garmin Communicator Plugin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1983EC1-9919-4D3A-915C-79A3EE94D705}" = Backyard Hockey
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}" = Garmin POI Loader
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Akamai" = Akamai NetSession Interface Service
"Backyard Football 2002" = Backyard Football 2002
"Bugs Bunny Lost In Time" = Bugs Bunny Lost In Time
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Free Studio_is1" = Free Studio version 5.5.0
"Free YouTube Download_is1" = Free YouTube Download version 3.1.27.508
"FreeApp v1" = FreeApps
"Game Booster_is1" = Game Booster
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{C1983EC1-9919-4D3A-915C-79A3EE94D705}" = Backyard Hockey
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"JumpStart Advanced Language Club" = JumpStart Advanced Language Club
"JumpStart Advanced Preschool" = JumpStart Advanced Preschool
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Math Blaster" = Math Blaster
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MP3 Rocket" = MP3 Rocket
"MSC" = McAfee Total Protection
"NetDevil_LEGO_Universe_is1" = LEGO Universe
"Photags Music Express" = iConcepts Music Express
"Picasa2" = Picasa 2
"Pokemon PC 2.0_is1" = Pokemon PC 2.0
"PROHYBRIDR" = 2007 Microsoft Office system
"Protected Folder_is1" = Protected Folder
"Putt-Putt Travels Through Time" = Putt-Putt Travels Through Time
"QuickTime" = QuickTime
"Reader Rabbit Math Ages 6-9" = Reader Rabbit Math Ages 6-9
"RealPlayer 15.0" = RealPlayer
"RollerCoaster Tycoon Setup" = Roll
"Scholastic's I SPY Fantasy" = Scholastic's I SPY Fantasy
"Scholastic's I SPY School Days" = Scholastic's I SPY School Days
"Shop for HP Supplies" = Shop for HP Supplies
"Smart Defrag_is1" = Smart Defrag
"SpongeBob SquarePants Typing" = SpongeBob SquarePants Typing
"Spy Muppets" = Spy Muppets
"SpywareBlaster_is1" = SpywareBlaster 4.4
"StarCraft II" = StarCraft II
"Steam App 8930" = Sid Meier's Civilization V
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Warcraft III" = Warcraft III
"Wheel of Fortune Deluxe" = Wheel of Fortune Deluxe (remove only)
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WT087095" = Big Rig Europe
"WT089127" = Epic Adventures - La Jangada
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10/6/2012 11:35:17 AM | Computer Name = SummerCamp20-PC | Source = WinMgmt | ID = 10
Description =
Error - 10/6/2012 11:37:31 AM | Computer Name = SummerCamp20-PC | Source = VSS | ID = 8194
Description =
< End of report >
Farbar Service Scanner Version: 19-09-2012
Ran by Lindsay (administrator) on 06-10-2012 at 12:34:15
Running from "C:\Users\Lindsay\Desktop"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-20 22:33] - [2008-01-20 22:33] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
#20
Posted 06 October 2012 - 01:38 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
aswMBR found this file:
C:\Users\Lindsay\Downloads\Setup.exe
If it didn't delete it you should do so manually. I would also remove these SpeedyPC Software tasks and uninstall the program if you can:
c:\windows\Tasks\SpeedyPC Pro.job
c:\windows\Tasks\SpeedyPC Registration3.job
c:\windows\Tasks\SpeedyPC Update Version3.job
You are running two anti-virus programs, McAfee and Microsoft Security Essentials. Two will slow down your PC and they fight each other so pick one and uninstall the other.
If you uninstall McAfee:
Download the McAfee Removal tool
http://download.mcaf...atches/MCPR.exe
(If you think you might want to reinstall McAfee later then follow the instructions here to save your license info:
http://service.mcafe...spx?id=TS100507 )
Uninstall McAfee, run the McAfee uninstall tool, reboot. Verify that your Windows Firewall is working.
How is the PC running now?
C:\Users\Lindsay\Downloads\Setup.exe
If it didn't delete it you should do so manually. I would also remove these SpeedyPC Software tasks and uninstall the program if you can:
c:\windows\Tasks\SpeedyPC Pro.job
c:\windows\Tasks\SpeedyPC Registration3.job
c:\windows\Tasks\SpeedyPC Update Version3.job
You are running two anti-virus programs, McAfee and Microsoft Security Essentials. Two will slow down your PC and they fight each other so pick one and uninstall the other.
If you uninstall McAfee:
Download the McAfee Removal tool
http://download.mcaf...atches/MCPR.exe
(If you think you might want to reinstall McAfee later then follow the instructions here to save your license info:
http://service.mcafe...spx?id=TS100507 )
Uninstall McAfee, run the McAfee uninstall tool, reboot. Verify that your Windows Firewall is working.
How is the PC running now?
#21
Posted 06 October 2012 - 02:20 PM
Ardant
- Topic Starter
-
- Member
-
- 229 posts
Member
When I go to look for the setup file I keep crashing windows explorer.
As for McAfee I use it on all my computers. Is it any better/worse than Windows defender?
I have uninstalled Speedy PC
As for McAfee I use it on all my computers. Is it any better/worse than Windows defender?
I have uninstalled Speedy PC
#22
Posted 06 October 2012 - 03:49 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Copy the next 2 lines :
attrib -r -h -s \Users\Lindsay\Downloads\Setup.exe
del \Users\Lindsay\Downloads\Setup.exe
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied lines should appear. Hit Enter. If you don't get an error then it probably worked.
McAfee is a pretty weak anti-virus. Windows Defender, comes with Windows but is not an anti-virus but I think McAfee turns it off. Microsoft Security Essentials is not Windows Defender but a separate anti-virus. It's actually rated a bit better than McAfee but doesn't have its own firewall so you need Windows Firewall to be running if you just have it. I use the free Avast on my own PCs. If I am feeling paranoid I add the free Online Armor firewall. If you want to pay for an anti-virus then you should get either Kaspersky or Bitdefender. They are the two highest rated anti-viruses.
attrib -r -h -s \Users\Lindsay\Downloads\Setup.exe
del \Users\Lindsay\Downloads\Setup.exe
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied lines should appear. Hit Enter. If you don't get an error then it probably worked.
McAfee is a pretty weak anti-virus. Windows Defender, comes with Windows but is not an anti-virus but I think McAfee turns it off. Microsoft Security Essentials is not Windows Defender but a separate anti-virus. It's actually rated a bit better than McAfee but doesn't have its own firewall so you need Windows Firewall to be running if you just have it. I use the free Avast on my own PCs. If I am feeling paranoid I add the free Online Armor firewall. If you want to pay for an anti-virus then you should get either Kaspersky or Bitdefender. They are the two highest rated anti-viruses.
#23
Posted 07 October 2012 - 06:50 AM
Ardant
- Topic Starter
-
- Member
-
- 229 posts
Member
I tried that but said file couldnt be found.
Windows explorer still crashes in that folder.
It does not seem like there are any other problems.
Any idea what would have caused so much trouble?
Windows explorer still crashes in that folder.
It does not seem like there are any other problems.
Any idea what would have caused so much trouble?
#24
Posted 07 October 2012 - 08:47 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Copy the text in the code box by highlighting and Ctrl + c
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\10072012-some number.log.
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
:files C:\Users\Lindsay\Downloads\Setup.exe :Commands [EMPTYFLASH] [EMPTYJAVA] [purity] [Reboot]
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\10072012-some number.log.
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
#25
Posted 07 October 2012 - 10:59 AM
Ardant
- Topic Starter
-
- Member
-
- 229 posts
Member
OK I tried to run OTL twice. It locked up both times.
Here is the VEW log
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 07/10/2012 12:56:27 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/10/2012 3:03:42 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Log: 'System' Date/Time: 07/10/2012 3:01:23 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/10/2012 3:36:50 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 07/10/2012 3:13:11 PM
Type: Warning Category: 0
Event: 3 Source: Microsoft-Windows-PrintSpooler
Printer PDFCreator was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box.
Log: 'System' Date/Time: 07/10/2012 3:13:10 PM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-PrintSpooler
Printer PDFCreator will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box.
Log: 'System' Date/Time: 06/10/2012 11:23:58 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 06/10/2012 10:28:01 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 06/10/2012 8:21:17 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 06/10/2012 3:32:37 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Here is the VEW log
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 07/10/2012 12:56:27 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/10/2012 3:03:42 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Log: 'System' Date/Time: 07/10/2012 3:01:23 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/10/2012 3:36:50 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 07/10/2012 3:13:11 PM
Type: Warning Category: 0
Event: 3 Source: Microsoft-Windows-PrintSpooler
Printer PDFCreator was deleted, and users will no longer be able to print to this printer. No user action is required. To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box.
Log: 'System' Date/Time: 07/10/2012 3:13:10 PM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-PrintSpooler
Printer PDFCreator will be deleted. No user action is required. To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box.
Log: 'System' Date/Time: 06/10/2012 11:23:58 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 06/10/2012 10:28:01 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 06/10/2012 8:21:17 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 06/10/2012 3:32:37 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
#26
Posted 07 October 2012 - 12:10 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Download ShellExView.
http://www.nirsoft.n...s/shexview.html
Use this download:
http://www.nirsoft.n...xview_setup.exe
Once you get it installed, run it and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot and see if you still get the Explorer crashes.
Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).
# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.
Let's also try the bitdefender quickscan.
http://quickscan.bitdefender.com/
When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc /scannow
(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)
sigverif
Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)
1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application.
Ron
PS. Going out on the boat for a few hours so will be offline.
http://www.nirsoft.n...s/shexview.html
Use this download:
http://www.nirsoft.n...xview_setup.exe
Once you get it installed, run it and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot and see if you still get the Explorer crashes.
Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).
# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.
Let's also try the bitdefender quickscan.
http://quickscan.bitdefender.com/
When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc /scannow
(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)
sigverif
Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)
1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application.
Ron
PS. Going out on the boat for a few hours so will be offline.
#27
Posted 07 October 2012 - 09:38 PM
Ardant
- Topic Starter
-
- Member
-
- 229 posts
Member
OK here we go. Took a while but I think I did all you asked.
ESET Log
C:\Program Files\FreeApps\FreeApps.exe probably a variant of Win32/FreeNew application cleaned by deleting - quarantined
C:\Users\Lindsay\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Users\Summer Camp 2009\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\Summer Camp 2009\Downloads\gamebooster22.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
QuickScan 32-bit v0.9.9.119
---------------------------
Scan date: Sun Oct 07 19:05:27 2012
Machine ID: 1E7E7781
No infection found.
