Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer won't let me log in ! [Solved]

Started by 23red , Oct 12 2012 07:59 PM

This topic is locked

#1
23red

Posted 12 October 2012 - 07:59 PM

Trusted Helper

Malware Removal
1,797 posts

I'm having trouble coming here to do anything. I also am having trouble logging into gmail, going to bc, and other places PL research lands me. I can search fine, when I land it goes unresponsive.
This happened after I installed a printer yesterday on computer 2 (mine)after installing on the desktop. It said I needed an up-to-date browser (I use ie) when I tried to print pages for work so I thought I would try chrome. Chrome worked. But it still would not print. I then noticed ie did not work correctly, so I uninstalled chrome. I tried to print the pages I needed for work after that, still no joy. I then uninstalled the printer because it wouldn't let me print..it said I need to install a printer first :confused:

(adobe). So I tried to research the why of that and I can't go anywhere correctly. When I returned from work last night, I tried again. Same thing. I'm having a difficult time doing anything. I won't do anything 'official' on it because I don't trust it. Always been that way. In the past Malwarebytes has found vundo, that was after someone else had it for a few months. I've been warned there may be something lurking, now I'm pretty sure there is something lurking and I would really really appreciate any :help:

please. Guess I have to get it taken care of once and for all. Malwarebytes comes up empty, here is the otl log I got. Fortunately I had a newer version on my desktop, I put the results on a stick. Thank you for reading, Thank you for being here.

OTL logfile created on: 10/12/2012 5:25:41 AM - Run 3
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Cindy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: | Country: | Language: | Date Format:

1.87 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 44.93% Memory free
3.98 Gb Paging File | 2.98 Gb Available in Paging File | 74.87% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 49.13 Gb Free Space | 44.54% Space Free | Partition Type: NTFS

Computer Name: CINDY-PC | User Name: Cindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/22 03:16:51 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Cindy\Desktop\OTL.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/27 10:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/10 14:41:08 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/04/10 20:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/02 11:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/05/09 09:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/24 10:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/16 21:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/16 21:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/16 21:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/08 13:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/20 16:24:46 | 000,226,816 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\Defrag.exe
PRC - [2008/01/20 16:24:43 | 000,163,840 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\DfrgNtfs.exe
PRC - [2008/01/20 16:24:29 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe

========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/03/06 08:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2007/12/25 10:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007/12/14 19:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/10/10 08:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 08:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll

========== Services (SafeList) ==========

SRV - [2012/10/09 03:16:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 10:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/07/26 16:00:24 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/07/18 18:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/16 21:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 13:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/15 15:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/02/06 11:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 16:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 15:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 15:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 10:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 13:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\viaagp.sys -- (viaagp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uagp35.sys -- (uagp35)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sisagp.sys -- (sisagp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serial.sys -- (Serial)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serenum.sys -- (Serenum)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\parvdm.sys -- (Parvdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/24 05:05:40 | 000,011,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/28 13:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/18 16:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 14:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/01/20 16:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/14 09:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 12:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 13:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 11:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/08 20:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/08 20:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {D03D7F1E-2667-4FB4-9A19-35292CB10741}
IE - HKLM\..\SearchScopes\{D03D7F1E-2667-4FB4-9A19-35292CB10741}: "URL" = http://www.google.co...ge={startPage};

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 64 B2 9A B0 A9 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/10 14:41:52 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: https://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 11:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [toscdspd] TOSCDSPD.EXE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{814EBDF1-5B7A-44CF-97E4-3FB8B9056A05}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 11:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3d34665a-4781-11e0-9c87-001e336bffb4}\Shell - "" = AutoRun
O33 - MountPoints2\{3d34665a-4781-11e0-9c87-001e336bffb4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/09 17:30:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/09 17:30:21 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/09 17:30:21 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/09/21 14:26:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/21 14:26:53 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/21 14:26:52 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/21 14:26:51 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/21 14:26:50 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012/09/21 14:26:50 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/09/21 14:26:50 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/09/21 14:26:49 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/09/21 14:26:49 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/21 14:26:49 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/21 14:26:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/09/21 14:26:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/09/21 14:26:49 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/09/21 14:26:48 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/21 14:26:48 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/09/21 14:26:48 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/09/21 14:26:48 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/09/21 14:26:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/09/20 19:49:08 | 000,000,000 | ---D | C] -- C:\Users\Cindy\New Folder
[2012/09/14 05:10:47 | 000,000,000 | ---D | C] -- C:\Users\Cindy\DoctorWeb
[2012/09/13 16:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/13 16:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/13 16:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/13 03:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/13 03:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/13 03:01:24 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/12 05:16:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/12 05:06:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/12 04:59:19 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/12 04:50:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/12 04:50:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/12 04:50:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/12 04:11:43 | 000,625,972 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/12 04:11:43 | 000,112,670 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/11 15:11:51 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/10/09 03:16:11 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/09 03:16:11 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/02 03:02:24 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/20 18:21:56 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/19 19:58:01 | 000,357,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/13 16:22:38 | 000,001,635 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/13 03:28:08 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/11 15:11:51 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/09/13 16:22:38 | 000,001,635 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/29 00:40:55 | 000,100,864 | ---- | C] () -- \kwdoqpob.sys
[2012/05/11 14:36:56 | 000,188,863 | ---- | C] () -- C:\Windows\hpwins22.dat.temp
[2012/05/11 14:36:55 | 000,002,979 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2011/12/13 16:31:03 | 000,150,612 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/06/28 14:44:58 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/04/24 05:05:40 | 000,011,232 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2010/12/31 15:23:44 | 000,077,376 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/05/20 20:31:31 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2008/08/18 07:51:16 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008/08/18 07:51:14 | 000,333,257 | RHS- | C] () -- \bootmgr
[2006/11/02 00:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/01 20:25:08 | 000,000,010 | ---- | C] () -- \config.sys

========== ZeroAccess Check ==========

[2010/09/02 05:36:58 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\LocalLow\Microsoft\Silverlight\is\hlev42yc.2su\qlsx0g2o.bi4\1\l
[2011/09/28 16:44:15 | 000,000,082 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M4HWKZFN\t.cxt.ms\lso.swf\u.sol
[2010/12/18 05:08:58 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\LocalLow\Microsoft\Silverlight\is\44bqpdqj.2s1\gnlzldfr.uft\1\l
[2006/11/02 02:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

#2
godawgs

Posted 13 October 2012 - 08:53 AM

Teacher

Retired Staff
8,228 posts

Hi Cindy,

You are running MSSE for antivirus protection but I see remnants of Norton. Have you ever had it on the system?
Windows Defender is loading at startup. MSSE should have disabled Windows Defenfer when it was installed. We will adress that in due course.

here is the otl log I got. Fortunately I had a newer version on my desktop,

Unfortunately it isn't the most recent version. Please delete the OTL.exe file and the OTL.txt file and Extras.txt file from the desktop. Delete the C:\_OTL folder. Then I want you to download the latest version and get some new scans.

Step-1.

Posted Image

OTL

Download OTL to the Desktop. It is important that it is download to the Desktop. (FireFox users should right click the download link and click "Save File As". On the window that comes up, make sure the download location is the Desktop and click the Save button.)

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image

box in OTL. To do that:

Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
services.*
consrv.dll
wshelper.dll
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c

2. Re-open OTL on the desktop. To do that:

Double click on the OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
You will see a console like the one below:
Check the box beside Scan All Users at the top of the console, DO NOT click the box beside Include 64bit Scans
Make sure the Output box at the top is set to Standard Output.
In the Extra Registry section, click the radio button beside Use SafeList
Check the boxes beside LOP Check and Purity Check.
Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
Click the button. Do not change any settings unless otherwise told to do so.
Let the scan run uninterrupted.
When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized. These files are also saved in the same location as OTL (it should be on your desktop).
Please copy the contents of these files and paste them into your reply. To do that:
On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Repeat with the Exras.txt file.

Step-2.

Run aswMBR

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
If it asks you if you want to download the latest virus definitions, click Yes
Click the "Scan" button to start the scan
On completion of the scan click save log. Save it to your desktop and post in your next reply.

NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.

Step-3.

Things For Your Next Post:
1. The new OTL.txt log
2. The Extras.txt log
3. The aswMBR log

#3
23red

Posted 13 October 2012 - 10:47 AM

Trusted Helper

Topic Starter
Malware Removal
1,797 posts

Thank you Godawgs! I'm about to be late for class :blush:

Norton was on when I purchased it, it was uninstalled thru Programs and Features long time ago.
Your help is MUCH appreciated! Here are the logs:

OTL logfile created on: 10/13/2012 5:55:04 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cindy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: | Country: | Language: | Date Format:

1.87 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 45.74% Memory free
3.98 Gb Paging File | 2.90 Gb Available in Paging File | 72.81% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 50.49 Gb Free Space | 45.77% Space Free | Partition Type: NTFS

Computer Name: CINDY-PC | User Name: Cindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/13 05:25:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cindy\Desktop\OTL.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/27 10:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/10 14:41:08 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/04/10 20:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/02 11:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/05/09 09:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/24 10:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/16 21:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/16 21:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/16 21:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/08 13:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/03/06 08:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2007/12/25 10:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007/12/14 19:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/10/10 08:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 08:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll

========== Services (SafeList) ==========

SRV - [2012/10/09 03:16:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 10:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/07/26 16:00:24 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/07/18 18:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/16 21:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 13:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/15 15:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/02/06 11:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 16:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 15:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 15:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 10:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 13:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\viaagp.sys -- (viaagp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uagp35.sys -- (uagp35)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sisagp.sys -- (sisagp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serial.sys -- (Serial)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serenum.sys -- (Serenum)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\parvdm.sys -- (Parvdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/24 05:05:40 | 000,011,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/28 13:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/18 16:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 14:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/01/20 16:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/14 09:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 12:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 13:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 11:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/08 20:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/08 20:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {D03D7F1E-2667-4FB4-9A19-35292CB10741}
IE - HKLM\..\SearchScopes\{D03D7F1E-2667-4FB4-9A19-35292CB10741}: "URL" = http://www.google.co...ge={startPage};