-------------------
Processes
---------
hpwuSchd Application 2808 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
CD/DVD Drive Acoustic Silencer 1684 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
ConfigFree™ 3784 C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
ConfigFree™ Tray 3644 C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
Firefox 4000 C:\Program Files\Mozilla Firefox\firefox.exe
Firefox 4464 C:\Program Files\Mozilla Firefox\plugin-container.exe
GPCore COM object 4236 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
HD Audio Control Panel 2948 C:\Windows\RtHDVCpl.exe
HP Digital Imaging 4204 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
HP Digital Imaging 4164 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
HP Digital Imaging 3480 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Intel® Common User Interface 2116 C:\Windows\System32\hkcmd.exe
Intel® Common User Interface 3296 C:\Windows\System32\igfxext.exe
Intel® Common User Interface 4020 C:\Windows\System32\igfxpers.exe
Intel® Common User Interface 3120 C:\Windows\System32\igfxsrvc.exe
Intel® Common User Interface 3236 C:\Windows\System32\igfxtray.exe
iTunes 368 C:\Program Files\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 4084 C:\Program Files\Common Files\Java\Java Update\jusched.exe
MEAutoDetect Application 1812 C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
Microsoft Security Client 2264 C:\Program Files\Microsoft Security Client\msseces.exe
Microsoft® Windows® Operating System 1396 C:\Windows\explorer.exe
Microsoft® Windows® Operating System 3560 C:\Windows\System32\taskeng.exe
RAID Event Monitor 2016 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
RealPlayer (32-bit) 1260 C:\Program Files\Real\RealPlayer\Update\realsched.exe
Synaptics Pointing Device Driver 300 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
TOSHIBA Flash Cards 3192 C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
TOSHIBA Power Saver 3812 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
TOSHIBA Zooming Utility 288 C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(verified) Microsoft® Windows® Operating System 3020 C:\Program Files\Windows Media Player\wmpnscfg.exe
(verified) Microsoft® Windows® Operating System 1112 C:\Windows\System32\dwm.exe
Network activity
----------------
Process firefox.exe (4000) connected on port 80 (HTTP) --> 64.71.251.152
Process firefox.exe (4000) connected on port 443 (HTTP over SSL) --> 184.73.159.129
Process firefox.exe (4000) connected on port 443 (HTTP over SSL) --> 184.73.159.129
Process firefox.exe (4000) connected on port 80 (HTTP) --> 199.7.57.72
Process firefox.exe (4000) connected on port 80 (HTTP) --> 199.7.57.72
Process firefox.exe (4000) connected on port 80 (HTTP) --> 74.125.226.40
Process firefox.exe (4000) connected on port 80 (HTTP) --> 63.140.35.28
Process firefox.exe (4000) connected on port 80 (HTTP) --> 74.125.226.42
Process firefox.exe (4000) connected on port 80 (HTTP) --> 63.140.35.28
Autoruns and critical files
---------------------------
hpwuSchd Application C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
Apple Push C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
CD/DVD Drive Acoustic Silencer C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
FileHippo.com Update Checker C:\Program Files\FileHippo.com\UpdateChecker.exe
HD Audio Control Panel C:\Windows\RtHDVCpl.exe
HP Digital Imaging C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Intel® Common User Interface C:\Windows\System32\hkcmd.exe
Intel® Common User Interface C:\Windows\system32\igfxdev.dll
Intel® Common User Interface C:\Windows\System32\igfxpers.exe
Intel® Common User Interface C:\Windows\System32\igfxtray.exe
iTunes C:\Program Files\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Logitech Installer C:\Users\Lindsay\AppData\Local\temp\Logitech\SetPoint_1\Setup.exe
Malwarebytes Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
MEAutoDetect Application C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
Microsoft Security Client C:\Program Files\Microsoft Security Client\msseces.exe
Microsoft® Windows® Operating System C:\Windows\system32\BROWSEUI.dll
Microsoft® Windows® Operating System C:\Windows\system32\oobefldr.dll
Microsoft® Windows® Operating System C:\Windows\system32\Ribbons.scr
RAID Event Monitor C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
RealPlayer (32-bit) C:\Program Files\Real\RealPlayer\Update\realsched.exe
Realtek Voice Manager C:\Windows\Skytel.exe
Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
TOSHIBA Flash Cards C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
TOSHIBA Power Saver C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
TOSHIBA Zooming Utility C:\Program Files\Toshiba\SmoothView\SmoothView.exe
Windows® Internet Explorer c:\windows\system32\webcheck.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Browser plugins
---------------
Bitdefender QuickScan C:\Users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\tchnz5cr.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
Garmin Communicator Plug-In C:\Program Files\Garmin GPS Plugin\npGarmin.dll
Google Update C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
HP Smart Web Printing c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
HP Smart Web Printing c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
Java Deployment Toolkit 7.0.70.11 C:\Windows\system32\npDeployJava1.dll
Java™ Platform SE 7 U7 c:\program files\java\jre7\bin\jp2ssv.dll
Java™ Platform SE 7 U7 C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
Java™ Platform SE 7 U7 c:\program files\java\jre7\bin\ssv.dll
McAfee SiteAdvisor C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
Microsoft® Windows Live ID c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
Pando Web Plugin C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
QuickTime Plug-in 5.0.2 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 5.0.2 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 5.0.2 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 5.0.2 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 5.0.2 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
RealNetworks™ Chrome Background Exte C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
RealPlayer Download and Record Plugin c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
RealPlayer Download Plugin C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
RealPlayer Download Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
RealPlayer™ HTML5VideoShim Plug-In ( C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
SDHelper.dll C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\Windows\system32\ieframe.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
Missing files
-------------
File not found: NDSTray.exe
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"NDSTray.exe"
Scan
----
MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files\Bonjour\mdnsNSP.dll
MD5: db5bea73edaf19ac68b2c0fad0f92b1a C:\Program Files\Bonjour\mDNSResponder.exe
MD5: 0923671cf87cd511e46d4668b53f5e76 c:\program files\common files\akamai/netsession_win_5891ae0.dll
MD5: 82cc8f77e9ec61c6b4d48dd4d5ca78e7 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MD5: 24aa9776d6ab032071b61c88089aea59 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MD5: e53b389aabc47a86a41884e94c9a3012 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
MD5: 5f3347eba403ee64780980a5baf10304 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
MD5: 09b7e7cd6f202247b3cf2306108589c2 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: 5a963c340de1a01ba6e24945ce05d16a C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
MD5: f4bc62990e7e5c29799a895b80fc3177 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
MD5: 5e33c164dc7fa74728d8a83036c438bb C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MD5: 26655ca3645c49da4a79ac18fe84ee11 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MD5: 638c7596b493f5f77db9ef6bad8fe46c C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
MD5: 8ba9851e671e8b5e49e303748ffd530c C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
MD5: 2e14406e05789f91c9282ae7cfca3a07 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MD5: a5299d04ed225d64cf07a568a3e1bf8c C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: ab781c0e4c09e08f464081d17c0f6184 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MD5: 12916e0642e92561c98b18a2a2d01b14 C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: 2424231bbd703a677d115c29983b4293 C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
MD5: 785f487a64950f3cb8e9f16253ba3b7b C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
MD5: b21115d236ba6d870804456dea0ce7dc C:\Program Files\Common Files\Steam\SteamService.exe
MD5: 332d341d92b933600d41953b08360dfb C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
MD5: 3d0a2cb20ef05f32d8116bdf52c34d6b C:\Program Files\FileHippo.com\UpdateChecker.exe
MD5: 24d72bbbb64487af7cb32b2d8da03ce5 C:\Program Files\Garmin GPS Plugin\npGarmin.dll
MD5: 5d4bc124faae6730ac002cdb67bf1a1c C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
MD5: 586fdc4e02623ee228ec35b9604ae5f2 C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
MD5: f8d838913c7a84ddb98204e775c3f49e C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll
MD5: 59a15c87764f54cc4e201e114926356b C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll
MD5: fad9e417338bc60375d296c6d649ec86 C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc
MD5: bcd6ff65a80ee7556062ae1fa23261a2 C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll
MD5: 9843f58df3e2908d1fed4df4b8747e51 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
MD5: 4a5b13f3f00f4bc122c45b46f54ffca3 C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll
MD5: 0a3c6aa4a9fc38c20ba4eac2c3351c05 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
MD5: 7e53957e73bfb209d49932a9ddebede4 C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll
MD5: f3f72a2a86c22610bca5439fa789dd52 C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
MD5: 03211597018f96769f7f731039f692e1 C:\Program Files\HP\Digital Imaging\bin\hpqddusr.dll
MD5: 347a39b69ac03b8f56d8807b989f5ca8 C:\Program Files\HP\Digital Imaging\bin\hpqgpb01.dll
MD5: 883008a9b5bff94a153d99dba54cb5c1 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
MD5: cc190b07e357bcd40c2afb57b9a67b7f C:\Program Files\HP\Digital Imaging\bin\hpqgpreh.dll
MD5: b0a41262968dd6fce3933527892d4a24 C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll
MD5: 3c69ce161c7007e9ad53a325492d446a C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll
MD5: 4ad76dbbe1f1361ebaec935d9d3f6a79 C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc
MD5: 55cf0a197dc8972ac829b30acae00e5e C:\Program Files\HP\Digital Imaging\bin\HpqSplh08.dll
MD5: 9e438543222120696c04a39bfac56fb6 C:\Program Files\HP\Digital Imaging\bin\hpqssm08.dll
MD5: d0d99257dddcddbe998af7ca14e85bd0 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
MD5: 9f6258f4166ab24b4b681eb1ed44534c C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll
MD5: 0ee03d901b5dcd3941686b95fcc98c89 C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll
MD5: 640fa356e88422165d95c1f94e943745 C:\Program Files\HP\Digital Imaging\bin\hpqstp08.rsc
MD5: dd1173e82083162858d1d4eaf43ec69b C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll
MD5: 794918ba6d0eeb27c9132f5b90a39c0c C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc
MD5: c0e1d09c01019f27f2b06bba152cdb07 C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll
MD5: b4febbac47297242f04ef7f14fe6df99 C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll
MD5: f0842cf3c0b33c07b2ca1692900f21b4 C:\Program Files\HP\Digital Imaging\bin\hpqwso08.dll
MD5: 568e44f6dcfa173f3670172b69379891 C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
MD5: cbbaf06c2ac8882d239c8dc5bfa197fd C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbevst.dll
MD5: 469cbb61665548a945280599e745bd09 c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
MD5: 21293443961a4e2597453ee7a9347f22 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
MD5: 5abe8b3207130016c5d7aad5a28eeea3 C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
MD5: 0ecc0901aebcb6b5c5c551c67e4e026a C:\Program Files\Intel\Intel Matrix Storage Manager\IAAMon_ENU.dll
MD5: cb686f44bf955ea02520710a56874fa4 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
MD5: 974ee55b9a17d606a783add021aa65ad C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll
MD5: de59a3eb6dd4e0c2384c0b0440c5a003 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: de59a3eb6dd4e0c2384c0b0440c5a003 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: de59a3eb6dd4e0c2384c0b0440c5a003 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: de59a3eb6dd4e0c2384c0b0440c5a003 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: de59a3eb6dd4e0c2384c0b0440c5a003 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 49918803b661367023bf325cf602afdc C:\Program Files\iPod\bin\iPodService.exe
MD5: e4ce6c4ae730e0ec87fc5da4cd1946ad C:\Program Files\iTunes\iTunesHelper.dll
MD5: 0dcac41eb58a45049bd7ff665c32d5f4 C:\Program Files\iTunes\iTunesHelper.exe
MD5: e7be61eb1bde3921ff0cdd24f1535332 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: 93a67ad03fd9c2286a4a5ad9a67f381a C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
MD5: 64151c0799431e0304ae1bd6202131a7 C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
MD5: 87e063f1e676c99b6c1c047794deb115 c:\program files\java\jre7\bin\jp2ssv.dll
MD5: 632f5b29e8c27631e7ac76e330fe2980 C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
MD5: a8ea3f37f4f31e620383f40526e723fe c:\program files\java\jre7\bin\ssv.dll
MD5: 957135960e7533ea5c7ea0bfb34f8efd C:\Program Files\Jumpstart\jswpsapi.exe
MD5: 1a5e2abf3277b8e3ecfc62a0ca352483 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
MD5: 0dbee38060475a4c3e04d3b908aec0b9 C:\Program Files\Microsoft Security Client\EppManifest.dll
MD5: 84204fda617a3611d510a1dcbae64004 C:\Program Files\Microsoft Security Client\mpclient.dll
MD5: e077fca2a7e79fb9bf67d3e30b5ce593 c:\Program Files\Microsoft Security Client\MsMpEng.exe
MD5: 7e1b0c85b7347d9391fe60f6dadfddf0 C:\Program Files\Microsoft Security Client\msseces.exe
MD5: 3b846434055f80d9e89d0742f3adad34 c:\Program Files\Microsoft Security Client\NisSrv.exe
MD5: 711a2e6a55ec7bfd59b5f649d58b704b c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
MD5: bd5fc9f3ef6ce0e4e149e9825285974d C:\Program Files\Mozilla Firefox\components\browsercomps.dll
MD5: 4f69aabb5d82aa4ef6dff7871212adf6 C:\Program Files\Mozilla Firefox\firefox.exe
MD5: 2c83614ca5c79d7f75c65e79fcabb257 C:\Program Files\Mozilla Firefox\freebl3.dll
MD5: 3817d77e8371f2b8bfab4653fb23230c C:\Program Files\Mozilla Firefox\mozalloc.dll
MD5: 0993ab4dc534b208c5557d0586195589 C:\Program Files\Mozilla Firefox\mozglue.dll
MD5: 97258f0898f8e3f3d154ce1dd71fd50b C:\Program Files\Mozilla Firefox\mozjs.dll
MD5: f8d269cb2edd02963adab1065352487d C:\Program Files\Mozilla Firefox\mozsqlite3.dll
MD5: 1200b011ad494a9e41d882143deb9d68 C:\Program Files\Mozilla Firefox\nspr4.dll
MD5: 6d8f7647f8eadb1f0d003b13ac7aff8b C:\Program Files\Mozilla Firefox\nss3.dll
MD5: 4eb7702ea671448197af4ca2b0d6f7d0 C:\Program Files\Mozilla Firefox\nssckbi.dll
MD5: 77685eccd3cc603c49fb6df510f2d191 C:\Program Files\Mozilla Firefox\nssdbm3.dll
MD5: cbbaa8d5109e5c51c241482be107d1b2 C:\Program Files\Mozilla Firefox\nssutil3.dll
MD5: e52f9b31aea7458e415616b88f41d6b6 C:\Program Files\Mozilla Firefox\plc4.dll
MD5: 65d434a6ead6152acffca952121b8fa2 C:\Program Files\Mozilla Firefox\plds4.dll
MD5: a7b6857b7503d9ca4f40d17a7ebb67fb C:\Program Files\Mozilla Firefox\plugin-container.exe
MD5: 4d96a92905be968000b6470996e670a7 C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
MD5: 90492e00ee4c916123bec5d267894e8c C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
MD5: 1291beebb50451c80bf7719612196508 C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
MD5: 25a86a8d2a66b599800d3530dc8ca4af C:\Program Files\Mozilla Firefox\smime3.dll
MD5: 9a0f86431a4304985a6a32356d8a1e5a C:\Program Files\Mozilla Firefox\softokn3.dll
MD5: 49c2a8dbd535ec9ff202aca627c3ec6a C:\Program Files\Mozilla Firefox\ssl3.dll
MD5: ed866bd9b4f737c4e798eb92dca30931 C:\Program Files\Mozilla Firefox\xpcom.dll
MD5: cbe42bf86e34fbb1ca197da60b024792 C:\Program Files\Mozilla Firefox\xul.dll
MD5: 96aa8ba23142cc8e2b30f3cae0c80254 C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
MD5: 0efa66e9384dbced4d639fb9bdd97536 C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
MD5: 4d96a92905be968000b6470996e670a7 C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
MD5: 90492e00ee4c916123bec5d267894e8c C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
MD5: 1291beebb50451c80bf7719612196508 C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
MD5: 8e53b67fa3816e854b07c5dc66e10730 C:\Program Files\Real\RealPlayer\Update\realsched.exe
MD5: 98888488d0e6db0256e5e661bcd35eb6 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MD5: d154305de6090e6e84e525f84bb08a06 C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
MD5: 7df1e7b35c39d656850cfe237503f3f7 C:\Program Files\Toshiba\ConfigFree\CFP2API.dll
MD5: d10d01b2dfcd8d2f32a32ed29e8da1c2 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
MD5: 9a815510679c7ecd04ed194a9c9c25e5 C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
MD5: 53835c26153df03322b6378addf070b4 C:\Program Files\Toshiba\ConfigFree\CFUPNP.dll
MD5: e02b05f518925555ba3bfd0bd8302a82 C:\Program Files\Toshiba\ConfigFree\CFWLAPI.dll
MD5: bb2666ac49d3d28c78106ef066ea2e24 C:\Program Files\Toshiba\ConfigFree\IpAdrSet.dll
MD5: ed3c13747a5a0455f4c1a019451c1225 C:\Program Files\Toshiba\ConfigFree\NDSAPI.dll
MD5: ab62a8f77c0e2ec8bfdac6bb379b3ecb C:\Program Files\Toshiba\ConfigFree\NDSNLS.dll
MD5: 0172f917a624d08620a8ae94f5950a30 C:\Program Files\Toshiba\ConfigFree\NDSParts.dll
MD5: 6e3fefb74326a230237613f2b035c71f C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
MD5: 250c1c68e4747c2c831beae3c10ad432 C:\Program Files\Toshiba\ConfigFree\notify\NotifyCFF86.dll
MD5: 7a3e47a6f167e6b9835a6dc2ca20c9d8 C:\Program Files\Toshiba\ConfigFree\OpenProp.dll
MD5: 76f61061e321edf35b8916b6dd66cc35 C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MD5: 85fe1337101b9f9fd5e2ab865ad6c77f C:\Program Files\TOSHIBA\FlashCards\FnSticky.dll
MD5: 2240e4aa3910a1a6cbe168c66dad2824 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnEsc.dll
MD5: aa6bd503a41ae158efba851965a40fe9 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF1.dll
MD5: af9f38a0c5e790bb7f85bfaceec88442 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF3.dll
MD5: 9d5270bf2caaf1a4bc2d6b970576abe0 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF4.dll
MD5: 7c88e3cc3c53939fadfe4e6f2e570849 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF5.dll
MD5: 149551a6bea760da03e1db630a2cf053 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF67.dll
MD5: 75996e5e864b8baa2da1639d995d8e76 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF8Dll.dll
MD5: 6c7722cad2517c6170f3c4bcc5224286 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF9.dll
MD5: e34ecafcdcb2be66ed651c363e0f216a C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnSpace.dll
MD5: 6dc04e1ddb48ed7397d1597c737bc106 C:\Program Files\Toshiba\FlashCards\TCrdEvnt.dll
MD5: 8909e1a7c0c5167af378e143bc413fba C:\Program Files\Toshiba\FlashCards\TCrdMain.dll
MD5: f0cf4d72581b1e0b528086e9fb5da23b C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
MD5: 066b00871ece0e36f5658bb675eaf7fa C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MD5: f272269c4de5724151fcbdd4d757d3a8 C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MD5: da341a36236916c522ba6f06dbd07347 C:\Program Files\Toshiba\Power Saver\T1394Pwr.dll
MD5: 474b0c3abeae5e0b213699834a8356e7 C:\Program Files\Toshiba\Power Saver\TCooling.dll
MD5: 709b5f132d3f8607f38c8eb6c7b95b8f C:\Program Files\TOSHIBA\Power Saver\TFunc2.DLL
MD5: 4e29ed8e7072f363bfb6613e02a73906 C:\Program Files\TOSHIBA\Power Saver\TFunctab.DLL
MD5: b3693a331802d4f49b4f881c24137034 C:\Program Files\TOSHIBA\Power Saver\TOddPwr.dll
MD5: 44dbac611b11646683b5b066a049b8e4 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
MD5: 738cb2e3f180bce49bb0985865f68b8e C:\Program Files\Toshiba\Power Saver\TPwrFunc.dll
MD5: 8a75c36eee9ba57fbe09f6dcb8fc8d10 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
MD5: e08ff9e0dc5f604b89d8625fc91e0532 C:\Program Files\Toshiba\Power Saver\TPwrReg.dll
MD5: d1fb23fff60528efe5b32d14bde9777a C:\Program Files\TOSHIBA\Power Saver\TPwrSrv.dll
MD5: 0b2ec9add2b3057303f0d96025695875 C:\Program Files\Toshiba\Power Saver\TSDPwr.dll
MD5: 0f539f3af677e2a6e2dca1f7ae949b10 C:\Program Files\TOSHIBA\Power Saver\TtosFunc.dll
MD5: 22690dffc7f2a18279a7a0489aa02bac C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
MD5: 7a45905b462f6ae857e4566f3831aeb6 C:\Program Files\TOSHIBA\SmoothView\NotifyTZU.dll
MD5: 4ed320668a36ef72bc2a4b84f10353a9 C:\Program Files\Toshiba\SmoothView\SmoothView.exe
MD5: 5d29764082133f302126c85ab96acb80 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
MD5: 311f8c91193b851104dd140966d6aea1 C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MD5: c62cf532f92bd43b436bb1f0550722dc C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MD5: 89f74c86523f5e334628dbce66e6d165 C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