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 64 B2 9A B0 A9 CB 01 [binary data]
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/10 14:41:52 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: https://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 11:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000..\Run: [toscdspd] TOSCDSPD.EXE File not found
O4 - Startup: C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012/09/13 16:22:29 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Adobe [2012/09/03 20:23:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ament.ini ()
O4 - Startup: C:\Users\All Users\Apple [2010/05/20 17:36:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple Computer [2011/01/02 03:40:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Atheros [2010/03/13 20:59:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Comodo Downloader [2010/07/31 15:46:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favorites [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Google [2012/09/04 02:53:15 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\HitmanPro [2012/07/04 06:07:30 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\HP [2012/10/11 15:16:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\hpzinstall.log ()
O4 - Startup: C:\Users\All Users\Malwarebytes [2010/04/05 03:31:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2012/09/04 02:56:25 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2012/10/10 03:10:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\N360BUOptions.ini ()
O4 - Startup: C:\Users\All Users\NOS [2010/08/18 04:48:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Office Genuine Advantage [2010/07/29 04:11:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PDF reDirect [2011/12/19 16:49:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PopCap Games [2010/03/20 23:57:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Real [2012/05/28 19:07:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Skype [2012/09/13 03:01:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2011/09/11 04:33:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2010/08/12 16:01:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\SUPERAntiSpyware.com [2010/08/06 17:05:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Symantec [2011/05/27 04:10:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\TEMP [2012/09/04 02:49:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2006/11/02 03:02:04 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Toshiba [2010/03/13 21:05:53 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ulead Systems [2008/08/18 08:06:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WEBREG [2010/11/25 21:33:13 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WildTangent [2010/05/20 20:37:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WindowsSearch [2010/08/10 15:35:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/05/20 17:59:55 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010/03/20 19:17:26 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\.minecraft [2011/07/31 00:39:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\AppData [2010/05/08 05:34:03 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Cindy\Application Data [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Contacts [2012/04/04 14:16:04 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Cookies [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Desktop [2012/10/13 05:50:38 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\DoctorWeb [2012/09/14 05:10:47 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\Documents [2012/08/19 19:27:34 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Downloads [2012/10/12 03:44:05 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Favorites [2012/07/21 21:47:47 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Links [2012/03/08 14:40:39 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Local Settings [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Music [2012/01/05 20:17:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\My Documents [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\NetHood [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\New Folder [2012/09/20 19:49:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\NTUSER.DAT ()
O4 - Startup: C:\Users\Cindy\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Cindy\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.0.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.1.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.2.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.blf ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd8-d148-11df-8e5e-001e336bffb4}.TM.blf ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd8-d148-11df-8e5e-001e336bffb4}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd8-d148-11df-8e5e-001e336bffb4}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\ntuser.ini ()
O4 - Startup: C:\Users\Cindy\Pictures [2012/10/12 04:26:00 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\PrintHood [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Recent [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Saved Games [2010/03/25 19:03:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Searches [2011/01/01 01:19:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\SendTo [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Start Menu [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Templates [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Videos [2012/01/12 19:11:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\AppData [2006/11/02 01:18:34 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2006/11/02 03:02:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2008/08/18 08:18:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2006/11/02 00:23:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\AppData [2010/11/13 02:21:02 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Guest\Application Data [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Contacts [2010/11/13 02:20:43 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Cookies [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Desktop [2011/02/15 16:06:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Documents [2012/08/05 20:44:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Downloads [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Favorites [2010/11/27 05:30:00 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Links [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Local Settings [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Music [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\My Documents [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\NetHood [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\NTUSER.DAT ()
O4 - Startup: C:\Users\Guest\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Guest\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Guest\ntuser.ini ()
O4 - Startup: C:\Users\Guest\Pictures [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\PrintHood [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Recent [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Saved Games [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Searches [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\SendTo [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Start Menu [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Templates [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Videos [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Desktop [2012/10/12 03:53:51 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2010/03/15 21:51:23 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2006/11/02 00:23:35 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Pictures [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2010/10/27 02:51:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O7 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{814EBDF1-5B7A-44CF-97E4-3FB8B9056A05}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 11:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3d34665a-4781-11e0-9c87-001e336bffb4}\Shell - "" = AutoRun
O33 - MountPoints2\{3d34665a-4781-11e0-9c87-001e336bffb4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/10/09 17:30:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/09 17:30:21 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/09 17:30:21 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/09/21 14:26:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/21 14:26:53 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/21 14:26:52 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/21 14:26:51 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/21 14:26:50 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012/09/21 14:26:50 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/09/21 14:26:50 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/09/21 14:26:49 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/09/21 14:26:49 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/21 14:26:49 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/21 14:26:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/09/21 14:26:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/09/21 14:26:49 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/09/21 14:26:48 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/21 14:26:48 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/09/21 14:26:48 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/09/21 14:26:48 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/09/21 14:26:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/09/20 19:49:08 | 000,000,000 | ---D | C] -- C:\Users\Cindy\New Folder
[2012/09/14 05:10:47 | 000,000,000 | ---D | C] -- C:\Users\Cindy\DoctorWeb
[2012/09/13 16:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/13 16:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/13 16:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/13 05:17:42 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/13 05:16:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/13 05:16:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/13 05:16:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/12 20:06:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/12 19:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/12 04:11:43 | 000,625,972 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/12 04:11:43 | 000,112,670 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/11 15:11:51 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/10/09 03:16:11 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/09 03:16:11 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/02 03:02:24 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/20 18:21:56 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/19 19:58:01 | 000,357,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/13 16:22:38 | 000,001,635 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/11 15:11:51 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/09/13 16:22:38 | 000,001,635 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/29 00:40:55 | 000,100,864 | ---- | C] () -- \kwdoqpob.sys
[2012/05/11 14:36:56 | 000,188,863 | ---- | C] () -- C:\Windows\hpwins22.dat.temp
[2012/05/11 14:36:55 | 000,002,979 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2011/12/13 16:31:03 | 000,150,612 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/06/28 14:44:58 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/04/24 05:05:40 | 000,011,232 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2010/12/31 15:23:44 | 000,077,376 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/05/20 20:31:31 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2008/08/18 07:51:16 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008/08/18 07:51:14 | 000,333,257 | RHS- | C] () -- \bootmgr
[2006/11/02 00:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/01 20:25:08 | 000,000,010 | ---- | C] () -- \config.sys

========== ZeroAccess Check ==========

[2006/11/02 02:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 07:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 20:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 20:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/13 16:22:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2012/07/04 06:07:30 | 000,000,000 | ---D | M] -- C:\Users\All Users\HitmanPro
[2011/12/19 16:49:14 | 000,000,000 | ---D | M] -- C:\Users\All Users\PDF reDirect
[2010/03/20 23:57:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\PopCap Games
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2012/09/04 02:49:22 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP
[2006/11/02 03:02:04 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2010/03/13 21:05:53 | 000,000,000 | ---D | M] -- C:\Users\All Users\Toshiba
[2008/08/18 08:06:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\Ulead Systems
[2010/05/20 20:37:22 | 000,000,000 | ---D | M] -- C:\Users\All Users\WildTangent
[2010/08/10 15:35:49 | 000,000,000 | ---D | M] -- C:\Users\All Users\WindowsSearch
[2010/05/20 17:59:55 | 000,000,000 | ---D | M] -- C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/20 19:17:26 | 000,000,000 | ---D | M] -- C:\Users\All Users\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/07/31 00:39:48 | 000,000,000 | ---D | M] -- C:\Users\Cindy\.minecraft
[2010/05/08 05:34:03 | 000,000,000 | -H-D | M] -- C:\Users\Cindy\AppData
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Application Data
[2012/04/04 14:16:04 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Contacts
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Cookies
[2012/10/13 05:50:38 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Desktop
[2012/09/14 05:10:47 | 000,000,000 | ---D | M] -- C:\Users\Cindy\DoctorWeb
[2012/08/19 19:27:34 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Documents
[2012/10/12 03:44:05 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Downloads
[2012/07/21 21:47:47 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Favorites
[2012/03/08 14:40:39 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Links
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Local Settings
[2012/01/05 20:17:25 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Music
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\My Documents
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\NetHood
[2012/09/20 19:49:08 | 000,000,000 | ---D | M] -- C:\Users\Cindy\New Folder
[2012/10/12 04:26:00 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Pictures
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\PrintHood
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Recent
[2010/03/25 19:03:46 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Saved Games
[2011/01/01 01:19:13 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Searches
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\SendTo
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Start Menu
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Templates
[2012/01/12 19:11:13 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Videos
[2006/11/02 01:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2006/11/02 03:02:03 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2008/08/18 08:18:03 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2006/11/02 00:23:35 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2010/11/13 02:21:02 | 000,000,000 | -H-D | M] -- C:\Users\Guest\AppData
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Application Data
[2010/11/13 02:20:43 | 000,000,000 | R--D | M] -- C:\Users\Guest\Contacts
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Cookies
[2011/02/15 16:06:20 | 000,000,000 | R--D | M] -- C:\Users\Guest\Desktop
[2012/08/05 20:44:46 | 000,000,000 | R--D | M] -- C:\Users\Guest\Documents
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Downloads
[2010/11/27 05:30:00 | 000,000,000 | R--D | M] -- C:\Users\Guest\Favorites
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Links
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Local Settings
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Music
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\My Documents
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\NetHood
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Pictures
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\PrintHood
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Recent
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Saved Games
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Searches
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\SendTo
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Start Menu
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Templates
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Videos
[2012/10/12 03:53:51 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2010/03/15 21:51:23 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2006/11/02 02:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2006/11/02 00:23:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2006/11/02 02:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2006/11/02 02:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2010/10/27 02:51:49 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2006/11/02 02:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/28 20:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/28 20:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 17:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/10 20:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 20:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 16:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 16:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: QMGR.DLL >
[2008/01/20 16:25:00 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2009/04/10 20:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
[2009/04/10 20:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll

< MD5 for: SERVICES >
[2006/09/18 11:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 11:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.CFG >
[2012/07/27 10:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EX_ >
[2008/04/14 05:42:36 | 000,049,959 | ---- | M] () MD5=EE4885163C0C0729A3C5F1416A6E5F48 -- C:\Users\Cindy\Desktop\Tools and information\xpsp3_5512.080413-2113_usa_x86fre_spcd\i386\services.ex_

< MD5 for: SERVICES.EXE >
[2008/01/20 16:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/10 20:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/10 20:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 02:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 02:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/01/20 16:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 16:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.LOG >
[2012/05/11 15:35:50 | 000,057,754 | ---- | M] () MD5=86F4ADBAFA2FF9F836DC68B871616C58 -- C:\ProgramData\HP\Installer\Temp\services.log
[2012/05/11 15:35:50 | 000,057,754 | ---- | M] () MD5=86F4ADBAFA2FF9F836DC68B871616C58 -- C:\Users\All Users\HP\Installer\Temp\services.log

< MD5 for: SERVICES.MOF >
[2006/09/18 11:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 11:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 11:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 02:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 11:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 02:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 11:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SVCHOST.EXE >
[2008/01/20 16:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 16:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 16:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 16:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/10 20:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 20:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 16:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WSHELPER.DLL >
[2006/11/01 23:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\System32\wshelper.dll
[2006/11/01 23:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"DisplayName" = @%SystemRoot%\system32\qmgr.dll,-1000
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2008/01/20 16:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\qmgr.dll,-1001
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"DelayedAutoStart" = 1
"Type" = 32
"DependOnService" = RpcSsEventSystem [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeCreateGlobalPrivilegeSeImperson [Binary data over 200 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = %SystemRoot%\System32\qmgr.dll -- [2009/04/10 20:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance]
"Library" = bitsperf.dll -- [2006/11/01 23:46:02 | 000,017,920 | ---- | M] (Microsoft Corporation)
"Open" = PerfMon_Open
"Collect" = PerfMon_Collect
"Close" = PerfMon_Close
"InstallType" = 1
"PerfIniFile" = bitsctrs.ini
"First Counter" = 1908
"Last Counter" = 1924
"First Help" = 1909
"Last Help" = 1925
"Object List" = 1908
"PerfMMFileName" = Global\MMF_BITS_s
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = 01 00 14 90 90 00 00 00 A0 00 00 00 14 00 00 00 34 00 00 00 02 00 20 00 01 00 00 00 02 C0 18 00 00 00 0C 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 02 00 5C 00 04 00 00 00 00 02 14 00 FF 01 0F 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 [Binary data over 200 bytes]

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: TOSHIBA MK1246GSX
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1.00GB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 110.00GB
Starting Offset: 1573912576
Hidden sectors: 0

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.0.6002
Copyright © 1999-2007 Microsoft Corporation.
On computer: CINDY-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 C SQ004816V03 NTFS Partition 110 GB Healthy System

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Users\All Users\TEMP:5C321E34
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

OTL Extras logfile created on: 10/13/2012 5:55:04 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cindy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: | Country: | Language: | Date Format:

1.87 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 45.74% Memory free
3.98 Gb Paging File | 2.90 Gb Available in Paging File | 72.81% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 50.49 Gb Free Space | 45.77% Space Free | Partition Type: NTFS