MD5: e09caafb2b323a6ff120cefb96da0a44 C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
MD5: f92fa005b7ed96502dadbce0bbd49815 C:\Program Files\TOSHIBA\Utilities\NotifyX.dll
MD5: 642d2e6b9e57c8094e6114131916fdb7 C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll
MD5: e51ec9e9d0e657a2899ebbe0f9fe97f9 C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Common\rpcommon150browserrecordplugin.dll
MD5: 3de544a34b868038bc704cef76c40a09 c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
MD5: 10737b44923217bc0e67d26a9fc1f0aa C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
MD5: 2645990c521342dcd08963d2df6cd0d2 C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
MD5: a7230c095e646fd97c52d094be07467b C:\PROGRA~1\IObitBar\toolbar\1.bin\i0barsvc.exe
MD5: 4855287dc6f5b5a715ec149543b1a22c C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
MD5: 3fce83869508101e94ef23bb8d028bfd C:\Users\Lindsay\AppData\Local\temp\Logitech\SetPoint_1\Setup.exe
MD5: c9e3864fb9cbfa93d9010bcfe18a5697 C:\Users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\tchnz5cr.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 6c887e9ba3ae7f62635f098bfc9853cd C:\Windows\RtHDVCpl.exe
MD5: c8612e58fb7fcfa5eea4e39f7b8cbc17 C:\Windows\Skytel.exe
MD5: e9b9c1b98c8d6d48407e1c1203eac659 C:\Windows\system32\adsldpc.dll
MD5: 39e435c90c9c4f780fa0ed05ca3c3a1b C:\Windows\system32\agrsmsvc.exe
MD5: 74f26fc01b180d4a99a168ed69c30a53 C:\Windows\system32\cmd.exe
MD5: 93e317d7ad783d8eaee2e3500bfe889d C:\Windows\system32\credui.dll
MD5: f180ede9cfc3ff218d4b45155119f4d9 C:\Windows\system32\CRYPT32.dll
MD5: 75c6a297e364014840b48eccd7525e30 C:\Windows\system32\cryptsvc.dll
MD5: 85e861d0b88db2b54acb0839654c09f7 C:\Windows\system32\DNSAPI.dll
MD5: 57d762f6f5974af0da2be88a3349baaa C:\Windows\System32\dnsrslvr.dll
MD5: 062373995eae5f0eac9eaa9192136bfb C:\Windows\system32\dnssd.dll
MD5: 3911b972b55fea0478476b2e777b29fa C:\Windows\system32\drivers\afd.sys
MD5: ce91b158fa490cf4c4d487a4130f4660 C:\Windows\system32\DRIVERS\AGRSM.sys
MD5: 0d83c87a801a3dfcd1bf73893fe7518c C:\Windows\system32\drivers\atapi.sys
MD5: 8be56f8300e1c37b578da23c71816b7a C:\Windows\system32\DRIVERS\athr.sys
MD5: 35f376253f687bde63976ccb3f2108ca C:\Windows\system32\DRIVERS\bowser.sys
MD5: 622c41a07ca7e6dd91770f50d532cb6c C:\Windows\System32\Drivers\dfsc.sys
MD5: 4f59c172c094e1a1d46463a8dc061cbd C:\Windows\system32\DRIVERS\Dot4.sys
MD5: 80bf3ba09f6f2523c8f6b7cc6dbf7bd5 C:\Windows\system32\DRIVERS\Dot4Prt.sys
MD5: c55004ca6b419b6695970dfe849b122f C:\Windows\system32\DRIVERS\dot4usb.sys
MD5: c68ac676b0ef30cfbb1080adce49eb1f C:\Windows\System32\drivers\dxgkrnl.sys
MD5: cbc22823628544735625b280665e434e C:\Windows\system32\DRIVERS\FwLnk.sys
MD5: d61e53e3fec0c92bc8dd3969fad63f87 C:\Windows\system32\drivers\HipShieldK.sys
MD5: db0cc620b27a928d968c1a1e9cd9cb87 C:\Windows\system32\DRIVERS\iaStor.sys
MD5: 6fb1858d1f0923d122b0331865695041 C:\Windows\system32\DRIVERS\igdkmd32.sys
MD5: 11ad410f41af42ba12e63187e3ec141a C:\Windows\system32\DRIVERS\jswpslwf.sys
MD5: e8ca038f51f7761bd6e3a3b0b8014263 C:\Windows\system32\drivers\kr10i.sys
MD5: 6a4adb9186dd0e114e623daf57e42b31 C:\Windows\system32\drivers\kr10n.sys
MD5: 4a1445efa932a3baf5bdb02d7131ee20 C:\Windows\System32\Drivers\ksecdd.sys
MD5: ee728af83850ddad9a3fcac0aab3ad97 C:\Windows\system32\DRIVERS\MpFilter.sys
MD5: 1e94971c4b446ab2290deb71d01cf0c2 C:\Windows\system32\DRIVERS\mrxsmb.sys
MD5: 4fccb34d793b116423209c0f8b7a3b03 C:\Windows\system32\DRIVERS\mrxsmb10.sys
MD5: c3cb1b40ad4a0124d617a1199b0b9d7c C:\Windows\system32\DRIVERS\mrxsmb20.sys
MD5: f70590424eefbf5c27a40c67afdb8383 C:\Windows\system32\drivers\msahci.sys
MD5: 2cd24a6af497d0e9b9bf3da924ed05e6 C:\Windows\system32\DRIVERS\NisDrvWFP.sys
MD5: b9c2b89f08670e159f7181891e449cd9 C:\Windows\System32\drivers\partmgr.sys
MD5: b9cbd3dea7ca02868621173bf7a2af9f C:\Windows\system32\drivers\RTKVHDA.sys
MD5: 7157e70a90cce49deb8885d23a073a39 C:\Windows\system32\DRIVERS\Rtlh86.sys
MD5: 9ff7d9cf3a5f296613588b0e8db83afe C:\Windows\system32\drivers\RTSTOR.SYS
MD5: 41987f9fc0e61adf54f581e15029ad91 C:\Windows\System32\DRIVERS\srv.sys
MD5: ff33aff99564b1aa534f58868cbe41ef C:\Windows\System32\DRIVERS\srv2.sys
MD5: 7605c0e1d01a08f3ecd743f38b834a44 C:\Windows\System32\DRIVERS\srvnet.sys
MD5: 55f6e55cc2430ca8713387106fa79817 C:\Windows\system32\DRIVERS\SynTP.sys
MD5: ee7e10bed85c312c1d5d30c435bdda9f C:\Windows\System32\drivers\tcpip.sys
MD5: 2c2d4cff5e09c73908f9b5af49a51365 C:\Windows\System32\drivers\tcpipreg.sys
MD5: 6fdfba25002ce4bac463ac866ae71405 C:\Windows\system32\DRIVERS\tdcmdpst.sys
MD5: 4399a9bf7d8f49991a07fd86590a1619 C:\Windows\system32\DRIVERS\tos_sps32.sys
MD5: 792a8b80f8188aba4b2be271583f3e46 C:\Windows\system32\DRIVERS\TVALZ_O.SYS
MD5: 83cafcb53201bbac04d822f32438e244 C:\Windows\System32\Drivers\usbaapl.sys
MD5: cabd1b34bd05c986b4dbc18bc0e947ee C:\Windows\system32\dwrite.dll
MD5: 8ce364388c8eca59b14b539179276d44 C:\Windows\system32\FntCache.dll
MD5: 7a137514f4e48ecdbdd1f29cf7e8d5a4 C:\Windows\system32\GLU32.dll
MD5: b669adb56abe22ba2b69a96d6cee8508 C:\Windows\System32\hccutils.DLL
MD5: eb7f7f7dba47fdc1e2fa386b00da0f90 C:\Windows\System32\hkcmd.exe
MD5: 510c138564486ff926a3f773205c63d1 C:\Windows\system32\HPZinw12.dll
MD5: 37e5e8ffbad35605daeec3224ea0e465 C:\Windows\system32\HPZipm12.dll
MD5: b1c979c02fe013b2b9c0717c26ae1485 C:\Windows\system32\hpzipr12.dll
MD5: 0ba3f31e2b4d8d99df8dd19e81155374 C:\Windows\system32\ieframe.dll
MD5: eb8a00e8e9931a7ec04f920b09d880d8 C:\Windows\system32\iertutil.dll
MD5: 238c3965dd2e6d2c59d79a3125ce8a0a C:\Windows\system32\igdumd32.dll
MD5: 27c03e086b8794d1f4032a4f99ee3e22 C:\Windows\system32\igdumdx32.dll
MD5: 9e816aeedb04745c3f3d74dde90bd79a C:\Windows\system32\igfxdev.dll
MD5: a80d1ce4caf57acce8009ae80b6a47ec C:\Windows\system32\igfxexps.dll
MD5: cf8ca02425efa12ba122291a9780ec65 C:\Windows\System32\igfxext.exe
MD5: 8ef0123b03f1ddd8a618eb1d0ba71f54 C:\Windows\System32\igfxpers.exe
MD5: 13cc964e280c9a15636acbe5c4e5a575 C:\Windows\system32\igfxrENU.lrc
MD5: d87d76a514d99e70d122cd96eadc5353 C:\Windows\System32\igfxress.dll
MD5: 720c8ee22b359ed438bda19f6f603345 C:\Windows\system32\igfxsrvc.dll
MD5: 7ce0beb1da5628c128eb8782a6fe1747 C:\Windows\System32\igfxsrvc.exe
MD5: d4c7c8129b2edcf1af96a643a11ed5ee C:\Windows\system32\igfxTMM.dll
MD5: f61200a4b3e6e781de8b5653517566d7 C:\Windows\System32\igfxtray.exe
MD5: eb49faa5ebbc06356fb12476438781b9 C:\Windows\system32\imagehlp.dll
MD5: 509d846fdf0c83158ed5970de751364c C:\Windows\system32\jsproxy.dll
MD5: 574b473facaa0e91702b86578440b525 C:\Windows\system32\kernel32.dll
MD5: a3e186b4b935905b829219502557314e C:\Windows\system32\lsass.exe
MD5: bf142d4f8c61ed3629a9cdd7ba867900 C:\Windows\system32\mfplat.dll
MD5: 56e315acfb08a177b4d01e42b9044db5 C:\Windows\system32\MPRAPI.dll
MD5: ff41e1ac301f51e16f61ad7c0f45467c C:\Windows\System32\msshsq.dll
MD5: 17af64d727545f2804f6e6d998327e3f C:\Windows\system32\msvcrt.dll
MD5: 6abd253226770eae1292b4c945ed4b4b C:\Windows\System32\msxml3.dll
MD5: 188cc19108b0ebd6332d6628d4ede469 C:\Windows\system32\ncrypt.dll
MD5: 98b656eaf128cd06f625b09c84d959e1 C:\Windows\system32\NETAPI32.dll
MD5: ab87c54ca19675880b0cae65b8af140c C:\Windows\system32\npDeployJava1.dll
MD5: dda770bbd7c2ed024d6f50e279d90e5b C:\Windows\system32\ntdll.dll
MD5: 9586e7cb2255a8b097a7e4538202585e C:\Windows\system32\ole32.dll
MD5: dc15ab7168c0309d8f04fd95b6240422 C:\Windows\system32\OLEACC.dll
MD5: b218342214d9bba0f54ea12ba2e9278c C:\Windows\system32\OLEAUT32.dll
MD5: b55e77bb01e85d2ca2c4b8424e1df345 C:\Windows\system32\OPENGL32.dll
MD5: 2dd6af8e97f59c9d39329bbc2a81f13f C:\Windows\system32\RASDLG.dll
MD5: 5a32d90a3d3d63e9011869a07a720ab3 C:\Windows\system32\Ribbons.scr
MD5: ab530fdd34c67b497a20171d1234cfe9 C:\Windows\system32\RICHED32.DLL
MD5: 50e3e76b0901bb4fc029bb88bfa5ce79 C:\Windows\system32\schannel.dll
MD5: 1a58069db21d05eb2ab58ee5753ebe8d C:\Windows\system32\schedsvc.dll
MD5: d602fedbd9155fc2ded6863fb60c950f C:\Windows\system32\Secur32.dll
MD5: 167ac31450c0c53a01fa1491e94d7678 C:\Windows\system32\SHDOCVW.dll
MD5: aaf101900a23d75ae1ae00840fa6f3b8 C:\Windows\system32\SHELL32.dll
MD5: 9176285122b7b849fec2aa1b72a8f7a8 C:\Windows\system32\SHLWAPI.dll
MD5: c7230fbee14437716701c15be02c27b8 C:\Windows\System32\shsvcs.dll
MD5: 8554097e5136c3bf9f69fe578a1b35f4 C:\Windows\System32\spoolsv.exe
MD5: 1bf5eebfd518dd7298434d8c862f825d C:\Windows\System32\srvsvc.dll
MD5: b5950df243837d8217f4e597919b224a C:\Windows\system32\stobject.dll
MD5: 4f4703d7281b95c2b07cce670b52c38c C:\Windows\system32\SynCOM.dll
MD5: 98889275ae552574a8cf6e8dd8f65f75 C:\Windows\system32\SynTPAPI.dll
MD5: 3e4239b92139f7174a0da7d53fe5e1ab C:\Windows\System32\sysprep\PEDrv.sys
MD5: bfa034aac103d8a6f591ac9364688339 C:\Windows\system32\t2embed.dll
MD5: 3d50c4b10352367d5cb20ed1f50f8da2 C:\Windows\System32\taskeng.exe
MD5: 52e129522c1775dbb8cc252e7a0655c7 C:\Windows\system32\taskschd.dll
MD5: c5ac715b65b01788abc22d10749dddd8 C:\Windows\system32\TODDSrv.exe
MD5: 9fac0f6d5f3d922db294e30cd3f62369 C:\Windows\system32\urlmon.dll
MD5: 80fff14f1757b9af8be9d314fc1ae88b C:\Windows\system32\USP10.dll
MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\system32\webcheck.dll
MD5: dbd02e3e6f061ebbbf9b99a9d7cba30b C:\Windows\System32\winhttp.dll
MD5: 5553611e2f9ea6f613079177f1233068 C:\Windows\system32\WININET.dll
MD5: 14ff750efe13b0c21e5a06507c3a97b1 C:\Windows\system32\WINMM.dll
MD5: 3fcb7347d2de38488c85a31ea7838a3c C:\Windows\system32\WinSATAPI.dll
MD5: 5ec8fb83f31aa2d6f421f02c3f4f4475 C:\Windows\system32\winspool.drv
MD5: e253e5da1249a471d913f7ea4c81faf6 C:\Windows\system32\WINTRUST.dll
MD5: fc3ec24fce372c89423e015a2ac1a31e C:\Windows\system32\wuaueng.dll
MD5: 1908cc7673f72601affdca022689cedf C:\Windows\system32\XmlLite.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: 1f5afd468eb5e09e9ed75a087529eab5 C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
MD5: 28a09777d2d952122567a8a82f1a2c7b C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
MD5: 58a14c45a5cd2528f10a889e7b0c3fc2 C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.DLL
MD5: 665e22ce8ffb51925b30925a5985e174 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa\MSVCP90.dll
MD5: 07a96cf6dd46e76c894ea5483c0e5f96 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa\MSVCR90.dll
MD5: ca6ade4f7761bb15b3325356dc3b82bb C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL
MD5: 35acd5ea63d75e97dd0e9a1629e582b2 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll
MD5: be3c082837866c4c291adaf163c10ea6 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MD5: 76eaef4ddebbc7c38853f586c0e91dce C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll
No file uploaded.
Scan finished - communication took 2 sec
Total traffic - 0.01 MB sent, 1.52 KB recvd
Scanned 757 files and modules - 44 seconds
==============================================================================
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 07/10/2012 11:25:42 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/10/2012 11:37:58 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Sigverif only showed:
perdrv.sys from Jan 18 2008 as not signed but also indincated:
2 files not scanned
When the disk check was performed and finished (I guess) it ended with the blinking curser. I had to power off and reboot. Do not know if this means anything but thought I would mention it.
ESET Log
C:\Program Files\FreeApps\FreeApps.exe probably a variant of Win32/FreeNew application cleaned by deleting - quarantined
C:\Users\Lindsay\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Users\Summer Camp 2009\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\Summer Camp 2009\Downloads\gamebooster22.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
QuickScan 32-bit v0.9.9.119
---------------------------
Scan date: Sun Oct 07 19:05:27 2012
Machine ID: 1E7E7781
No infection found.
-------------------
Processes
---------
hpwuSchd Application 2808 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
CD/DVD Drive Acoustic Silencer 1684 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
ConfigFree™ 3784 C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
ConfigFree™ Tray 3644 C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
Firefox 4000 C:\Program Files\Mozilla Firefox\firefox.exe
Firefox 4464 C:\Program Files\Mozilla Firefox\plugin-container.exe
GPCore COM object 4236 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
HD Audio Control Panel 2948 C:\Windows\RtHDVCpl.exe
HP Digital Imaging 4204 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
HP Digital Imaging 4164 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
HP Digital Imaging 3480 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Intel® Common User Interface 2116 C:\Windows\System32\hkcmd.exe
Intel® Common User Interface 3296 C:\Windows\System32\igfxext.exe
Intel® Common User Interface 4020 C:\Windows\System32\igfxpers.exe
Intel® Common User Interface 3120 C:\Windows\System32\igfxsrvc.exe
Intel® Common User Interface 3236 C:\Windows\System32\igfxtray.exe
iTunes 368 C:\Program Files\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 4084 C:\Program Files\Common Files\Java\Java Update\jusched.exe
MEAutoDetect Application 1812 C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
Microsoft Security Client 2264 C:\Program Files\Microsoft Security Client\msseces.exe
Microsoft® Windows® Operating System 1396 C:\Windows\explorer.exe
Microsoft® Windows® Operating System 3560 C:\Windows\System32\taskeng.exe
RAID Event Monitor 2016 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
RealPlayer (32-bit) 1260 C:\Program Files\Real\RealPlayer\Update\realsched.exe
Synaptics Pointing Device Driver 300 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
TOSHIBA Flash Cards 3192 C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
TOSHIBA Power Saver 3812 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
TOSHIBA Zooming Utility 288 C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(verified) Microsoft® Windows® Operating System 3020 C:\Program Files\Windows Media Player\wmpnscfg.exe
(verified) Microsoft® Windows® Operating System 1112 C:\Windows\System32\dwm.exe
Network activity
----------------
Process firefox.exe (4000) connected on port 80 (HTTP) --> 64.71.251.152
Process firefox.exe (4000) connected on port 443 (HTTP over SSL) --> 184.73.159.129
Process firefox.exe (4000) connected on port 443 (HTTP over SSL) --> 184.73.159.129
Process firefox.exe (4000) connected on port 80 (HTTP) --> 199.7.57.72
Process firefox.exe (4000) connected on port 80 (HTTP) --> 199.7.57.72
Process firefox.exe (4000) connected on port 80 (HTTP) --> 74.125.226.40
Process firefox.exe (4000) connected on port 80 (HTTP) --> 63.140.35.28
Process firefox.exe (4000) connected on port 80 (HTTP) --> 74.125.226.42
Process firefox.exe (4000) connected on port 80 (HTTP) --> 63.140.35.28
Autoruns and critical files
---------------------------
hpwuSchd Application C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
Apple Push C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
CD/DVD Drive Acoustic Silencer C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
FileHippo.com Update Checker C:\Program Files\FileHippo.com\UpdateChecker.exe
HD Audio Control Panel C:\Windows\RtHDVCpl.exe
HP Digital Imaging C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Intel® Common User Interface C:\Windows\System32\hkcmd.exe
Intel® Common User Interface C:\Windows\system32\igfxdev.dll
Intel® Common User Interface C:\Windows\System32\igfxpers.exe
Intel® Common User Interface C:\Windows\System32\igfxtray.exe
iTunes C:\Program Files\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Logitech Installer C:\Users\Lindsay\AppData\Local\temp\Logitech\SetPoint_1\Setup.exe
Malwarebytes Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
MEAutoDetect Application C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
Microsoft Security Client C:\Program Files\Microsoft Security Client\msseces.exe
Microsoft® Windows® Operating System C:\Windows\system32\BROWSEUI.dll
Microsoft® Windows® Operating System C:\Windows\system32\oobefldr.dll
Microsoft® Windows® Operating System C:\Windows\system32\Ribbons.scr
RAID Event Monitor C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
RealPlayer (32-bit) C:\Program Files\Real\RealPlayer\Update\realsched.exe
Realtek Voice Manager C:\Windows\Skytel.exe
Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
TOSHIBA Flash Cards C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
TOSHIBA Power Saver C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
TOSHIBA Zooming Utility C:\Program Files\Toshiba\SmoothView\SmoothView.exe
Windows® Internet Explorer c:\windows\system32\webcheck.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Browser plugins
---------------
Bitdefender QuickScan C:\Users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\tchnz5cr.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
Garmin Communicator Plug-In C:\Program Files\Garmin GPS Plugin\npGarmin.dll
Google Update C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
HP Smart Web Printing c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
HP Smart Web Printing c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
Java Deployment Toolkit 7.0.70.11 C:\Windows\system32\npDeployJava1.dll
Java™ Platform SE 7 U7 c:\program files\java\jre7\bin\jp2ssv.dll
Java™ Platform SE 7 U7 C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
Java™ Platform SE 7 U7 c:\program files\java\jre7\bin\ssv.dll
McAfee SiteAdvisor C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
Microsoft® Windows Live ID c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
Pando Web Plugin C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
QuickTime Plug-in 5.0.2 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 5.0.2 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 5.0.2 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 5.0.2 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 5.0.2 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
RealNetworks™ Chrome Background Exte C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
RealPlayer Download and Record Plugin c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
RealPlayer Download Plugin C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
RealPlayer Download Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
RealPlayer™ HTML5VideoShim Plug-In ( C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
SDHelper.dll C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\Windows\system32\ieframe.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
Missing files
-------------
File not found: NDSTray.exe
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"NDSTray.exe"
Scan
----
MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files\Bonjour\mdnsNSP.dll
MD5: db5bea73edaf19ac68b2c0fad0f92b1a C:\Program Files\Bonjour\mDNSResponder.exe
MD5: 0923671cf87cd511e46d4668b53f5e76 c:\program files\common files\akamai/netsession_win_5891ae0.dll
MD5: 82cc8f77e9ec61c6b4d48dd4d5ca78e7 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MD5: 24aa9776d6ab032071b61c88089aea59 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MD5: e53b389aabc47a86a41884e94c9a3012 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
MD5: 5f3347eba403ee64780980a5baf10304 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
MD5: 09b7e7cd6f202247b3cf2306108589c2 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: 5a963c340de1a01ba6e24945ce05d16a C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
MD5: f4bc62990e7e5c29799a895b80fc3177 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
MD5: 5e33c164dc7fa74728d8a83036c438bb C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MD5: 26655ca3645c49da4a79ac18fe84ee11 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MD5: 638c7596b493f5f77db9ef6bad8fe46c C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
MD5: 8ba9851e671e8b5e49e303748ffd530c C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
MD5: 2e14406e05789f91c9282ae7cfca3a07 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MD5: a5299d04ed225d64cf07a568a3e1bf8c C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: ab781c0e4c09e08f464081d17c0f6184 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MD5: 12916e0642e92561c98b18a2a2d01b14 C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: 2424231bbd703a677d115c29983b4293 C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
MD5: 785f487a64950f3cb8e9f16253ba3b7b C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
MD5: b21115d236ba6d870804456dea0ce7dc C:\Program Files\Common Files\Steam\SteamService.exe
MD5: 332d341d92b933600d41953b08360dfb C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
MD5: 3d0a2cb20ef05f32d8116bdf52c34d6b C:\Program Files\FileHippo.com\UpdateChecker.exe
MD5: 24d72bbbb64487af7cb32b2d8da03ce5 C:\Program Files\Garmin GPS Plugin\npGarmin.dll
MD5: 5d4bc124faae6730ac002cdb67bf1a1c C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
MD5: 586fdc4e02623ee228ec35b9604ae5f2 C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
MD5: f8d838913c7a84ddb98204e775c3f49e C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll
MD5: 59a15c87764f54cc4e201e114926356b C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll
MD5: fad9e417338bc60375d296c6d649ec86 C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc
MD5: bcd6ff65a80ee7556062ae1fa23261a2 C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll
MD5: 9843f58df3e2908d1fed4df4b8747e51 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
MD5: 4a5b13f3f00f4bc122c45b46f54ffca3 C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll
MD5: 0a3c6aa4a9fc38c20ba4eac2c3351c05 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