Computer Name: CINDY-PC | User Name: Cindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024864D8-9EDF-43C6-B144-D2A7A11D9A42}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0957B8CC-BD1E-4C02-8A96-DBD11B5DF6D2}" = lport=139 | protocol=6 | dir=in | app=system |
"{208838A3-8460-4580-AB5C-0F021799C9C7}" = rport=445 | protocol=6 | dir=out | app=system |
"{27FDEB3A-5284-4048-8CF6-EE1310D75892}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2A733626-7291-4B5B-91FC-17735696B2CE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{35B03953-554C-4846-96A2-2919DA852E6D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3A616F37-29FA-45D5-BBD0-B31CADE42962}" = rport=139 | protocol=6 | dir=out | app=system |
"{4B1DB43E-BE49-4BB5-9097-50D60ADDD7DA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D1EF7FD-0C17-4F02-AD3B-405F729058E1}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{51018119-318D-45C0-AD1B-6AF928EF2230}" = lport=445 | protocol=6 | dir=in | app=system |
"{551E1B5B-88BA-4133-A6B2-50ACF82C2B28}" = rport=10243 | protocol=6 | dir=out | app=system |
"{591CAAA6-6184-417E-B390-F7F79ADFB709}" = lport=138 | protocol=17 | dir=in | app=system |
"{5F55AD6A-0E83-44CB-AA90-63E2B89F6094}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F6B4DB5-450A-4647-8D06-6396CB067101}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{603A8BD0-4143-44BC-803D-4A9405B04EE8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6CB72BF9-A452-4C40-898C-C73B211A16AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{7D1F31F4-491D-410B-A79A-1FE46C2052C9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{81E1D8CD-3AE2-4DF5-AFF4-0C82BC7D8340}" = rport=138 | protocol=17 | dir=out | app=system |
"{8643C9D3-0E46-4AD5-8251-18B43F70203F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{92DEDBC8-C5E5-4CC3-A308-678C6B9C0DF5}" = lport=137 | protocol=17 | dir=in | app=system |
"{A01BF944-EB34-44A6-8906-2AB4B9DCAE8D}" = lport=54010 | protocol=6 | dir=in | name=samsung allshare slideshow service |
"{AABE8393-2CC8-4AD7-86BC-990B0A639FF0}" = rport=137 | protocol=17 | dir=out | app=system |
"{B9DAC50E-FA64-4B15-81DE-A733E2713DA4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C0779F60-15BB-4B52-9E04-938CC6C953F5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C846A653-4160-4986-AA0E-826CC05EB98A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E15C37CE-82D8-4CE1-B6DA-00B46F4F960A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E33CA958-721F-44F0-BDBF-DC38CAC91E39}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E342FAB8-FC13-4C1A-A9F7-8B63A10D45C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ED0EC886-E17F-4C00-A8BF-3894C9148350}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E678A61-1B63-48B8-93D8-98805F397F23}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{0F5B07A5-6FCE-40DC-A386-CD59196FA0E9}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{13A1D8AF-4967-4CFD-9AAE-AC80F622645E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1A179ADC-795D-4C92-8CD5-FCAF82607811}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{249AF4DF-780F-44EE-A174-A50FCA839DE8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{2622A955-DF8E-4383-B6B5-22F13ECDCE99}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{279BA005-70A8-4F85-BEB6-531CA6D60504}" = protocol=1 | dir=in | [email protected],-28543 |
"{29149483-E719-407C-87D1-ADF2BE1540CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2C5FE000-3847-4529-B6A0-47A4C7B1E622}" = protocol=17 | dir=in | app=c:\windows\temp\7zs2d15\hpdiagnosticcoreui.exe |
"{30226DEA-83A9-46CE-96FE-0C99C6A0F42D}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
"{3FC59BBF-0E34-4D0E-AE38-70DEE7F72AFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3FD2854E-4457-41FE-9ED7-7F97CC05E9A9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4112C661-99A3-4EB8-9B0E-EC4670264DF9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{4D4EF25F-711E-43A4-A151-F8190F544E49}" = dir=in | app=c:\program files\samsung\allshare\allshareagent.exe |
"{52B9B602-8377-4ECD-86EF-50B8F9A60671}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{567D0144-38BA-47A4-AC99-EBD1907FE18E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5A4C89DE-02FA-408B-B89C-7475C608EC7E}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{5C385125-0B57-43C0-BC08-97F8EABB8978}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6CFFDE67-18DE-4E27-8559-D89F46303C98}" = protocol=1 | dir=out | [email protected],-28544 |
"{6F4D0CAA-DB95-4873-B721-44015076EE92}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7AE1CBF8-1762-45BC-9F85-B4E93FF09D7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7AFC3082-24A0-4D00-93EC-8B1A5D984831}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{7B196B37-D22C-4187-BCC3-BB752A083141}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
"{82D894EF-B995-4DE0-8888-7BD33734D3A4}" = dir=in | app=d:\setup\hpznui01.exe |
"{836C3E0B-30F0-410C-B39D-0C2107895D2D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{93B7C916-0144-4125-B964-5CDF9C144B79}" = dir=in | app=c:\program files\samsung\allshare\allsharedms\allsharedms.exe |
"{992B8D05-ECE2-465C-BA71-C9BD8070DC7F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{99672142-FFAD-4B07-8C1A-729FC9CD545E}" = protocol=58 | dir=out | [email protected],-28546 |
"{9DD456BA-2685-40E9-B640-639BED8AD6D0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{A74FCAD5-125C-40B2-B544-E80DD02F22A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AEDD65D0-C0AC-44E0-90EA-D093BA357BE5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{B1338F43-F9CE-4ACD-938B-9087FFFE416D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B5D5DDFC-43BB-4FEE-A38C-DA9CC1A2BC54}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BBD5A3D5-239F-4DFC-981E-CC9005EDBD74}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C0D52D64-9409-45CB-8119-8B95025EF1D6}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C8DF7560-20F2-4C10-AFCC-406E22FB177C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CC4A4B96-24CC-45F0-8E2E-C8B2BACD299D}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{CC6B71EF-1BEF-462B-A9DF-611B4D3F6A91}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CFA8155F-592E-49C0-B6C5-E55AA15985D8}" = dir=in | app=c:\program files\samsung\allshare\allshare.exe |
"{D698795C-B283-4702-BB5C-1BB753864680}" = protocol=6 | dir=out | app=system |
"{DEE4E370-FE06-409A-AE71-9CF77DA6AF12}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5AF2C54-BDC3-4932-AF61-4F9BB74EB4F9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E9AFD4DF-5107-4850-AD47-F29798EA0809}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EC137608-436E-434F-BE8D-6B380FDD855E}" = protocol=58 | dir=in | [email protected],-28545 |
"{F1689418-10F3-42DA-8D54-41FB8959B1E9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1E1B2A6-5D10-4860-84A5-B4B07652559B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F9459D96-6F32-423E-A507-28186354A5BD}" = protocol=6 | dir=in | app=c:\windows\temp\7zs2d15\hpdiagnosticcoreui.exe |
"TCP Query User{0971A184-A58B-4AA5-9924-0C9383DAE1BE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{CAB65313-8F88-4A6B-BA3C-52DF5360F12A}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{471CD80E-02F4-4A43-8196-E2A8EB8B117C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java™ 7
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B52EA8-8A5C-4FF5-A9F2-1A0F3259C3D2}" = TOSHIBA Application Disc Creator
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{99D518AB-77F2-405B-B52A-18FC22394CF8}" = NetZero Internet Access Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2E5F2AA-2996-41EA-BCCD-9FD0476A5326}" = TWC Customer Controls
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EDC842C6-5607-48B9-A0B2-7D8B9BC57333}" = AD_Install
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Belarc Advisor" = Belarc Advisor 8.1
"Blueline_is1" = Blueline 1.1.1
"ERUNT_is1" = ERUNT 1.1j
"Google Desktop" = Google Desktop
"HD Tune_is1" = HD Tune 2.55
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"md5Base_is1" = md5Base version 1.2.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"mIRC" = mIRC
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Picasa 3" = Picasa 3
"RealPlayer 15.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"vGrabber" = vGrabber
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Zuma Deluxe" = Zuma Deluxe

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/13/2012 11:17:12 AM | Computer Name = Cindy-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 10/13/2012 11:17:12 AM | Computer Name = Cindy-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 10/13/2012 11:17:39 AM | Computer Name = Cindy-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/13/2012 11:18:24 AM | Computer Name = Cindy-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 10/13/2012 11:19:26 AM | Computer Name = Cindy-PC | Source = TOSHIBA Service Station | ID = 0
Description = Unable to generate a temporary class (result=1). error CS2001: Source
file 'C:\Windows\TEMP\q65sdqu1.0.cs' could not be found error CS2008: No inputs
specified

Error - 10/13/2012 11:19:26 AM | Computer Name = Cindy-PC | Source = TOSHIBA Service Station | ID = 0
Description = TSS Load: could not communicate with TMachInfo service

Error - 10/13/2012 11:25:41 AM | Computer Name = Cindy-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 10/13/2012 11:25:41 AM | Computer Name = Cindy-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 10/13/2012 11:51:30 AM | Computer Name = Cindy-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 10/13/2012 11:51:31 AM | Computer Name = Cindy-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

[ System Events ]
Error - 10/12/2012 10:51:45 AM | Computer Name = Cindy-PC | Source = DCOM | ID = 10016
Description =

Error - 10/12/2012 10:52:02 AM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/12/2012 10:52:30 AM | Computer Name = Cindy-PC | Source = DCOM | ID = 10010
Description =

Error - 10/12/2012 10:58:52 AM | Computer Name = Cindy-PC | Source = DCOM | ID = 10000
Description =

Error - 10/12/2012 10:59:00 AM | Computer Name = Cindy-PC | Source = DCOM | ID = 10010
Description =

Error - 10/12/2012 11:04:03 AM | Computer Name = Cindy-PC | Source = DCOM | ID = 10010
Description =

Error - 10/12/2012 8:46:55 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/12/2012 9:19:15 PM | Computer Name = Cindy-PC | Source = DCOM | ID = 10010
Description =

Error - 10/13/2012 11:17:39 AM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/13/2012 11:18:16 AM | Computer Name = Cindy-PC | Source = DCOM | ID = 10016
Description =

< End of report >

and last but not least.....

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-13 06:16:54
-----------------------------
06:16:54.180 OS Version: Windows 6.0.6002 Service Pack 2
06:16:54.180 Number of processors: 1 586 0xF0D
06:16:54.182 ComputerName: CINDY-PC UserName: Cindy
06:16:55.614 Initialize success
06:17:51.353 AVAST engine defs: 12101300
06:19:16.900 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
06:19:16.902 Disk 0 Vendor: TOSHIBA_ LB21 Size: 114473MB BusType: 3
06:19:16.992 Disk 0 MBR read successfully
06:19:16.994 Disk 0 MBR scan
06:19:17.002 Disk 0 Windows VISTA default MBR code
06:19:17.009 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
06:19:17.063 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 112971 MB offset 3074048
06:19:17.110 Disk 0 scanning sectors +234439600
06:19:17.238 Disk 0 scanning C:\Windows\system32\drivers
06:19:37.119 Service scanning
06:19:57.460 Service MpKsl5c8ab5ce c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{111C0381-7975-478A-974A-8EDF2B59F4BE}\MpKsl5c8ab5ce.sys **LOCKED** 32
06:20:26.281 Modules scanning
06:20:34.913 Disk 0 trace - called modules:
06:20:35.296 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll tcpip.sys NETIO.SYS
06:20:35.301 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d4aac8]
06:20:35.305 3 CLASSPNP.SYS[87d1a8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8439e028]
06:20:36.150 AVAST engine scan C:\Windows
06:20:41.919 AVAST engine scan C:\Windows\system32
06:26:01.684 AVAST engine scan C:\Windows\system32\drivers
06:26:23.218 AVAST engine scan C:\Users\Cindy
06:27:19.722 Disk 0 MBR has been saved successfully to "C:\Users\Cindy\Desktop\MBR.dat"
06:27:19.753 The log file has been saved successfully to "C:\Users\Cindy\Desktop\aswMBR.txt"

Thank you very much for your time!
It's not lookin' good is it..... :blink:

Cindy

#4
godawgs

Posted 13 October 2012 - 11:00 PM

Teacher

Retired Staff
8,228 posts

Hi Cindy,

Man, did you see the difference in the 04 entries between the two OTL logs?
Did you run any other tools or programs between the first OTL log and the second one?
Have you run any rootkit tools like TDSSKiller or GMMER on the computer?

#5
23red

Posted 14 October 2012 - 12:00 AM

Trusted Helper

Topic Starter
Malware Removal
1,797 posts

Have you run any rootkit tools like TDSSKiller or GMMER on the computer?

Actually I was following along the Gmer Tutorial

The best ....along...

Really?? That killed me? Tdss downloaded, yes...tutorial...PL.....but I didn't run it. That was awhile ago. I'm kind of respectful of the programs. Scared to run them unless necessary. I wasn't told to, so I did not (chicken).
Thank you for your help and time! Please let me know if there's anything else. Running a stick back and forth to do stuff, leaving it off in between.
Aloha, Cindy

#6
23red

Posted 14 October 2012 - 12:06 AM

Trusted Helper

Topic Starter
Malware Removal
1,797 posts

Hi again

It occurs to me also that this I think is the first time I've ever run OTL with all users. It's also wifi, it's not hardwired. The guest acct. just sits there. I rarely go there? Don't know if it helps, but I thought it might be useful info.
Cindy

#7
godawgs

Posted 14 October 2012 - 08:15 AM

Teacher

Retired Staff
8,228 posts

Hi,

Thank you very much for your time!
It's not lookin' good is it.....

You are welcome. Why do you say it isn't looking good?

Why are you running a stick back and forth? Do you not have internet access on this computer? Can you download files with this computer?

Let's run a different custom scan. This time I want you to turn the guest account off. I have changed the settings for OTL so read the directions carefully. This run will produce the OTL.txt file only.

Step-1.

Posted Image

OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image

box in OTL. To do that:

Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
services.*
consrv.dll
wshelper.dll
/md5stop
HKLM\System\MountedDevices
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*

2. Re-open OTL on the desktop. To do that:

Double click on the OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
You will see a console like the one below:
Check the box beside Scan All Users at the top of the console
Do Not click the box beside Include 64bit Scans
Make sure the Output box at the top is set to Standard Output.
Check the boxes beside LOP Check and Purity Check.
Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
Click the button. Do not change any settings unless otherwise told to do so.
Let the scan run uninterrupted.
When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
Please copy the contents of this file and paste it into your reply. To do that:
On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Step-2.
1. The new OTL.txt log

#8
23red

Posted 14 October 2012 - 11:33 PM

Trusted Helper

Topic Starter
Malware Removal
1,797 posts

Hi godawgs

Why do you say it isn't looking good?