MD5: 7e53957e73bfb209d49932a9ddebede4 C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll
MD5: f3f72a2a86c22610bca5439fa789dd52 C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
MD5: 03211597018f96769f7f731039f692e1 C:\Program Files\HP\Digital Imaging\bin\hpqddusr.dll
MD5: 347a39b69ac03b8f56d8807b989f5ca8 C:\Program Files\HP\Digital Imaging\bin\hpqgpb01.dll
MD5: 883008a9b5bff94a153d99dba54cb5c1 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
MD5: cc190b07e357bcd40c2afb57b9a67b7f C:\Program Files\HP\Digital Imaging\bin\hpqgpreh.dll
MD5: b0a41262968dd6fce3933527892d4a24 C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll
MD5: 3c69ce161c7007e9ad53a325492d446a C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll
MD5: 4ad76dbbe1f1361ebaec935d9d3f6a79 C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc
MD5: 55cf0a197dc8972ac829b30acae00e5e C:\Program Files\HP\Digital Imaging\bin\HpqSplh08.dll
MD5: 9e438543222120696c04a39bfac56fb6 C:\Program Files\HP\Digital Imaging\bin\hpqssm08.dll
MD5: d0d99257dddcddbe998af7ca14e85bd0 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
MD5: 9f6258f4166ab24b4b681eb1ed44534c C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll
MD5: 0ee03d901b5dcd3941686b95fcc98c89 C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll
MD5: 640fa356e88422165d95c1f94e943745 C:\Program Files\HP\Digital Imaging\bin\hpqstp08.rsc
MD5: dd1173e82083162858d1d4eaf43ec69b C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll
MD5: 794918ba6d0eeb27c9132f5b90a39c0c C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc
MD5: c0e1d09c01019f27f2b06bba152cdb07 C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll
MD5: b4febbac47297242f04ef7f14fe6df99 C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll
MD5: f0842cf3c0b33c07b2ca1692900f21b4 C:\Program Files\HP\Digital Imaging\bin\hpqwso08.dll
MD5: 568e44f6dcfa173f3670172b69379891 C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
MD5: cbbaf06c2ac8882d239c8dc5bfa197fd C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbevst.dll
MD5: 469cbb61665548a945280599e745bd09 c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
MD5: 21293443961a4e2597453ee7a9347f22 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
MD5: 5abe8b3207130016c5d7aad5a28eeea3 C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
MD5: 0ecc0901aebcb6b5c5c551c67e4e026a C:\Program Files\Intel\Intel Matrix Storage Manager\IAAMon_ENU.dll
MD5: cb686f44bf955ea02520710a56874fa4 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
MD5: 974ee55b9a17d606a783add021aa65ad C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll
MD5: de59a3eb6dd4e0c2384c0b0440c5a003 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: de59a3eb6dd4e0c2384c0b0440c5a003 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: de59a3eb6dd4e0c2384c0b0440c5a003 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: de59a3eb6dd4e0c2384c0b0440c5a003 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: de59a3eb6dd4e0c2384c0b0440c5a003 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 49918803b661367023bf325cf602afdc C:\Program Files\iPod\bin\iPodService.exe
MD5: e4ce6c4ae730e0ec87fc5da4cd1946ad C:\Program Files\iTunes\iTunesHelper.dll
MD5: 0dcac41eb58a45049bd7ff665c32d5f4 C:\Program Files\iTunes\iTunesHelper.exe
MD5: e7be61eb1bde3921ff0cdd24f1535332 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: 93a67ad03fd9c2286a4a5ad9a67f381a C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
MD5: 64151c0799431e0304ae1bd6202131a7 C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
MD5: 87e063f1e676c99b6c1c047794deb115 c:\program files\java\jre7\bin\jp2ssv.dll
MD5: 632f5b29e8c27631e7ac76e330fe2980 C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
MD5: a8ea3f37f4f31e620383f40526e723fe c:\program files\java\jre7\bin\ssv.dll
MD5: 957135960e7533ea5c7ea0bfb34f8efd C:\Program Files\Jumpstart\jswpsapi.exe
MD5: 1a5e2abf3277b8e3ecfc62a0ca352483 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
MD5: 0dbee38060475a4c3e04d3b908aec0b9 C:\Program Files\Microsoft Security Client\EppManifest.dll
MD5: 84204fda617a3611d510a1dcbae64004 C:\Program Files\Microsoft Security Client\mpclient.dll
MD5: e077fca2a7e79fb9bf67d3e30b5ce593 c:\Program Files\Microsoft Security Client\MsMpEng.exe
MD5: 7e1b0c85b7347d9391fe60f6dadfddf0 C:\Program Files\Microsoft Security Client\msseces.exe
MD5: 3b846434055f80d9e89d0742f3adad34 c:\Program Files\Microsoft Security Client\NisSrv.exe
MD5: 711a2e6a55ec7bfd59b5f649d58b704b c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
MD5: bd5fc9f3ef6ce0e4e149e9825285974d C:\Program Files\Mozilla Firefox\components\browsercomps.dll
MD5: 4f69aabb5d82aa4ef6dff7871212adf6 C:\Program Files\Mozilla Firefox\firefox.exe
MD5: 2c83614ca5c79d7f75c65e79fcabb257 C:\Program Files\Mozilla Firefox\freebl3.dll
MD5: 3817d77e8371f2b8bfab4653fb23230c C:\Program Files\Mozilla Firefox\mozalloc.dll
MD5: 0993ab4dc534b208c5557d0586195589 C:\Program Files\Mozilla Firefox\mozglue.dll
MD5: 97258f0898f8e3f3d154ce1dd71fd50b C:\Program Files\Mozilla Firefox\mozjs.dll
MD5: f8d269cb2edd02963adab1065352487d C:\Program Files\Mozilla Firefox\mozsqlite3.dll
MD5: 1200b011ad494a9e41d882143deb9d68 C:\Program Files\Mozilla Firefox\nspr4.dll
MD5: 6d8f7647f8eadb1f0d003b13ac7aff8b C:\Program Files\Mozilla Firefox\nss3.dll
MD5: 4eb7702ea671448197af4ca2b0d6f7d0 C:\Program Files\Mozilla Firefox\nssckbi.dll
MD5: 77685eccd3cc603c49fb6df510f2d191 C:\Program Files\Mozilla Firefox\nssdbm3.dll
MD5: cbbaa8d5109e5c51c241482be107d1b2 C:\Program Files\Mozilla Firefox\nssutil3.dll
MD5: e52f9b31aea7458e415616b88f41d6b6 C:\Program Files\Mozilla Firefox\plc4.dll
MD5: 65d434a6ead6152acffca952121b8fa2 C:\Program Files\Mozilla Firefox\plds4.dll
MD5: a7b6857b7503d9ca4f40d17a7ebb67fb C:\Program Files\Mozilla Firefox\plugin-container.exe
MD5: 4d96a92905be968000b6470996e670a7 C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
MD5: 90492e00ee4c916123bec5d267894e8c C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
MD5: 1291beebb50451c80bf7719612196508 C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
MD5: 25a86a8d2a66b599800d3530dc8ca4af C:\Program Files\Mozilla Firefox\smime3.dll
MD5: 9a0f86431a4304985a6a32356d8a1e5a C:\Program Files\Mozilla Firefox\softokn3.dll
MD5: 49c2a8dbd535ec9ff202aca627c3ec6a C:\Program Files\Mozilla Firefox\ssl3.dll
MD5: ed866bd9b4f737c4e798eb92dca30931 C:\Program Files\Mozilla Firefox\xpcom.dll
MD5: cbe42bf86e34fbb1ca197da60b024792 C:\Program Files\Mozilla Firefox\xul.dll
MD5: 96aa8ba23142cc8e2b30f3cae0c80254 C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
MD5: 0efa66e9384dbced4d639fb9bdd97536 C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
MD5: 4d96a92905be968000b6470996e670a7 C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
MD5: 90492e00ee4c916123bec5d267894e8c C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
MD5: 1291beebb50451c80bf7719612196508 C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
MD5: 8e53b67fa3816e854b07c5dc66e10730 C:\Program Files\Real\RealPlayer\Update\realsched.exe
MD5: 98888488d0e6db0256e5e661bcd35eb6 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MD5: d154305de6090e6e84e525f84bb08a06 C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
MD5: 7df1e7b35c39d656850cfe237503f3f7 C:\Program Files\Toshiba\ConfigFree\CFP2API.dll
MD5: d10d01b2dfcd8d2f32a32ed29e8da1c2 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
MD5: 9a815510679c7ecd04ed194a9c9c25e5 C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
MD5: 53835c26153df03322b6378addf070b4 C:\Program Files\Toshiba\ConfigFree\CFUPNP.dll
MD5: e02b05f518925555ba3bfd0bd8302a82 C:\Program Files\Toshiba\ConfigFree\CFWLAPI.dll
MD5: bb2666ac49d3d28c78106ef066ea2e24 C:\Program Files\Toshiba\ConfigFree\IpAdrSet.dll
MD5: ed3c13747a5a0455f4c1a019451c1225 C:\Program Files\Toshiba\ConfigFree\NDSAPI.dll
MD5: ab62a8f77c0e2ec8bfdac6bb379b3ecb C:\Program Files\Toshiba\ConfigFree\NDSNLS.dll
MD5: 0172f917a624d08620a8ae94f5950a30 C:\Program Files\Toshiba\ConfigFree\NDSParts.dll
MD5: 6e3fefb74326a230237613f2b035c71f C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
MD5: 250c1c68e4747c2c831beae3c10ad432 C:\Program Files\Toshiba\ConfigFree\notify\NotifyCFF86.dll
MD5: 7a3e47a6f167e6b9835a6dc2ca20c9d8 C:\Program Files\Toshiba\ConfigFree\OpenProp.dll
MD5: 76f61061e321edf35b8916b6dd66cc35 C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MD5: 85fe1337101b9f9fd5e2ab865ad6c77f C:\Program Files\TOSHIBA\FlashCards\FnSticky.dll
MD5: 2240e4aa3910a1a6cbe168c66dad2824 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnEsc.dll
MD5: aa6bd503a41ae158efba851965a40fe9 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF1.dll
MD5: af9f38a0c5e790bb7f85bfaceec88442 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF3.dll
MD5: 9d5270bf2caaf1a4bc2d6b970576abe0 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF4.dll
MD5: 7c88e3cc3c53939fadfe4e6f2e570849 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF5.dll
MD5: 149551a6bea760da03e1db630a2cf053 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF67.dll
MD5: 75996e5e864b8baa2da1639d995d8e76 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF8Dll.dll
MD5: 6c7722cad2517c6170f3c4bcc5224286 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF9.dll
MD5: e34ecafcdcb2be66ed651c363e0f216a C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnSpace.dll
MD5: 6dc04e1ddb48ed7397d1597c737bc106 C:\Program Files\Toshiba\FlashCards\TCrdEvnt.dll
MD5: 8909e1a7c0c5167af378e143bc413fba C:\Program Files\Toshiba\FlashCards\TCrdMain.dll
MD5: f0cf4d72581b1e0b528086e9fb5da23b C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
MD5: 066b00871ece0e36f5658bb675eaf7fa C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MD5: f272269c4de5724151fcbdd4d757d3a8 C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MD5: da341a36236916c522ba6f06dbd07347 C:\Program Files\Toshiba\Power Saver\T1394Pwr.dll
MD5: 474b0c3abeae5e0b213699834a8356e7 C:\Program Files\Toshiba\Power Saver\TCooling.dll
MD5: 709b5f132d3f8607f38c8eb6c7b95b8f C:\Program Files\TOSHIBA\Power Saver\TFunc2.DLL
MD5: 4e29ed8e7072f363bfb6613e02a73906 C:\Program Files\TOSHIBA\Power Saver\TFunctab.DLL
MD5: b3693a331802d4f49b4f881c24137034 C:\Program Files\TOSHIBA\Power Saver\TOddPwr.dll
MD5: 44dbac611b11646683b5b066a049b8e4 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
MD5: 738cb2e3f180bce49bb0985865f68b8e C:\Program Files\Toshiba\Power Saver\TPwrFunc.dll
MD5: 8a75c36eee9ba57fbe09f6dcb8fc8d10 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
MD5: e08ff9e0dc5f604b89d8625fc91e0532 C:\Program Files\Toshiba\Power Saver\TPwrReg.dll
MD5: d1fb23fff60528efe5b32d14bde9777a C:\Program Files\TOSHIBA\Power Saver\TPwrSrv.dll
MD5: 0b2ec9add2b3057303f0d96025695875 C:\Program Files\Toshiba\Power Saver\TSDPwr.dll
MD5: 0f539f3af677e2a6e2dca1f7ae949b10 C:\Program Files\TOSHIBA\Power Saver\TtosFunc.dll
MD5: 22690dffc7f2a18279a7a0489aa02bac C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
MD5: 7a45905b462f6ae857e4566f3831aeb6 C:\Program Files\TOSHIBA\SmoothView\NotifyTZU.dll