It's not from my side, it's so time consuming. I don't see exactly anything worrysome in the log, the only thing I've ever questioned in my log is the random search scope entry. I've found no difinitive answers about it. The Ament.ini file is questionable, that's the only one. It is new. And because of the slowness investigating such things I haven't gone and checked that one out completely as yet. And as I've only just seen that file now in the midst of this, I wouldn't do anything without the second opinion I've asked for, that seems the right way to do it.
I've also never run for all users, so things are showing I have not seen.. For this scan, I did go in user accounts and turn the guest acct. off completely as requested.

Why are you running a stick back and forth? Do you not have internet access on this computer? Can you download files with this computer?

I do have Internet access. Yes, I can download files.
I need to be clearer to the problem: Here, and 'good' sites mentioned earlier, I wait 4 minutes for the page to load, 3 more when I choose log in, 3 more when I get there for the log in screen to let me log in. Once logged in, three or four more for it to settle to read past the end of the screen. When I click the link for this post, another 3 minutes to wait for the post page, Then 3 or 4 more before I can scroll down to answer. See? It's faster if I use the other computer. And, to me as the symptom itself seems not good I want to make sure sure everything's ok.
This only just started happening after installing and then uninstalling the printer, with no issues installing said printer on the other computer. No issues before I installed it. The printer was wirelessly installed on both. The reason I uninstalled it is because when I tried to print a pdf store display plan-a-gram for work, it said I needed to install a printer first. So that's why I uninstalled it. And just printed from the other computer (without incident). Out of frustration during this time I finally gave up and installed, then uninstalled Chrome, thinking wait a minute why isn't ie working right? It should...There's no reason. And went back to trying to figure out why I'm having so much trouble going around in certain sites. PL related searching type sites. So that's why I posted. I cannot figure it out. Should I just try and unininstall and reinstall IE? Haven't done that yet. I posted for help, so I figured it's best to use the help I asked for, not try and guess what might be wrong in the middle of someone graciously putting their time in to help me

Going back to doing PL stuff after this install/uninstall it's click.....wait.......wait....wait. Click...wait....wait...wait. It's pretty much limited to here, bc, any help to investigate a file spot I go to. I can get google fine, I can type any malware unrelated search and go fine. Stick in a line or a file and it's wait.......wait........wait.....wait. Sorry, I'm kind of impatient. It worked fine before! I didn't have to wait. I can wash dishes in between the waiting, and that does not help answering in a timely manner! :wacko:

It's just frustrating. I hope you understand the problem better. OTL following. Guest account is off:

OTL logfile created on: 10/14/2012 4:41:25 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cindy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: | Country: | Language: | Date Format:

1.87 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 56.35% Memory free
3.98 Gb Paging File | 2.99 Gb Available in Paging File | 75.12% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 49.63 Gb Free Space | 44.99% Space Free | Partition Type: NTFS

Computer Name: CINDY-PC | User Name: Cindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/13 05:25:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cindy\Desktop\OTL.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/27 10:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/10 14:41:08 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/04/10 20:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/02 11:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/05/09 09:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/24 10:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/16 21:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/16 21:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/16 21:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/08 13:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/03/06 08:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2007/12/25 10:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007/12/14 19:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/10/10 08:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 08:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll

========== Services (SafeList) ==========

SRV - [2012/10/09 03:16:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 10:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/07/26 16:00:24 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/07/18 18:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/16 21:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 13:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/15 15:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/02/06 11:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 16:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 15:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 15:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 10:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 13:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\viaagp.sys -- (viaagp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uagp35.sys -- (uagp35)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sisagp.sys -- (sisagp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serial.sys -- (Serial)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serenum.sys -- (Serenum)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\parvdm.sys -- (Parvdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/24 05:05:40 | 000,011,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/28 13:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/18 16:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 14:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/01/20 16:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/14 09:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 12:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 13:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 11:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/08 20:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/08 20:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {D03D7F1E-2667-4FB4-9A19-35292CB10741}
IE - HKLM\..\SearchScopes\{D03D7F1E-2667-4FB4-9A19-35292CB10741}: "URL" = http://www.google.co...ge={startPage};

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 64 B2 9A B0 A9 CB 01 [binary data]
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/10 14:41:52 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: https://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 11:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000..\Run: [toscdspd] TOSCDSPD.EXE File not found
O4 - Startup: C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012/09/13 16:22:29 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Adobe [2012/09/03 20:23:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ament.ini ()
O4 - Startup: C:\Users\All Users\Apple [2010/05/20 17:36:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple Computer [2011/01/02 03:40:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Atheros [2010/03/13 20:59:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Comodo Downloader [2010/07/31 15:46:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favorites [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Google [2012/09/04 02:53:15 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\HitmanPro [2012/07/04 06:07:30 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\HP [2012/10/11 15:16:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\hpzinstall.log ()
O4 - Startup: C:\Users\All Users\Malwarebytes [2010/04/05 03:31:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2012/09/04 02:56:25 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2012/10/10 03:10:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\N360BUOptions.ini ()
O4 - Startup: C:\Users\All Users\NOS [2010/08/18 04:48:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Office Genuine Advantage [2010/07/29 04:11:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PDF reDirect [2011/12/19 16:49:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PopCap Games [2010/03/20 23:57:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Real [2012/05/28 19:07:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Skype [2012/09/13 03:01:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2011/09/11 04:33:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2010/08/12 16:01:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\SUPERAntiSpyware.com [2010/08/06 17:05:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Symantec [2011/05/27 04:10:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\TEMP [2012/09/04 02:49:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2006/11/02 03:02:04 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Toshiba [2010/03/13 21:05:53 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ulead Systems [2008/08/18 08:06:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WEBREG [2010/11/25 21:33:13 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WildTangent [2010/05/20 20:37:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WindowsSearch [2010/08/10 15:35:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/05/20 17:59:55 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010/03/20 19:17:26 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\.minecraft [2011/07/31 00:39:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\AppData [2010/05/08 05:34:03 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Cindy\Application Data [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Contacts [2012/04/04 14:16:04 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Cookies [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Desktop [2012/10/14 05:35:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\DoctorWeb [2012/09/14 05:10:47 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\Documents [2012/10/14 15:22:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Downloads [2012/10/12 03:44:05 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Favorites [2012/07/21 21:47:47 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Links [2012/03/08 14:40:39 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Local Settings [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Music [2012/01/05 20:17:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\My Documents [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\NetHood [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\New Folder [2012/09/20 19:49:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\NTUSER.DAT ()
O4 - Startup: C:\Users\Cindy\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Cindy\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.0.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.1.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.2.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.blf ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd8-d148-11df-8e5e-001e336bffb4}.TM.blf ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd8-d148-11df-8e5e-001e336bffb4}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd8-d148-11df-8e5e-001e336bffb4}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\ntuser.ini ()
O4 - Startup: C:\Users\Cindy\Pictures [2012/10/12 04:26:00 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\PrintHood [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Recent [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Saved Games [2010/03/25 19:03:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Searches [2011/01/01 01:19:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\SendTo [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Start Menu [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Templates [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Videos [2012/01/12 19:11:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\AppData [2006/11/02 01:18:34 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2006/11/02 03:02:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2008/08/18 08:18:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2006/11/02 00:23:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\AppData [2010/11/13 02:21:02 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Guest\Application Data [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Contacts [2010/11/13 02:20:43 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Cookies [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Desktop [2011/02/15 16:06:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Documents [2012/08/05 20:44:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Downloads [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Favorites [2010/11/27 05:30:00 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Links [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Local Settings [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Music [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\My Documents [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\NetHood [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\NTUSER.DAT ()
O4 - Startup: C:\Users\Guest\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Guest\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Guest\ntuser.ini ()
O4 - Startup: C:\Users\Guest\Pictures [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\PrintHood [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Recent [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Saved Games [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Searches [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\SendTo [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Start Menu [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Templates [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Videos [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Desktop [2012/10/12 03:53:51 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2010/03/15 21:51:23 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2006/11/02 00:23:35 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Pictures [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2010/10/27 02:51:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O7 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{814EBDF1-5B7A-44CF-97E4-3FB8B9056A05}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 11:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3d34665a-4781-11e0-9c87-001e336bffb4}\Shell - "" = AutoRun
O33 - MountPoints2\{3d34665a-4781-11e0-9c87-001e336bffb4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/09 17:30:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/09 17:30:21 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/09 17:30:21 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/09/21 14:26:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/21 14:26:53 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/21 14:26:52 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/21 14:26:51 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/21 14:26:50 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012/09/21 14:26:50 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/09/21 14:26:50 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/09/21 14:26:49 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/09/21 14:26:49 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/21 14:26:49 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/21 14:26:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/09/21 14:26:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/09/21 14:26:49 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/09/21 14:26:48 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/21 14:26:48 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/09/21 14:26:48 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/09/21 14:26:48 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/09/21 14:26:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/09/20 19:49:08 | 000,000,000 | ---D | C] -- C:\Users\Cindy\New Folder
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/14 16:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/14 16:12:46 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/14 16:12:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/14 15:03:27 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/14 15:03:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/14 15:03:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/12 04:11:43 | 000,625,972 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/12 04:11:43 | 000,112,670 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/11 15:11:51 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/10/09 03:16:11 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/09 03:16:11 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/02 03:02:24 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/20 18:21:56 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/19 19:58:01 | 000,357,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/11 15:11:51 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/05/29 00:40:55 | 000,100,864 | ---- | C] () -- \kwdoqpob.sys
[2012/05/11 14:36:56 | 000,188,863 | ---- | C] () -- C:\Windows\hpwins22.dat.temp
[2012/05/11 14:36:55 | 000,002,979 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2011/12/13 16:31:03 | 000,150,612 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/06/28 14:44:58 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/04/24 05:05:40 | 000,011,232 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2010/12/31 15:23:44 | 000,077,376 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/05/20 20:31:31 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2008/08/18 07:51:16 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008/08/18 07:51:14 | 000,333,257 | RHS- | C] () -- \bootmgr
[2006/11/02 00:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/01 20:25:08 | 000,000,010 | ---- | C] () -- \config.sys

========== ZeroAccess Check ==========

[2006/11/02 02:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 07:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 20:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 20:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/13 16:22:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2012/07/04 06:07:30 | 000,000,000 | ---D | M] -- C:\Users\All Users\HitmanPro
[2011/12/19 16:49:14 | 000,000,000 | ---D | M] -- C:\Users\All Users\PDF reDirect
[2010/03/20 23:57:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\PopCap Games
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2012/09/04 02:49:22 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP
[2006/11/02 03:02:04 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2010/03/13 21:05:53 | 000,000,000 | ---D | M] -- C:\Users\All Users\Toshiba
[2008/08/18 08:06:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\Ulead Systems
[2010/05/20 20:37:22 | 000,000,000 | ---D | M] -- C:\Users\All Users\WildTangent
[2010/08/10 15:35:49 | 000,000,000 | ---D | M] -- C:\Users\All Users\WindowsSearch
[2010/05/20 17:59:55 | 000,000,000 | ---D | M] -- C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/20 19:17:26 | 000,000,000 | ---D | M] -- C:\Users\All Users\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/07/31 00:39:48 | 000,000,000 | ---D | M] -- C:\Users\Cindy\.minecraft
[2010/05/08 05:34:03 | 000,000,000 | -H-D | M] -- C:\Users\Cindy\AppData
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Application Data
[2012/04/04 14:16:04 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Contacts
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Cookies
[2012/10/14 05:35:57 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Desktop
[2012/09/14 05:10:47 | 000,000,000 | ---D | M] -- C:\Users\Cindy\DoctorWeb
[2012/10/14 15:22:49 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Documents
[2012/10/12 03:44:05 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Downloads
[2012/07/21 21:47:47 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Favorites
[2012/03/08 14:40:39 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Links
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Local Settings
[2012/01/05 20:17:25 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Music
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\My Documents
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\NetHood
[2012/09/20 19:49:08 | 000,000,000 | ---D | M] -- C:\Users\Cindy\New Folder
[2012/10/12 04:26:00 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Pictures
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\PrintHood
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Recent
[2010/03/25 19:03:46 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Saved Games
[2011/01/01 01:19:13 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Searches
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\SendTo
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Start Menu
[2010/03/18 17:01:09 | 000,000,000 | -HSD | M] -- C:\Users\Cindy\Templates
[2012/01/12 19:11:13 | 000,000,000 | R--D | M] -- C:\Users\Cindy\Videos
[2006/11/02 01:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2006/11/02 03:02:03 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2008/08/18 08:18:03 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2006/11/02 00:23:35 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2006/11/02 03:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2006/11/02 00:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2010/11/13 02:21:02 | 000,000,000 | -H-D | M] -- C:\Users\Guest\AppData
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Application Data
[2010/11/13 02:20:43 | 000,000,000 | R--D | M] -- C:\Users\Guest\Contacts
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Cookies
[2011/02/15 16:06:20 | 000,000,000 | R--D | M] -- C:\Users\Guest\Desktop
[2012/08/05 20:44:46 | 000,000,000 | R--D | M] -- C:\Users\Guest\Documents
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Downloads
[2010/11/27 05:30:00 | 000,000,000 | R--D | M] -- C:\Users\Guest\Favorites
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Links
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Local Settings
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Music
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\My Documents
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\NetHood
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Pictures
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\PrintHood
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Recent
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Saved Games
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Searches
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\SendTo
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Start Menu
[2010/11/13 02:20:08 | 000,000,000 | -HSD | M] -- C:\Users\Guest\Templates
[2010/11/13 02:21:02 | 000,000,000 | R--D | M] -- C:\Users\Guest\Videos
[2012/10/12 03:53:51 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2010/03/15 21:51:23 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2006/11/02 02:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2006/11/02 00:23:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2006/11/02 02:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2006/11/02 02:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2010/10/27 02:51:49 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2006/11/02 02:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >
[2008/10/28 20:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/28 20:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 17:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/10 20:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 20:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 16:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 16:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: QMGR.DLL >
[2008/01/20 16:25:00 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2009/04/10 20:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
[2009/04/10 20:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll

< MD5 for: SERVICES >
[2006/09/18 11:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 11:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.CFG >
[2012/07/27 10:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EX_ >
[2008/04/14 05:42:36 | 000,049,959 | ---- | M] () MD5=EE4885163C0C0729A3C5F1416A6E5F48 -- C:\Users\Cindy\Desktop\Tools and information\xpsp3_5512.080413-2113_usa_x86fre_spcd\i386\services.ex_

< MD5 for: SERVICES.EXE >
[2008/01/20 16:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/10 20:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/10 20:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 02:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 02:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/01/20 16:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 16:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.LOG >
[2012/05/11 15:35:50 | 000,057,754 | ---- | M] () MD5=86F4ADBAFA2FF9F836DC68B871616C58 -- C:\ProgramData\HP\Installer\Temp\services.log
[2012/05/11 15:35:50 | 000,057,754 | ---- | M] () MD5=86F4ADBAFA2FF9F836DC68B871616C58 -- C:\Users\All Users\HP\Installer\Temp\services.log

< MD5 for: SERVICES.MOF >
[2006/09/18 11:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 11:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 11:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 02:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 11:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 02:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 11:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SVCHOST.EXE >
[2008/01/20 16:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 16:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 16:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 16:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/10 20:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 20:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 16:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WSHELPER.DLL >
[2006/11/01 23:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\System32\wshelper.dll
[2006/11/01 23:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll

< HKLM\System\MountedDevices >
"\??\Volume{8d2adfb5-2f31-11df-81f1-806e6f6e6963}" = F4 3B 84 96 00 00 10 00 00 00 00 00 [binary data]
"\??\Volume{8d2adfb6-2f31-11df-81f1-806e6f6e6963}" = F4 3B 84 96 00 00 D0 5D 00 00 00 00 [binary data]
"\??\Volume{8d2adfb9-2f31-11df-81f1-806e6f6e6963}" = \??\IDE#CdRomTSSTcorp_CDDVDW_TS-L6 [Binary data over 200 bytes]
"\DosDevices\C:" = F4 3B 84 96 00 00 D0 5D 00 00 00 00 [binary data]
"\DosDevices\D:" = \??\IDE#CdRomTSSTcorp_CDDVDW_TS-L6 [Binary data over 200 bytes]
"\??\Volume{76d1ce77-2f37-11df-8ab1-806e6f6e6963}" = \??\IDE#CdRomTSSTcorp_CDDVDW_TS-L6 [Binary data over 200 bytes]
"\??\Volume{a814fd20-3422-11df-bc47-001e336bffb4}" = _??_USBSTOR#Disk&Ven_Apple&Prod_iP [Binary data over 200 bytes]
"\DosDevices\E:" = _??_USBSTOR#Disk&Ven_SanDisk&Prod_ [Binary data over 200 bytes]
"\??\Volume{95500a96-41d8-11df-b550-001e336bffb4}" = _??_USBSTOR#Disk&Ven_Sony&Prod_Son [Binary data over 200 bytes]
"\??\Volume{e0685404-44b9-11df-8581-001e336bffb4}" = _??_USBSTOR#Disk&Ven_&Prod_USB_Fla [Binary data over 200 bytes]
"\??\Volume{e0685423-44b9-11df-8581-001e336bffb4}" = _??_USBSTOR#Disk&Ven_Sony&Prod_Son [Binary data over 200 bytes]
"\??\Volume{af66286c-4c42-11df-b79c-001e336bffb4}" = _??_USBSTOR#Disk&Ven_Sony&Prod_Son [Binary data over 200 bytes]
"\??\Volume{71aaaf91-52c8-11df-b095-001e336bffb4}" = _??_USBSTOR#Disk&Ven_HP&Prod_Offic [Binary data over 200 bytes]
"\??\Volume{679d7f7a-5e41-11df-b7ca-001e336bffb4}" = _??_USBSTOR#Disk&Ven_Generic-&Prod [Binary data over 200 bytes]
"\??\Volume{679d80c3-5e41-11df-b7ca-001e336bffb4}" = _??_USBSTOR#Disk&Ven_USB&Prod_DISK [Binary data over 200 bytes]
"\??\Volume{679d8185-5e41-11df-b7ca-001e336bffb4}" = _??_USBSTOR#Disk&Ven_SanDisk&Prod_ [Binary data over 200 bytes]
"\??\Volume{679d8190-5e41-11df-b7ca-001e336bffb4}" = _??_USBSTOR#Disk&Ven_TOSHIBA&Prod_ [Binary data over 200 bytes]
"\DosDevices\F:" = _??_USBSTOR#Disk&Ven_SanDisk&Prod_ [Binary data over 200 bytes]
"\??\Volume{679d825d-5e41-11df-b7ca-001e336bffb4}" = _??_USBSTOR#Disk&Ven_SanDisk&Prod_ [Binary data over 200 bytes]
"\??\Volume{679d826b-5e41-11df-b7ca-001e336bffb4}" = _??_USBSTOR#Disk&Ven_Apple&Prod_iP [Binary data over 200 bytes]
"\??\Volume{679d82da-5e41-11df-b7ca-001e336bffb4}" = _??_USBSTOR#Disk&Ven_JetFlash&Prod [Binary data over 200 bytes]
"\??\Volume{d5f30b93-9eff-11df-8ee4-001e336bffb4}" = _??_USBSTOR#Disk&Ven_Apple&Prod_iP [Binary data over 200 bytes]
"\??\Volume{909bc36f-c1aa-11df-8199-001e336bffb4}" = _??_USBSTOR#Disk&Ven_Generic&Prod_ [Binary data over 200 bytes]
"\??\Volume{02f4abea-13d7-11e0-929a-001e336bffb4}" = _??_USBSTOR#Disk&Ven_HP&Prod_Offic [Binary data over 200 bytes]
"\??\Volume{3d346657-4781-11e0-9c87-001e336bffb4}" = _??_USBSTOR#Disk&Ven_SanDisk&Prod_ [Binary data over 200 bytes]
"\??\Volume{3d34665a-4781-11e0-9c87-001e336bffb4}" = \??\USBSTOR#CdRom&Ven_SanDisk&Prod [Binary data over 200 bytes]
"\??\Volume{84e15888-5755-11e0-9e20-001e336bffb4}" = _??_USBSTOR#Disk&Ven_Apple&Prod_iP [Binary data over 200 bytes]
"\??\Volume{f9804c10-8fb2-11e0-9f96-001e336bffb4}" = _??_USBSTOR#Disk&Ven_CBM&Prod_Flas [Binary data over 200 bytes]
"\??\Volume{7f1ae182-df4a-11e0-b395-001e336bffb4}" = _??_USBSTOR#Disk&Ven_HTC&Prod_Andr [Binary data over 200 bytes]
"\??\Volume{e122b3cf-fab9-11e0-adcf-001e336bffb4}" = _??_USBSTOR#Disk&Ven_SanDisk&Prod_ [Binary data over 200 bytes]
"\??\Volume{d2350b34-0311-11e1-95c2-001e336bffb4}" = _??_USBSTOR#Disk&Ven_Apple&Prod_iP [Binary data over 200 bytes]
"\??\Volume{8b31ef2a-1ab7-11e1-91ed-001e336bffb4}" = _??_USBSTOR#Disk&Ven_SanDisk&Prod_ [Binary data over 200 bytes]
"\??\Volume{f49e302f-2ee7-11e1-ac89-001e336bffb4}" = _??_USBSTOR#Disk&Ven_Apple&Prod_iP [Binary data over 200 bytes]
"\??\Volume{f49e304e-2ee7-11e1-ac89-001e336bffb4}" = _??_USBSTOR#Disk&Ven_Apple&Prod_iP [Binary data over 200 bytes]
"\??\Volume{d2bce5fd-4955-11e1-af31-001e336bffb4}" = _??_USBSTOR#Disk&Ven_SanDisk&Prod_ [Binary data over 200 bytes]
"\??\Volume{730d9298-8512-11e1-ba50-001e336bffb4}" = _??_USBSTOR#Disk&Ven_SanDisk&Prod_ [Binary data over 200 bytes]
"\??\Volume{6cb1a063-90f6-11e1-984c-001e336bffb4}" = _??_USBSTOR#Disk&Ven_HTC&Prod_Andr [Binary data over 200 bytes]
"\??\Volume{f647e419-d43f-11e1-b272-001e336bffb4}" = _??_USBSTOR#Disk&Ven_Verbatim&Prod [Binary data over 200 bytes]
"\??\Volume{243af17a-d62b-11e1-b223-001e336bffb4}" = _??_USBSTOR#Disk&Ven_SanDisk&Prod_ [Binary data over 200 bytes]
"\??\Volume{97093c80-f8ec-11e1-8416-001e336bffb4}" = _??_USBSTOR#Disk&Ven_CENTON&Prod_D [Binary data over 200 bytes]
"\??\Volume{40a7f8af-ff91-11e1-859d-001e336bffb4}" = _??_USBSTOR#Disk&Ven_SanDisk&Prod_ [Binary data over 200 bytes]

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< >
[2006/11/02 03:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 03:01:49 | 000,032,622 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/07/22 04:36:01 | 000,000,880 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011/07/22 04:36:07 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/04/10 15:37:45 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Users\All Users\TEMP:5C321E34
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Just in case you're going to ask, it's Run 7 because in 6 I made sure the guest acct was logged off, in 7 I went to user accounts and turned it off.
Thank you for your time, sorry for the confusion, if any. I hope I explained better.

#9
godawgs

Posted 15 October 2012 - 11:35 AM

Teacher

Retired Staff
8,228 posts

Hi Cindy,

Why do you say it isn't looking good?

It's not from my side, it's so time consuming.

Yep, that's what hunting and killing malware is all about. :lol:

I do understand the issues better since the clarification. Don't worry, we'll track it down.

I want to get a little more information and then we'll go on a killing spree!

You said the problem started after you installed/uninstalled a printer. Was it a Brother printer? If it wasn't, have you ever had a Brother printer installed?
Do you now or have you had a HP printer installed?

We need to get some information on the Ament.ini file.

Step-1.

Virustotal File Upload:

To use Virustotal go Here
Posted Image

Click the Choose File button in the middle of the screen. This will open a File Upload window.
On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
NOTE.. Only one file per scan
- C:\ProgramData\Ament.ini
.
This will put the file in the box on the Virustotal page.
Click the Scan it! button.
Please be patient while the file is scanned. It may take several minutes.
Once the scan results appear, please provide them in your next reply, or copy and paste the Virustotal link(s) (URL) in your next reply.

NOTE: If you have problems getting to the VirusTotal site or you have the problem of it taking forever to get to the file to upload, you can put the file on the USB stick and insert it into the other computer and then have VirusTotal look for the file there. Just be sure to delete the file from the USB stick afterwards.

Step-2.

Scan with DDS:

Please download DDS and save it to your Desktop from here.

Alternate downloads are here or here.

Disable any script blocker, and then double click on DDS to run the tool.
When done, DDS will open two logs:
DDS.txt <-- Will be opened
Attach.txt <-- Will be minimized
Save both reports to your desktop.
Please post the contents of these two Notepad files in your next reply.

Step-3.