MD5: 4ed320668a36ef72bc2a4b84f10353a9 C:\Program Files\Toshiba\SmoothView\SmoothView.exe
MD5: 5d29764082133f302126c85ab96acb80 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
MD5: 311f8c91193b851104dd140966d6aea1 C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MD5: c62cf532f92bd43b436bb1f0550722dc C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MD5: 89f74c86523f5e334628dbce66e6d165 C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
MD5: e09caafb2b323a6ff120cefb96da0a44 C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
MD5: f92fa005b7ed96502dadbce0bbd49815 C:\Program Files\TOSHIBA\Utilities\NotifyX.dll
MD5: 642d2e6b9e57c8094e6114131916fdb7 C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll
MD5: e51ec9e9d0e657a2899ebbe0f9fe97f9 C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Common\rpcommon150browserrecordplugin.dll
MD5: 3de544a34b868038bc704cef76c40a09 c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
MD5: 10737b44923217bc0e67d26a9fc1f0aa C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
MD5: 2645990c521342dcd08963d2df6cd0d2 C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
MD5: a7230c095e646fd97c52d094be07467b C:\PROGRA~1\IObitBar\toolbar\1.bin\i0barsvc.exe
MD5: 4855287dc6f5b5a715ec149543b1a22c C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
MD5: 3fce83869508101e94ef23bb8d028bfd C:\Users\Lindsay\AppData\Local\temp\Logitech\SetPoint_1\Setup.exe
MD5: c9e3864fb9cbfa93d9010bcfe18a5697 C:\Users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\tchnz5cr.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 6c887e9ba3ae7f62635f098bfc9853cd C:\Windows\RtHDVCpl.exe
MD5: c8612e58fb7fcfa5eea4e39f7b8cbc17 C:\Windows\Skytel.exe
MD5: e9b9c1b98c8d6d48407e1c1203eac659 C:\Windows\system32\adsldpc.dll
MD5: 39e435c90c9c4f780fa0ed05ca3c3a1b C:\Windows\system32\agrsmsvc.exe
MD5: 74f26fc01b180d4a99a168ed69c30a53 C:\Windows\system32\cmd.exe
MD5: 93e317d7ad783d8eaee2e3500bfe889d C:\Windows\system32\credui.dll
MD5: f180ede9cfc3ff218d4b45155119f4d9 C:\Windows\system32\CRYPT32.dll
MD5: 75c6a297e364014840b48eccd7525e30 C:\Windows\system32\cryptsvc.dll
MD5: 85e861d0b88db2b54acb0839654c09f7 C:\Windows\system32\DNSAPI.dll
MD5: 57d762f6f5974af0da2be88a3349baaa C:\Windows\System32\dnsrslvr.dll
MD5: 062373995eae5f0eac9eaa9192136bfb C:\Windows\system32\dnssd.dll
MD5: 3911b972b55fea0478476b2e777b29fa C:\Windows\system32\drivers\afd.sys
MD5: ce91b158fa490cf4c4d487a4130f4660 C:\Windows\system32\DRIVERS\AGRSM.sys
MD5: 0d83c87a801a3dfcd1bf73893fe7518c C:\Windows\system32\drivers\atapi.sys
MD5: 8be56f8300e1c37b578da23c71816b7a C:\Windows\system32\DRIVERS\athr.sys
MD5: 35f376253f687bde63976ccb3f2108ca C:\Windows\system32\DRIVERS\bowser.sys
MD5: 622c41a07ca7e6dd91770f50d532cb6c C:\Windows\System32\Drivers\dfsc.sys
MD5: 4f59c172c094e1a1d46463a8dc061cbd C:\Windows\system32\DRIVERS\Dot4.sys
MD5: 80bf3ba09f6f2523c8f6b7cc6dbf7bd5 C:\Windows\system32\DRIVERS\Dot4Prt.sys
MD5: c55004ca6b419b6695970dfe849b122f C:\Windows\system32\DRIVERS\dot4usb.sys
MD5: c68ac676b0ef30cfbb1080adce49eb1f C:\Windows\System32\drivers\dxgkrnl.sys
MD5: cbc22823628544735625b280665e434e C:\Windows\system32\DRIVERS\FwLnk.sys
MD5: d61e53e3fec0c92bc8dd3969fad63f87 C:\Windows\system32\drivers\HipShieldK.sys
MD5: db0cc620b27a928d968c1a1e9cd9cb87 C:\Windows\system32\DRIVERS\iaStor.sys
MD5: 6fb1858d1f0923d122b0331865695041 C:\Windows\system32\DRIVERS\igdkmd32.sys
MD5: 11ad410f41af42ba12e63187e3ec141a C:\Windows\system32\DRIVERS\jswpslwf.sys
MD5: e8ca038f51f7761bd6e3a3b0b8014263 C:\Windows\system32\drivers\kr10i.sys
MD5: 6a4adb9186dd0e114e623daf57e42b31 C:\Windows\system32\drivers\kr10n.sys
MD5: 4a1445efa932a3baf5bdb02d7131ee20 C:\Windows\System32\Drivers\ksecdd.sys
MD5: ee728af83850ddad9a3fcac0aab3ad97 C:\Windows\system32\DRIVERS\MpFilter.sys
MD5: 1e94971c4b446ab2290deb71d01cf0c2 C:\Windows\system32\DRIVERS\mrxsmb.sys
MD5: 4fccb34d793b116423209c0f8b7a3b03 C:\Windows\system32\DRIVERS\mrxsmb10.sys
MD5: c3cb1b40ad4a0124d617a1199b0b9d7c C:\Windows\system32\DRIVERS\mrxsmb20.sys
MD5: f70590424eefbf5c27a40c67afdb8383 C:\Windows\system32\drivers\msahci.sys
MD5: 2cd24a6af497d0e9b9bf3da924ed05e6 C:\Windows\system32\DRIVERS\NisDrvWFP.sys
MD5: b9c2b89f08670e159f7181891e449cd9 C:\Windows\System32\drivers\partmgr.sys
MD5: b9cbd3dea7ca02868621173bf7a2af9f C:\Windows\system32\drivers\RTKVHDA.sys
MD5: 7157e70a90cce49deb8885d23a073a39 C:\Windows\system32\DRIVERS\Rtlh86.sys
MD5: 9ff7d9cf3a5f296613588b0e8db83afe C:\Windows\system32\drivers\RTSTOR.SYS
MD5: 41987f9fc0e61adf54f581e15029ad91 C:\Windows\System32\DRIVERS\srv.sys
MD5: ff33aff99564b1aa534f58868cbe41ef C:\Windows\System32\DRIVERS\srv2.sys
MD5: 7605c0e1d01a08f3ecd743f38b834a44 C:\Windows\System32\DRIVERS\srvnet.sys
MD5: 55f6e55cc2430ca8713387106fa79817 C:\Windows\system32\DRIVERS\SynTP.sys
MD5: ee7e10bed85c312c1d5d30c435bdda9f C:\Windows\System32\drivers\tcpip.sys
MD5: 2c2d4cff5e09c73908f9b5af49a51365 C:\Windows\System32\drivers\tcpipreg.sys
MD5: 6fdfba25002ce4bac463ac866ae71405 C:\Windows\system32\DRIVERS\tdcmdpst.sys
MD5: 4399a9bf7d8f49991a07fd86590a1619 C:\Windows\system32\DRIVERS\tos_sps32.sys
MD5: 792a8b80f8188aba4b2be271583f3e46 C:\Windows\system32\DRIVERS\TVALZ_O.SYS
MD5: 83cafcb53201bbac04d822f32438e244 C:\Windows\System32\Drivers\usbaapl.sys
MD5: cabd1b34bd05c986b4dbc18bc0e947ee C:\Windows\system32\dwrite.dll
MD5: 8ce364388c8eca59b14b539179276d44 C:\Windows\system32\FntCache.dll
MD5: 7a137514f4e48ecdbdd1f29cf7e8d5a4 C:\Windows\system32\GLU32.dll
MD5: b669adb56abe22ba2b69a96d6cee8508 C:\Windows\System32\hccutils.DLL
MD5: eb7f7f7dba47fdc1e2fa386b00da0f90 C:\Windows\System32\hkcmd.exe
MD5: 510c138564486ff926a3f773205c63d1 C:\Windows\system32\HPZinw12.dll
MD5: 37e5e8ffbad35605daeec3224ea0e465 C:\Windows\system32\HPZipm12.dll
MD5: b1c979c02fe013b2b9c0717c26ae1485 C:\Windows\system32\hpzipr12.dll
MD5: 0ba3f31e2b4d8d99df8dd19e81155374 C:\Windows\system32\ieframe.dll
MD5: eb8a00e8e9931a7ec04f920b09d880d8 C:\Windows\system32\iertutil.dll
MD5: 238c3965dd2e6d2c59d79a3125ce8a0a C:\Windows\system32\igdumd32.dll
MD5: 27c03e086b8794d1f4032a4f99ee3e22 C:\Windows\system32\igdumdx32.dll
MD5: 9e816aeedb04745c3f3d74dde90bd79a C:\Windows\system32\igfxdev.dll
MD5: a80d1ce4caf57acce8009ae80b6a47ec C:\Windows\system32\igfxexps.dll
MD5: cf8ca02425efa12ba122291a9780ec65 C:\Windows\System32\igfxext.exe
MD5: 8ef0123b03f1ddd8a618eb1d0ba71f54 C:\Windows\System32\igfxpers.exe
MD5: 13cc964e280c9a15636acbe5c4e5a575 C:\Windows\system32\igfxrENU.lrc
MD5: d87d76a514d99e70d122cd96eadc5353 C:\Windows\System32\igfxress.dll
MD5: 720c8ee22b359ed438bda19f6f603345 C:\Windows\system32\igfxsrvc.dll
MD5: 7ce0beb1da5628c128eb8782a6fe1747 C:\Windows\System32\igfxsrvc.exe
MD5: d4c7c8129b2edcf1af96a643a11ed5ee C:\Windows\system32\igfxTMM.dll
MD5: f61200a4b3e6e781de8b5653517566d7 C:\Windows\System32\igfxtray.exe
MD5: eb49faa5ebbc06356fb12476438781b9 C:\Windows\system32\imagehlp.dll
MD5: 509d846fdf0c83158ed5970de751364c C:\Windows\system32\jsproxy.dll
MD5: 574b473facaa0e91702b86578440b525 C:\Windows\system32\kernel32.dll
MD5: a3e186b4b935905b829219502557314e C:\Windows\system32\lsass.exe
MD5: bf142d4f8c61ed3629a9cdd7ba867900 C:\Windows\system32\mfplat.dll
MD5: 56e315acfb08a177b4d01e42b9044db5 C:\Windows\system32\MPRAPI.dll
MD5: ff41e1ac301f51e16f61ad7c0f45467c C:\Windows\System32\msshsq.dll
MD5: 17af64d727545f2804f6e6d998327e3f C:\Windows\system32\msvcrt.dll
MD5: 6abd253226770eae1292b4c945ed4b4b C:\Windows\System32\msxml3.dll
MD5: 188cc19108b0ebd6332d6628d4ede469 C:\Windows\system32\ncrypt.dll
MD5: 98b656eaf128cd06f625b09c84d959e1 C:\Windows\system32\NETAPI32.dll
MD5: ab87c54ca19675880b0cae65b8af140c C:\Windows\system32\npDeployJava1.dll
MD5: dda770bbd7c2ed024d6f50e279d90e5b C:\Windows\system32\ntdll.dll
MD5: 9586e7cb2255a8b097a7e4538202585e C:\Windows\system32\ole32.dll
MD5: dc15ab7168c0309d8f04fd95b6240422 C:\Windows\system32\OLEACC.dll
MD5: b218342214d9bba0f54ea12ba2e9278c C:\Windows\system32\OLEAUT32.dll
MD5: b55e77bb01e85d2ca2c4b8424e1df345 C:\Windows\system32\OPENGL32.dll
MD5: 2dd6af8e97f59c9d39329bbc2a81f13f C:\Windows\system32\RASDLG.dll
MD5: 5a32d90a3d3d63e9011869a07a720ab3 C:\Windows\system32\Ribbons.scr
MD5: ab530fdd34c67b497a20171d1234cfe9 C:\Windows\system32\RICHED32.DLL
MD5: 50e3e76b0901bb4fc029bb88bfa5ce79 C:\Windows\system32\schannel.dll
MD5: 1a58069db21d05eb2ab58ee5753ebe8d C:\Windows\system32\schedsvc.dll
MD5: d602fedbd9155fc2ded6863fb60c950f C:\Windows\system32\Secur32.dll
MD5: 167ac31450c0c53a01fa1491e94d7678 C:\Windows\system32\SHDOCVW.dll
MD5: aaf101900a23d75ae1ae00840fa6f3b8 C:\Windows\system32\SHELL32.dll
MD5: 9176285122b7b849fec2aa1b72a8f7a8 C:\Windows\system32\SHLWAPI.dll
MD5: c7230fbee14437716701c15be02c27b8 C:\Windows\System32\shsvcs.dll
MD5: 8554097e5136c3bf9f69fe578a1b35f4 C:\Windows\System32\spoolsv.exe
MD5: 1bf5eebfd518dd7298434d8c862f825d C:\Windows\System32\srvsvc.dll
MD5: b5950df243837d8217f4e597919b224a C:\Windows\system32\stobject.dll
MD5: 4f4703d7281b95c2b07cce670b52c38c C:\Windows\system32\SynCOM.dll
MD5: 98889275ae552574a8cf6e8dd8f65f75 C:\Windows\system32\SynTPAPI.dll
MD5: 3e4239b92139f7174a0da7d53fe5e1ab C:\Windows\System32\sysprep\PEDrv.sys
MD5: bfa034aac103d8a6f591ac9364688339 C:\Windows\system32\t2embed.dll
MD5: 3d50c4b10352367d5cb20ed1f50f8da2 C:\Windows\System32\taskeng.exe
MD5: 52e129522c1775dbb8cc252e7a0655c7 C:\Windows\system32\taskschd.dll
MD5: c5ac715b65b01788abc22d10749dddd8 C:\Windows\system32\TODDSrv.exe
MD5: 9fac0f6d5f3d922db294e30cd3f62369 C:\Windows\system32\urlmon.dll
MD5: 80fff14f1757b9af8be9d314fc1ae88b C:\Windows\system32\USP10.dll
MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\system32\webcheck.dll
MD5: dbd02e3e6f061ebbbf9b99a9d7cba30b C:\Windows\System32\winhttp.dll
MD5: 5553611e2f9ea6f613079177f1233068 C:\Windows\system32\WININET.dll
MD5: 14ff750efe13b0c21e5a06507c3a97b1 C:\Windows\system32\WINMM.dll
MD5: 3fcb7347d2de38488c85a31ea7838a3c C:\Windows\system32\WinSATAPI.dll
MD5: 5ec8fb83f31aa2d6f421f02c3f4f4475 C:\Windows\system32\winspool.drv
MD5: e253e5da1249a471d913f7ea4c81faf6 C:\Windows\system32\WINTRUST.dll
MD5: fc3ec24fce372c89423e015a2ac1a31e C:\Windows\system32\wuaueng.dll
MD5: 1908cc7673f72601affdca022689cedf C:\Windows\system32\XmlLite.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: 1f5afd468eb5e09e9ed75a087529eab5 C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
MD5: 28a09777d2d952122567a8a82f1a2c7b C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
MD5: 58a14c45a5cd2528f10a889e7b0c3fc2 C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.DLL
MD5: 665e22ce8ffb51925b30925a5985e174 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa\MSVCP90.dll
MD5: 07a96cf6dd46e76c894ea5483c0e5f96 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa\MSVCR90.dll
MD5: ca6ade4f7761bb15b3325356dc3b82bb C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL
MD5: 35acd5ea63d75e97dd0e9a1629e582b2 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll
MD5: be3c082837866c4c291adaf163c10ea6 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MD5: 76eaef4ddebbc7c38853f586c0e91dce C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll
No file uploaded.