Things For Your Next Post:
1. Answer my questions above.
2. The VirusTotal results or a link to the results.
3. The DDS.txt log
4. The Attach.txt log

#10
23red

Posted 15 October 2012 - 11:03 PM

Trusted Helper

Topic Starter
Malware Removal
1,797 posts

Hi godawgs

Yep, that's what hunting and killing malware is all about. I do understand the issues better since the clarification. Don't worry, we'll track it down.
I want to get a little more information and then we'll go on a killing spree!

I sure hope I can get back to normal. That'd be awesome! I'm so ready! Four minutes per click kind of sucks

You said the problem started after you installed/uninstalled a printer. Was it a Brother printer? If it wasn't, have you ever had a Brother printer installed?
Do you now or have you had a HP printer installed?

No Brother printer ever..uninstalled old hp...it died. Replaced it with a new one.

We need to get some information on the Ament.ini file.

Done

Analysis completed.
SHA256: 91c9479764fde275c9dfea47259f74c12a2f40ac09e490ed7211febe66693d11
SHA1: d5a14bac2aa248b20a1e3475efa7067b0017dc50
MD5: cf75c9559c9de46cfa1e4c9e893d46c7
File size: 57 bytes ( 57 bytes )
File name: Ament.ini
File type: Text
Detection ratio: 0 / 43
Analysis date: 2012-10-16 00:14:48 UTC ( 1 minute ago )

00Less detailsAnalysis
Comments
Votes
Additional information

Antivirus Result Update
Agnitum - 20121014
AhnLab-V3 - 20121015
AntiVir - 20121015
Antiy-AVL - 20121014
Avast - 20121015
AVG - 20121015
BitDefender - 20121015
ByteHero - 20121015
CAT-QuickHeal - 20121015
ClamAV - 20121015
Commtouch - 20121015
Comodo - 20121015
DrWeb - 20121015
eSafe - 20121014
ESET-NOD32 - 20121015
F-Prot - 20121015
F-Secure - 20121003
Fortinet - 20121015
GData - 20121015
Ikarus - 20121016
Jiangmin - 20121015
K7AntiVirus - 20121015
Kaspersky - 20121016
Kingsoft - 20121008
McAfee - 20121016
McAfee-GW-Edition - 20121016
Microsoft - 20121016
MicroWorld-eScan - 20121015
Norman - 20121015
nProtect - 20121015
Panda - 20121015
PCTools - 20121015
Rising - 20121012
Sophos - 20121016
SUPERAntiSpyware - 20121016
Symantec - 20121016
TheHacker - 20121015
TotalDefense - 20121015
TrendMicro - 20121016
TrendMicro-HouseCall - 20121016
VBA32 - 20121015
VIPRE - 20121015
ViRobot - 20121015

oh well....Next:

DDS (Ver_2012-10-14.05) - NTFS_x86
Internet Explorer: 8.0.6001.19328
Run by Cindy at 18:07:39 on 2012-10-15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1915.940 [GMT -10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HPService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [toscdspd] TOSCDSPD.EXE
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\cindy\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{814EBDF1-5B7A-44CF-97E4-3FB8B9056A05} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2010-3-13 20384]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-16 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-20 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-5 676936]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 99272]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-18 7168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-5 22856]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2011-4-14 54136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-22 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-10 250808]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-22 136176]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-20 21504]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2011-4-24 11232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-21 30192]
S4 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2010-3-13 954368]
S4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
.
=============== File Associations ===============
.
FileExt: .reg: regfile=regedit.exe "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2012-10-15 01:15:45 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2dd2fbc5-fa64-422f-bce9-c87f65a52b1b}\mpengine.dll
2012-10-13 15:32:37 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-10-10 03:30:43 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 03:30:42 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 03:30:41 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 03:30:34 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 03:30:29 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 03:30:21 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 03:30:21 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-05 12:48:16 740784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{14c4b932-7bf9-4f3e-b6f7-4e80a4b0028f}\gapaengine.dll
2012-09-21 05:49:08 -------- d-----w- c:\users\cindy\New Folder
.
==================== Find3M ====================
.
2012-10-09 13:16:11 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 13:16:11 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-08 03:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 08:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-31 08:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-25 11:50:39 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-25 11:44:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-25 11:44:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-25 11:44:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-08-25 11:44:13 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-08-25 10:11:12 385024 ----a-w- c:\windows\system32\html.iec
2012-08-25 08:31:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-25 08:29:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-21 23:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 23:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
.
============= FINISH: 18:08:49.24 ===============

and

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-14.05)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/13/2010 8:24:47 PM
System Uptime: 10/15/2012 1:44:12 PM (5 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Genuine Intel® CPU 575 @ 2.00GHz | CPU | 1995/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 110 GiB total, 53.91 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Plus B210 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart Plus B210 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro 8600
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Officejet Pro 8600
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
==== System Restore Points ===================
.
RP1274: 10/12/2012 4:33:22 PM - Scheduled Checkpoint
RP1275: 10/13/2012 5:29:36 AM - Windows Update
RP1276: 10/14/2012 6:59:25 PM - Scheduled Checkpoint
RP1277: 10/15/2012 3:42:06 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
7-Zip 9.20
AD_Install
Adobe AIR
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Amazon Links
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
Belarc Advisor 8.1
Blueline 1.1.1
Bonjour
CD/DVD Drive Acoustic Silencer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DVD MovieFactory for TOSHIBA
ERUNT 1.1j
Google Desktop
Google Earth Plug-in
Google Update Helper
HD Tune 2.55
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HPDiagnosticAlert
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java™ 7
Magical Jelly Bean KeyFinder
Malwarebytes Anti-Malware version 1.65.0.1400
md5Base version 1.2.2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
mIRC
MSVCSetup
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetZero Internet Access Installer
OGA Notifier 2.0.0048.0
Picasa 3
QuickBooks Financial Center
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Skype™ 5.10
Synaptics Pointing Device Driver
TOSHIBA Application Disc Creator
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TWC Customer Controls
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974631)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Ventrilo Client
vGrabber
VoiceOver Kit
Windows Media Encoder 9 Series
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
10/8/2012 4:05:57 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1260.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80072efd Error description: A connection with the server could not be established
10/15/2012 1:45:57 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/15/2012 1:45:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL
10/14/2012 4:12:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.
10/14/2012 3:03:04 PM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
10/12/2012 4:58:52 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {73C9DFA0-750D-11E1-B0C4-0800200C9A66}. The error: "5" Happened while starting this command: C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -Embedding
10/10/2012 3:02:56 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
10/10/2012 3:02:56 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/10/2012 3:01:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================

Thank you for your help trying to figure this out. I super really appreciate it!
Cindy

#11
godawgs

Posted 16 October 2012 - 02:12 PM

Teacher

Retired Staff
8,228 posts

Hi,

There are a few problems here. The first one is that your user profile appears to be crosslinked to the other profiles on the system. That's probably why the 04 entries in the OTL log added all of the user profiles in the startup entries. So something happened between the first log you posted on the 12th, and the next log on the 13th to cause those 04 entries in the log.

This is also from the OTL log:

Error - 10/13/2012 11:51:30 AM | Computer Name = Cindy-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

It appears that something happened on the 13th that caused a problem loading a registy file.

Also, I still think that the MountedDevices key in the registry has been corrupted.
I am consulting with a colleague on these issues, but in the meantime:

1. What make and model is this Toshiba computer?
2. Do you have the Windows installation or recovery CD/DVD?
3. Does the computer have the factory recovery partition?
To check for the factory recovery partition:

Reboot to the Advanced Boot Options

Restart your computer and as soon as it starts booting up again continuously tap the F8 key.
An Advanced Boot Options screen will come up..
NOTE: If you miss the Boot menu, continue to let the machine boot up. Then restart the machine and start tapping the F8 key.
Very Important: Never restart the computer while it is booting up. Bad things, including the computer not being able to load Windows, can occur!
Check and see if one of the Menu Options is Repair My Computer, but Do Not select it.
Select the option to boot Windows normally and the computer will boot into Normal Mode.

In your next reply tell me if the Repair My Computer option was on the Advanced Boot Options menu.

I want you to create a new System Restore point and then we're gonna revert the system back to this point 10/12/2012 4:33:22 PM - Scheduled Checkpoint

Step-1.

For Vista and Windows 7:

Click the Start Orb. Click Control Panel. Click System and Maintenance
Click System
In the left column under Tasks, click Advance System Settings and accept the warning if you get one
Click the System Protection Tab
In the Available Disks box put a ckeck mark in the box next to OS (?:) (System). Your drive letter will be shown in place of the ?

Note: It may take some time for the system to populate the Available Disks box, so be patient.
Click the Create button at the bottom
Type in a name fo the restore point, i.e: Before Rollback
Click Create
A small System Protection window will come up telling you a Restore Point is being created.
Another System Protection window will come up telling you the Restore Point has been created, click OK
Click OK again.
Close the Control Panel

Step-2.

Restore to an Earlier Date

Click the Start Orb. In the Start Search box type restore and press the Enter key. The System Restore window will open.
Click the radio button beside Choose a different restore point, you will see a list of restore points that you can choose from.

Click on this Restore Point:
- 10/12/2012 4:33:22 PM - Scheduled Checkpoint
You will have to confirm and then restart your computer to roll the system back.
The computer will restart and finish the restore process.

NOTE: If the restore option fails or you receive an error while restoring, Do Not retry it, just let me know what happened and if there was an error what it was.

If the Restore succceeded:

Step-3.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on:

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Uncheck the box beside Remove Found Threats
Make sure that the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.

When The Scan is Complete:

If No Threats Were Found:
- Put a checkmark in "Uninstall application on close"
- Close the program
- Report to me that nothing was found
If Threats Were Found:
- Click on "list of threats found"
- Click on "export to text file" and save it to the desktop as ESET SCAN.txt
- Click on Back
- Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
- Click on Finish
- Close the program
- Copy and paste the report here

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Step-4.

Posted Image

OTL Custom Scan

Read the instructions carefully as I have changed the settings!

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image

box in OTL. To do that:

Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

HKLM\System\MountedDevices
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c

2. Re-open OTL on the desktop. To do that:

Double click on the OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
You will see a console like the one below:
Check the box beside Scan All Users at the top of the console. Do Not click the box bexide Use 64bit Scans
Make sure the Output box at the top is set to Standard Output.
Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
Click the button. Do not change any settings unless otherwise told to do so.
Let the scan run uninterrupted.
When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
Please copy the contents of this file and paste it into your reply. To do that:
On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Step-5.

Things For Your Next Post:
1. Answer my questions above.
2. Let me know what happened with the System Restore
3. The ESET log (IF the system restore worked)
4. The new OTL.txt (IF the system restore worked)

#12
23red

Posted 17 October 2012 - 11:01 AM

Trusted Helper

Topic Starter
Malware Removal
1,797 posts

Hello there Godawgs

Ok....answers:

..............So something happened between the first log you posted on the 12th, and the next log on the 13th to cause those 04 entries in the log.

This is also from the OTL log:Error - 10/13/2012 11:51:30 AM | Computer Name = Cindy-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.
It appears that something happened on the 13th that caused a problem loading a registy file.

Yep. And I figured out what happened in between. A Windows Update on the 13th. I should let you know too that on more than one occasion, I've had to reinstall updates. On 3 different occasions updates screwed up the computer. One was an IE update. Forget the others exactly, they were awhile back. It's kind of a thing with this computer. I just uninstalled, reinstalled and it was ok. That actually didn't happen this time, but maybe this other problem did. That actually occured to me yesterday that maybe the update caused the issue somehow. I was going to ask if I should maybe uninstall them (there are 4 I think on the 13th.) and then reinstall. Or atleast uninstall and check.
I had actually noticed the classes registry entry in error log, it kinda made me go look see if it was actually there and it was. I believe there are probably previous entries of this than that date.

Also, I still think that the MountedDevices key in the registry has been corrupted.
I am consulting with a colleague on these issues, but in the meantime:

1. What make and model is this Toshiba computer?

It's a Toshiba Sattellite L305-S5901

2. Do you have the Windows installation or recovery CD/DVD?

Actually, no. I'm pretty sure this is the first computer I got that came with none.

3. Does the computer have the factory recovery partition?

When I went to the Advanced Boot Options screen (which I've never Vista checked out 'til now, thank you) I did see the Repair My Computer option. It said repair your computer...View a list of recovery tools you can use....

System restore went fine, but just out of curiousty....does that overwrite or rather undo those updates? I'm update paranoid. And now that I think about it I really wonder about that. There's no change. Still s u p e r s l o w. Eset was clean, nothing found.
Also. Something else cool I noticed. When you had me run the Eset scan, you said run IE as administrator which I did, and the trip to Eset was fffp fast. Normal! So now that I'm done hunting for my info for my pl I figured out running ie as administrator lets me move as a learner should move whippin' thru the halls. Yes, yes :yes:

. Another clue. Running IE as administrator it works normally. Thanks for that

It does help. Wish I figured THAT out a couple few days ago!