Scan finished - communication took 2 sec
Total traffic - 0.01 MB sent, 1.52 KB recvd
Scanned 757 files and modules - 44 seconds
==============================================================================
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 07/10/2012 11:25:42 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/10/2012 11:37:58 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Sigverif only showed:
perdrv.sys from Jan 18 2008 as not signed but also indincated:
2 files not scanned
When the disk check was performed and finished (I guess) it ended with the blinking curser. I had to power off and reboot. Do not know if this means anything but thought I would mention it.
#28
Posted 07 October 2012 - 11:22 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Not sure why disk check didn't finish. Normally I think it loads windows when done. It is supposed to leave a log in the event logs but it's only rated Informational so we didn't get it with VEW.exe
It's supposed to be an Application log and I think it says that the source is Microsoft-Windows-Wininit so if you go into the event logs:
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on Application. Scroll down in the right pane until you find a log from Microsoft-Windows-Wininit There should be a copy button on the right that you can use to copy the log if you find it then paste it into a reply.
It's supposed to be an Application log and I think it says that the source is Microsoft-Windows-Wininit so if you go into the event logs:
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on Application. Scroll down in the right pane until you find a log from Microsoft-Windows-Wininit There should be a copy button on the right that you can use to copy the log if you find it then paste it into a reply.
#29
Posted 08 October 2012 - 07:40 AM
Ardant
- Topic Starter
-
- Member
-
- 229 posts
Member
Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 10/7/2012 10:45:26 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: SummerCamp20-PC
Description:
Checking file system on C:
The type of the file system is NTFS.
Volume label is SQ004890V03.
A disk check has been scheduled.
Windows will now check the disk.
331392 file records processed.
1435 large file records processed.
0 bad file records processed.
0 EA records processed.
90 reparse records processed.
417378 index entries processed.
0 unindexed files processed.
331392 security descriptors processed.
Cleaning up 373 unused index entries from index $SII of file 0x9.
Cleaning up 373 unused index entries from index $SDH of file 0x9.
Cleaning up 373 unused security descriptors.
42994 data files processed.
CHKDSK is verifying Usn Journal...
35829072 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
331376 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
22940597 free clusters processed.
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.
235095039 KB total disk space.
142752444 KB in 246507 files.
131284 KB in 42995 indexes.
0 KB in bad sectors.
448923 KB in use by the system.
65536 KB occupied by the log file.
91762388 KB available on disk.
4096 bytes in each allocation unit.
58773759 total allocation units on disk.
22940597 allocation units available on disk.
Internal Info:
80 0e 05 00 e9 6a 04 00 92 9b 07 00 00 00 00 00 .....j..........
19 04 00 00 5a 00 00 00 00 00 00 00 00 00 00 00 ....Z...........
42 00 00 00 a2 73 a4 77 20 86 0e 00 20 7e 0e 00 B....s.w ... ~..
Windows has finished checking your disk.
Please wait while your computer restarts.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-10-08T02:45:26.000Z" />
<EventRecordID>90031</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>SummerCamp20-PC</Computer>
<Security />
</System>
<EventData>
<Data>
Checking file system on C:
The type of the file system is NTFS.
Volume label is SQ004890V03.
A disk check has been scheduled.
Windows will now check the disk.
331392 file records processed.
1435 large file records processed.
0 bad file records processed.
0 EA records processed.
90 reparse records processed.
417378 index entries processed.
0 unindexed files processed.
331392 security descriptors processed.
Cleaning up 373 unused index entries from index $SII of file 0x9.
Cleaning up 373 unused index entries from index $SDH of file 0x9.
Cleaning up 373 unused security descriptors.
42994 data files processed.
CHKDSK is verifying Usn Journal...
35829072 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
331376 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
22940597 free clusters processed.
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.
235095039 KB total disk space.
142752444 KB in 246507 files.
131284 KB in 42995 indexes.
0 KB in bad sectors.
448923 KB in use by the system.
65536 KB occupied by the log file.
91762388 KB available on disk.
4096 bytes in each allocation unit.
58773759 total allocation units on disk.
22940597 allocation units available on disk.
Internal Info:
80 0e 05 00 e9 6a 04 00 92 9b 07 00 00 00 00 00 .....j..........
19 04 00 00 5a 00 00 00 00 00 00 00 00 00 00 00 ....Z...........
42 00 00 00 a2 73 a4 77 20 86 0e 00 20 7e 0e 00 B....s.w ... ~..
Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>
Source: Microsoft-Windows-Wininit
Date: 10/7/2012 10:45:26 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: SummerCamp20-PC
Description:
Checking file system on C:
The type of the file system is NTFS.
Volume label is SQ004890V03.
A disk check has been scheduled.
Windows will now check the disk.
331392 file records processed.
1435 large file records processed.
0 bad file records processed.
0 EA records processed.
90 reparse records processed.
417378 index entries processed.
0 unindexed files processed.
331392 security descriptors processed.
Cleaning up 373 unused index entries from index $SII of file 0x9.
Cleaning up 373 unused index entries from index $SDH of file 0x9.
Cleaning up 373 unused security descriptors.
42994 data files processed.
CHKDSK is verifying Usn Journal...
35829072 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
331376 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
22940597 free clusters processed.
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.
235095039 KB total disk space.
142752444 KB in 246507 files.
131284 KB in 42995 indexes.
0 KB in bad sectors.
448923 KB in use by the system.
65536 KB occupied by the log file.
91762388 KB available on disk.
4096 bytes in each allocation unit.
58773759 total allocation units on disk.
22940597 allocation units available on disk.
Internal Info:
80 0e 05 00 e9 6a 04 00 92 9b 07 00 00 00 00 00 .....j..........
19 04 00 00 5a 00 00 00 00 00 00 00 00 00 00 00 ....Z...........
42 00 00 00 a2 73 a4 77 20 86 0e 00 20 7e 0e 00 B....s.w ... ~..
Windows has finished checking your disk.
Please wait while your computer restarts.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-10-08T02:45:26.000Z" />
<EventRecordID>90031</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>SummerCamp20-PC</Computer>
<Security />
</System>
<EventData>
<Data>
Checking file system on C:
The type of the file system is NTFS.
Volume label is SQ004890V03.
A disk check has been scheduled.
Windows will now check the disk.
331392 file records processed.
1435 large file records processed.
0 bad file records processed.
0 EA records processed.
90 reparse records processed.
417378 index entries processed.
0 unindexed files processed.
331392 security descriptors processed.
Cleaning up 373 unused index entries from index $SII of file 0x9.
Cleaning up 373 unused index entries from index $SDH of file 0x9.
Cleaning up 373 unused security descriptors.
42994 data files processed.
CHKDSK is verifying Usn Journal...
35829072 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
331376 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
22940597 free clusters processed.
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.
235095039 KB total disk space.
142752444 KB in 246507 files.
131284 KB in 42995 indexes.
0 KB in bad sectors.
448923 KB in use by the system.
65536 KB occupied by the log file.
91762388 KB available on disk.
4096 bytes in each allocation unit.
58773759 total allocation units on disk.
22940597 allocation units available on disk.
Internal Info:
80 0e 05 00 e9 6a 04 00 92 9b 07 00 00 00 00 00 .....j..........
19 04 00 00 5a 00 00 00 00 00 00 00 00 00 00 00 ....Z...........
42 00 00 00 a2 73 a4 77 20 86 0e 00 20 7e 0e 00 B....s.w ... ~..
Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>
#30
Posted 08 October 2012 - 08:45 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
OK. It looks like it worked OK. Unless you see other problems I think we are done and can clean up
Copy the following:
That will get the last of the malware off the system.
You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:
"%userprofile%\Desktop\combofix.exe" /Uninstall
Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.
OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.
To hide hidden files again:
Vista or Win7
# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.
To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.
If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.
Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.
If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.
Special note on Java. Currently there is an exploit out that works on all Java Version 7 software so we are recommending that if you do not visit websites that absolutely require Java that you turn it off in your browser per the instructions in http://www.geekstogo...ur-web-browser/
If you use websites that require Java and you trust them then we recommend that you use either Firefox with the NoScript add-on or Chrome with the ScriptNo add-on and avoid IE. NoScript/ScriptNo will turn off Java and Javascript on all websites you visit except for those that you specifically approve. More info on the exploit is here: http://krebsonsecuri...y-java-exploit/
A new Java 7 Version 7 was released on an emergency basis to fix the exploit but apparently still has a problem.
Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works. http://support.microsoft.com/kb/294871
You definitely need to have KB2744842. This patches a major flaw in IE.
My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)
Ron
Copy the following:
:Commands [CLEARALLRESTOREPOINTS] [Reboot]Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.
That will get the last of the malware off the system.
You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:
"%userprofile%\Desktop\combofix.exe" /Uninstall
Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.
OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.
To hide hidden files again:
Vista or Win7
# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.
To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.
If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.
Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.
If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.
Special note on Java. Currently there is an exploit out that works on all Java Version 7 software so we are recommending that if you do not visit websites that absolutely require Java that you turn it off in your browser per the instructions in http://www.geekstogo...ur-web-browser/
If you use websites that require Java and you trust them then we recommend that you use either Firefox with the NoScript add-on or Chrome with the ScriptNo add-on and avoid IE. NoScript/ScriptNo will turn off Java and Javascript on all websites you visit except for those that you specifically approve. More info on the exploit is here: http://krebsonsecuri...y-java-exploit/
A new Java 7 Version 7 was released on an emergency basis to fix the exploit but apparently still has a problem.
Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works. http://support.microsoft.com/kb/294871
You definitely need to have KB2744842. This patches a major flaw in IE.
My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)
Ron
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