Here's the OTL :

OTL logfile created on: 10/16/2012 5:46:42 PM - Run 4
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Cindy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: | Country: | Language: | Date Format:

1.87 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 45.85% Memory free
3.98 Gb Paging File | 2.92 Gb Available in Paging File | 73.44% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 50.59 Gb Free Space | 45.86% Space Free | Partition Type: NTFS

Computer Name: CINDY-PC | User Name: Cindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/22 03:16:51 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Cindy\Desktop\OTL.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/27 10:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/10 14:41:08 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/04/10 20:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/02 11:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/05/09 09:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/24 10:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/16 21:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/16 21:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/16 21:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/08 13:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/03/06 08:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2007/12/25 10:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007/12/14 19:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/10/10 08:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 08:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll

========== Services (SafeList) ==========

SRV - [2012/10/09 03:16:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 10:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/07/26 16:00:24 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/07/18 18:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/16 21:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 13:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/15 15:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/02/06 11:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 16:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 15:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 15:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 10:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 13:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\viaagp.sys -- (viaagp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uagp35.sys -- (uagp35)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sisagp.sys -- (sisagp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serial.sys -- (Serial)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serenum.sys -- (Serenum)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\parvdm.sys -- (Parvdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - [2012/10/12 15:20:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/24 05:05:40 | 000,011,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/28 13:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/18 16:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 14:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/01/20 16:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/14 09:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 12:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 13:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 11:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/08 20:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/08 20:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {D03D7F1E-2667-4FB4-9A19-35292CB10741}
IE - HKLM\..\SearchScopes\{D03D7F1E-2667-4FB4-9A19-35292CB10741}: "URL" = http://www.google.co...ge={startPage};

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 64 B2 9A B0 A9 CB 01 [binary data]
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/10 14:41:52 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: https://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 11:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000..\Run: [toscdspd] TOSCDSPD.EXE File not found
O4 - Startup: C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012/09/13 16:22:29 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Adobe [2012/09/03 20:23:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ament.ini ()
O4 - Startup: C:\Users\All Users\Apple [2010/05/20 17:36:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple Computer [2011/01/02 03:40:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Atheros [2010/03/13 20:59:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Comodo Downloader [2010/07/31 15:46:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favorites [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Google [2012/09/04 02:53:15 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\HitmanPro [2012/07/04 06:07:30 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\HP [2012/10/11 15:16:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\hpzinstall.log ()
O4 - Startup: C:\Users\All Users\Malwarebytes [2010/04/05 03:31:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2012/09/04 02:56:25 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2012/10/10 03:10:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\N360BUOptions.ini ()
O4 - Startup: C:\Users\All Users\NOS [2010/08/18 04:48:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Office Genuine Advantage [2010/07/29 04:11:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PDF reDirect [2011/12/19 16:49:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PopCap Games [2010/03/20 23:57:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Real [2012/05/28 19:07:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Skype [2012/09/13 03:01:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2011/09/11 04:33:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2010/08/12 16:01:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\SUPERAntiSpyware.com [2010/08/06 17:05:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Symantec [2011/05/27 04:10:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\TEMP [2012/09/04 02:49:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2006/11/02 03:02:04 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Toshiba [2010/03/13 21:05:53 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ulead Systems [2008/08/18 08:06:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WEBREG [2010/11/25 21:33:13 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WildTangent [2010/05/20 20:37:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WindowsSearch [2010/08/10 15:35:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/05/20 17:59:55 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010/03/20 19:17:26 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\.minecraft [2011/07/31 00:39:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\AppData [2010/05/08 05:34:03 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Cindy\Application Data [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Contacts [2012/04/04 14:16:04 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Cookies [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Desktop [2012/10/16 17:46:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\DoctorWeb [2012/09/14 05:10:47 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\Documents [2012/10/14 15:22:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Downloads [2012/10/12 03:44:05 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Favorites [2012/07/21 21:47:47 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Links [2012/03/08 14:40:39 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Local Settings [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Music [2012/01/05 20:17:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\My Documents [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\NetHood [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\New Folder [2012/09/20 19:49:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Cindy\ntuser.dat ()
O4 - Startup: C:\Users\Cindy\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Cindy\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.0.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.1.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.2.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd7-d148-11df-8e5e-001e336bffb4}.TxR.blf ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd8-d148-11df-8e5e-001e336bffb4}.TM.blf ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd8-d148-11df-8e5e-001e336bffb4}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\NTUSER.DAT{bb6a7bd8-d148-11df-8e5e-001e336bffb4}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Cindy\ntuser.ini ()
O4 - Startup: C:\Users\Cindy\Pictures [2012/10/16 15:30:09 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\PrintHood [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Recent [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Saved Games [2010/03/25 19:03:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\Searches [2011/01/01 01:19:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Cindy\SendTo [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Start Menu [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Templates [2010/03/18 17:01:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Cindy\Videos [2012/01/12 19:11:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\AppData [2006/11/02 01:18:34 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2006/11/02 03:02:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2008/08/18 08:18:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2006/11/02 00:23:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2006/11/02 03:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2006/11/02 00:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\AppData [2010/11/13 02:21:02 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Guest\Application Data [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Contacts [2010/11/13 02:20:43 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Cookies [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Desktop [2011/02/15 16:06:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Documents [2012/08/05 20:44:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Downloads [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Favorites [2010/11/27 05:30:00 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Links [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Local Settings [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Music [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\My Documents [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\NetHood [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\ntuser.dat ()
O4 - Startup: C:\Users\Guest\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Guest\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Guest\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Guest\ntuser.ini ()
O4 - Startup: C:\Users\Guest\Pictures [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\PrintHood [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Recent [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Saved Games [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\Searches [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Guest\SendTo [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Start Menu [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Templates [2010/11/13 02:20:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Guest\Videos [2010/11/13 02:21:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Desktop [2012/10/12 03:53:51 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2010/03/15 21:51:23 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2006/11/02 00:23:35 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Pictures [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2010/10/27 02:51:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2006/11/02 02:50:50 | 000,000,000 | R--D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O7 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1904047010-3443834183-2145573803-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{814EBDF1-5B7A-44CF-97E4-3FB8B9056A05}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 11:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3d34665a-4781-11e0-9c87-001e336bffb4}\Shell - "" = AutoRun
O33 - MountPoints2\{3d34665a-4781-11e0-9c87-001e336bffb4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/16 15:31:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/10/12 15:20:14 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/10/09 17:30:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/09 17:30:21 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/09 17:30:21 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/09/21 14:26:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/21 14:26:53 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/21 14:26:52 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/21 14:26:51 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/21 14:26:50 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012/09/21 14:26:50 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/09/21 14:26:50 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/09/21 14:26:49 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/09/21 14:26:49 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/21 14:26:49 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/21 14:26:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/09/21 14:26:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/09/21 14:26:49 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/09/21 14:26:48 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/21 14:26:48 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/09/21 14:26:48 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/09/21 14:26:48 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/09/21 14:26:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/09/20 19:49:08 | 000,000,000 | ---D | C] -- C:\Users\Cindy\New Folder
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/16 17:16:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/16 17:08:29 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/16 17:08:29 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/16 17:06:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/16 15:09:13 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/16 15:08:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/12 15:20:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/10/12 04:11:43 | 000,625,972 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/12 04:11:43 | 000,112,670 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/11 15:11:51 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/10/09 03:16:11 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/09 03:16:11 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/02 03:02:24 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/20 18:21:56 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/19 19:58:01 | 000,357,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/11 15:11:51 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/05/29 00:40:55 | 000,100,864 | ---- | C] () -- \kwdoqpob.sys
[2012/05/11 14:36:56 | 000,188,863 | ---- | C] () -- C:\Windows\hpwins22.dat.temp
[2012/05/11 14:36:55 | 000,002,979 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2011/12/13 16:31:03 | 000,150,612 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/06/28 14:44:58 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/04/24 05:05:40 | 000,011,232 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2010/12/31 15:23:44 | 000,077,376 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/05/20 20:31:31 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2008/08/18 07:51:16 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008/08/18 07:51:14 | 000,333,257 | RHS- | C] () -- \bootmgr
[2006/11/02 00:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/01 20:25:08 | 000,000,010 | ---- | C] () -- \config.sys

========== ZeroAccess Check ==========

[2010/09/02 05:36:58 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\LocalLow\Microsoft\Silverlight\is\hlev42yc.2su\qlsx0g2o.bi4\1\l
[2011/09/28 16:44:15 | 000,000,082 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M4HWKZFN\t.cxt.ms\lso.swf\u.sol
[2010/12/18 05:08:58 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\LocalLow\Microsoft\Silverlight\is\44bqpdqj.2s1\gnlzldfr.uft\1\l
[2006/11/02 02:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== Custom Scans ==========

< HKLM\System\MountedDevices >
"\??\Volume{8d2adfb5-2f31-11df-81f1-806e6f6e6963}" = F4 3B 84 96 00 00 10 00 00 00 00 00 [binary data]
"\??\Volume{8d2adfb6-2f31-11df-81f1-806e6f6e6963}" = F4 3B 84 96 00 00 D0 5D 00 00 00 00 [binary data]
"\??\Volume{8d2adfb9-2f31-11df-81f1-806e6f6e6963}" = \??\IDE#CdRomTSSTcorp_CDDVDW_TS-L6 [Binary data over 200 bytes]
"\DosDevices\C:" = F4 3B 84 96 00 00 D0 5D 00 00 00 00 [binary data]
"\DosDevices\D:" = \??\IDE#CdRomTSSTcorp_CDDVDW_TS-L6 [Binary data over 200 bytes]
"\??\Volume{76d1ce77-2f37-11df-8ab1-806e6f6e6963}" = \??\IDE#CdRomTSSTcorp_CDDVDW_TS-L6 [Binary data over 200 bytes]
"\??\Volume{a814fd20-3422-11df-bc47-001e336bffb4}" = _??_USBSTOR#Disk&Ven_Apple&Prod_iP [Binary data over 200 bytes]
"\DosDevices\E:" = _??_USBSTOR#Disk&Ven_SanDisk&Prod_ [Binary data over 200 bytes]
"\??\Volume{95500a96-41d8-11df-b550-001e336bffb4}" = _??_USBSTOR#Disk&Ven_Sony&Prod_Son [Binary data over 200 bytes]
"\??\Volume{e0685404-44b9-11df-8581-001e336bffb4}" = _??_USBSTOR#Disk&Ven_&Prod_USB_Fla [Binary data over 200 bytes]
"\??\Volume{e0685423-44b9-11df-8581-001e336bffb4}" = _??_USBSTOR#Disk&Ven_Sony&Prod_Son [Binary data over 200 bytes]
"\??\Volume{af66286c-4c42-11df-b79c-001e336bffb4}" = _??_USBSTOR#Disk&Ven_Sony&Prod_Son [Binary data over 200 bytes]
"\??\Volume{71aaaf91-52c8-11df-b095-001e336bffb4}" = _??_USBSTOR#Disk&Ven_HP&Prod_Offic [Binary data over 200 bytes]
"\??\Volume{679d7f7a-5e41-11df-b7ca-001e336bffb4}" = _??_USBSTOR#Disk&Ven_Generic-&Prod [Binary data over 200 bytes]
"\??\Volume{679d80c3-5e41-11df-b7ca-001e336bffb4}" = _??_USBSTOR#Disk&Ven_USB&Prod_DISK [Binary data over 200 bytes]
"\??\Volume{679d8185-5e41-11df-b7ca-001e336bffb4}" = _??_USBSTOR#Disk&Ven_SanDisk&Prod_ [Binary data over 200 bytes]
"\??\Volume{679d8190-5e41-11df-b7ca-001e336bffb4}" = _??_USBSTOR#Disk&Ven_TOSHIBA&Prod_ [Binary data over 200 bytes]
"\DosDevices\F:" = _??_USBSTOR#Disk&Ven_SanDisk&Prod_ [Binary data over 200 bytes]
"\??\Volume{679d825d-5e41-11df-b7ca-001e336bffb4}" = _??_USBSTOR#Disk&Ven_SanDisk&Prod_ [Binary data over 200 bytes]
"\??\Volume{679d826b-5e41-11df-b7ca-001e336bffb4}" = _??_USBSTOR#Disk&Ven_Apple&Prod_iP [Binary data over 200 bytes]
"\??\Volume{679d82da-5e41-11df-b7ca-001e336bffb4}" = _??_USBSTOR#Disk&Ven_JetFlash&Prod [Binary data over 200 bytes]
"\??\Volume{d5f30b93-9eff-11df-8ee4-001e336bffb4}" = _??_USBSTOR#Disk&Ven_Apple&Prod_iP [Binary data over 200 bytes]
"\??\Volume{909bc36f-c1aa-11df-8199-001e336bffb4}" = _??_USBSTOR#Disk&Ven_Generic&Prod_ [Binary data over 200 bytes]
"\??\Volume{02f4abea-13d7-11e0-929a-001e336bffb4}" = _??_USBSTOR#Disk&Ven_HP&Prod_Offic [Binary data over 200 bytes]
"\??\Volume{3d346657-4781-11e0-9c87-001e336bffb4}" = _??_USBSTOR#Disk&Ven_SanDisk&Prod_ [Binary data over 200 bytes]
"\??\Volume{3d34665a-4781-11e0-9c87-001e336bffb4}" = \??\USBSTOR#CdRom&Ven_SanDisk&Prod [Binary data over 200 bytes]
"\??\Volume{84e15888-5755-11e0-9e20-001e336bffb4}" = _??_USBSTOR#Disk&Ven_Apple&Prod_iP [Binary data over 200 bytes]
"\??\Volume{f9804c10-8fb2-11e0-9f96-001e336bffb4}" = _??_USBSTOR#Disk&Ven_CBM&Prod_Flas [Binary data over 200 bytes]
"\??\Volume{7f1ae182-df4a-11e0-b395-001e336bffb4}" = _??_USBSTOR#Disk&Ven_HTC&Prod_Andr [Binary data over 200 bytes]
"\??\Volume{e122b3cf-fab9-11e0-adcf-001e336bffb4}" = _??_USBSTOR#Disk&Ven_SanDisk&Prod_ [Binary data over 200 bytes]
"\??\Volume{d2350b34-0311-11e1-95c2-001e336bffb4}" = _??_USBSTOR#Disk&Ven_Apple&Prod_iP [Binary data over 200 bytes]
"\??\Volume{8b31ef2a-1ab7-11e1-91ed-001e336bffb4}" = _??_USBSTOR#Disk&Ven_SanDisk&Prod_ [Binary data over 200 bytes]
"\??\Volume{f49e302f-2ee7-11e1-ac89-001e336bffb4}" = _??_USBSTOR#Disk&Ven_Apple&Prod_iP [Binary data over 200 bytes]
"\??\Volume{f49e304e-2ee7-11e1-ac89-001e336bffb4}" = _??_USBSTOR#Disk&Ven_Apple&Prod_iP [Binary data over 200 bytes]
"\??\Volume{d2bce5fd-4955-11e1-af31-001e336bffb4}" = _??_USBSTOR#Disk&Ven_SanDisk&Prod_ [Binary data over 200 bytes]
"\??\Volume{730d9298-8512-11e1-ba50-001e336bffb4}" = _??_USBSTOR#Disk&Ven_SanDisk&Prod_ [Binary data over 200 bytes]
"\??\Volume{6cb1a063-90f6-11e1-984c-001e336bffb4}" = _??_USBSTOR#Disk&Ven_HTC&Prod_Andr [Binary data over 200 bytes]
"\??\Volume{f647e419-d43f-11e1-b272-001e336bffb4}" = _??_USBSTOR#Disk&Ven_Verbatim&Prod [Binary data over 200 bytes]
"\??\Volume{243af17a-d62b-11e1-b223-001e336bffb4}" = _??_USBSTOR#Disk&Ven_SanDisk&Prod_ [Binary data over 200 bytes]
"\??\Volume{97093c80-f8ec-11e1-8416-001e336bffb4}" = _??_USBSTOR#Disk&Ven_CENTON&Prod_D [Binary data over 200 bytes]
"\??\Volume{40a7f8af-ff91-11e1-859d-001e336bffb4}" = _??_USBSTOR#Disk&Ven_SanDisk&Prod_ [Binary data over 200 bytes]

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: TOSHIBA MK1246GSX
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1.00GB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 110.00GB
Starting Offset: 1573912576
Hidden sectors: 0

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.0.6002
Copyright © 1999-2007 Microsoft Corporation.
On computer: CINDY-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 C SQ004816V03 NTFS Partition 110 GB Healthy System

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Thank you very much for helping me..oh yeah and as for mounted devices. I have atleast 7 sticks and an ipod mini that go or have gone on here with no incident? Don't know if that's helpful, but that looks like what might be visible. Not exactly positive but I'm about to try and see if there's a number like that on them!
Let me know what I should do next, please.
Thanks again, and have an excellent day

Cindy

#13
godawgs

Posted 18 October 2012 - 11:23 AM

Teacher

Retired Staff
8,228 posts

Hey Cindy,

When I went to the Advanced Boot Options screen (which I've never Vista checked out 'til now, thank you) I did see the Repair My Computer option. It said repair your computer...View a list of recovery tools you can use....

Good, we may need to use it.

System restore went fine, but just out of curiousty....does that overwrite or rather undo those updates?

It should revert the computer back to the day before the updated was installed. You can check this by looking at the installed updates on the computer and this one should not be there. It should also be re-offered on the Microsoft update site....but there's no point in installing it again till we get the problem sorted out.

Eset was clean, nothing found.

Thanks for the info.

Also. Something else cool I noticed. When you had me run the Eset scan, you said run IE as administrator which I did, and the trip to Eset was fffp fast. Normal! So now that I'm done hunting for my info for my pl I figured out running ie as administrator lets me move as a learner should move whippin' thru the halls. Yes, yes . Another clue. Running IE as administrator it works normally. Thanks for that It does help. Wish I figured THAT out a couple few days ago!

Never had that happen. Running IE with Admin Privileges should just give IE the privileges to run the ESET online scanner.

It may be running faster because the whatever changes that were made to the system after the 12th have been removed. Try running IE in normal mode and see if the slowness comes back.

We are gonna check the integrity of the systems files and do some in depth maintenance of the hard drive and see if that solves the problem.

Step-1.

Run System File Checker

The System File Checker scans all protected system files and can replace incorrect versions with correct Microsoft versions. This process will take some time.

Open an elevated command prompt. To do that:

Click the Start Orb and in the Search box type cmd.exe.
In the list of files that comes up above the Search box find the cmd.exe file, right click it and click Run as Administrator
Click Continue on the UAC window.
A command window will open like the image below:
At the Command Prompt C:\Windows\System32> type in the following exactly:
- CD C:\
Press the Enter key.
Back at the blinking cursor type or Copy and Paste the following and press the Enter key:
- sfc /scannow
(notice the space between the c and the /...it needs to be there)

Scans the integrity of all protected system files and repairs the system files if needed. (See screenshot above)
NOTE: Restores Vista's original setup of system files. (EX: Fonts, wallpapers, System32 files, etc.)
When the process has finished, write down the results of the scan so you can post them in your next reply.
Type exit and press the ENTER key to close the command window.

Step-2.

Hard-Drive Maintenance/Repair:

Click on Start(Vista Orb).
Click on All Programs, click the Accessories folder.
In the Accessories folder right click on Command Prompt and select Run as Administrator.
Click on Continue at the UAC prompt.
At the Command Prompt C:\Windows\System32> type in the following exactly:
- CD C:\
Press the Enter key.
Back at the Command Prompt, type or Copy/Paste the following exactly:
- DEFRAG C: -F
Press the Enter key.
A Analysis report will be displayed and then Windows will start the Defragmentation run automatically.
This may take some time, when completed the Command Prompt C:\ > will appear.
Now type in CHKDSK C: /R and hit the Enter key.
When prompted with:

CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)

Hit the Y key then at the Command Prompt C:\ >
Type in EXIT and and hit the Enter key. This will close the Command window.
Now Reboot(Restart) your computer.

Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Posted Image

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.

Step-3.

Run an OTL QuickScan

Open OTL Vista/t Users: Right click the OTL icon and click Run as Administrator to run the program.
Click the button. Post the log it produces in your next reply.

Step-4.

Things For Your Next Post:
1. Let me know if SCF found and file integrity errors or not
2. Let me know if chkdsk found any errors and fixed them or not.
3. The new OTL.txt log

#14
23red

Posted 19 October 2012 - 09:50 AM

Trusted Helper

Topic Starter
Malware Removal
1,797 posts

Hello godawgs

I hope all is well

System restore went fine, but just out of curiousty....does that overwrite or rather undo those updates?
It should revert the computer back to the day before the updated was installed. You can check this by looking at the installed updates on the computer and this one should not be there. It should also be re-offered on the Microsoft update site....but there's no point in installing it again till we get the problem sorted out.

Yep. I don't see 'em. They're gone.

Running IE as administrator it works normally.
Never had that happen.

That's kinda spooky. I was surprised as well, but I can get the job done alot easier and faster knowing that.

Try running IE in normal mode and see if the slowness comes back.

I did. Many times. Still very s l o w .

Wow, you actually made me write... :lol:

However, the result does not look good :

C:\Windows\system32>CD C:\
C:\>sfc /scannow

Beginning system scan. This process will take some time.
Beginning verification pase of system scan.
Vericification 100% complete.
Windows Resource Protection found corrupt files but was unable to fix some of them.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
C:\Windows\Logs\CBS\CBS.log

C:\>

And to add insult to injury, it wouldn't let me in. It said 'Access Denied'. That was sad :huh:

Just sad.

So I'm guessing this means it found integrity errors.
Defrag was fine. Chkdsk found no errors, fixed no errors. I actually just did those the other way recently with no problems as well. I've never run sfc scannow before on this.

OTL log :

OTL logfile created on: 10/19/2012 5:22:16 AM - Run 5
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Cindy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: | Country: | Language: | Date Format:

1.87 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 48.89% Memory free
3.98 Gb Paging File | 2.95 Gb Available in Paging File | 74.09% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 49.85 Gb Free Space | 45.19% Space Free | Partition Type: NTFS

Computer Name: CINDY-PC | User Name: Cindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/22 03:16:51 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Cindy\Desktop\OTL.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/27 10:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/10 14:41:08 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/04/10 20:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/02 11:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/05/09 09:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/24 10:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/16 21:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/16 21:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/16 21:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/08 13:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/03/06 08:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2007/12/25 10:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007/12/14 19:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/10/10 08:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 08:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll

========== Services (SafeList) ==========

SRV - [2012/10/09 03:16:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 10:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/07/26 16:00:24 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/07/18 18:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/16 21:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 13:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/15 15:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/02/06 11:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 16:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 15:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 15:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 10:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 13:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\viaagp.sys -- (viaagp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uagp35.sys -- (uagp35)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sisagp.sys -- (sisagp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serial.sys -- (Serial)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serenum.sys -- (Serenum)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\parvdm.sys -- (Parvdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - [2012/10/12 15:20:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/24 05:05:40 | 000,011,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/28 13:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/18 16:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 14:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/01/20 16:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/14 09:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 12:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 13:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 11:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/08 20:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/08 20:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {D03D7F1E-2667-4FB4-9A19-35292CB10741}
IE - HKLM\..\SearchScopes\{D03D7F1E-2667-4FB4-9A19-35292CB10741}: "URL" = http://www.google.co...ge={startPage};

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 64 B2 9A B0 A9 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/10 14:41:52 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: https://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = \Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 11:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [toscdspd] TOSCDSPD.EXE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{814EBDF1-5B7A-44CF-97E4-3FB8B9056A05}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 11:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3d34665a-4781-11e0-9c87-001e336bffb4}\Shell - "" = AutoRun
O33 - MountPoints2\{3d34665a-4781-11e0-9c87-001e336bffb4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/12 15:20:14 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/09/20 19:49:08 | 000,000,000 | ---D | C] -- C:\Users\Cindy\New Folder
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/19 05:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/19 05:06:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/19 04:55:00 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/19 04:54:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/19 04:54:08 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/19 04:52:38 | 000,357,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/10/19 04:52:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/12 15:20:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/10/12 04:11:43 | 000,625,972 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/12 04:11:43 | 000,112,670 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/11 15:11:51 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/10/02 03:02:24 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/20 18:21:56 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/11 15:11:51 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/05/29 00:40:55 | 000,100,864 | ---- | C] () -- \kwdoqpob.sys
[2012/05/11 14:36:56 | 000,188,863 | ---- | C] () -- C:\Windows\hpwins22.dat.temp
[2012/05/11 14:36:55 | 000,002,979 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2011/12/13 16:31:03 | 000,150,612 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/06/28 14:44:58 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/04/24 05:05:40 | 000,011,232 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2010/12/31 15:23:44 | 000,077,376 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/05/20 20:31:31 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2008/08/18 07:51:16 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008/08/18 07:51:14 | 000,333,257 | RHS- | C] () -- \bootmgr
[2006/11/02 00:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/01 20:25:08 | 000,000,010 | ---- | C] () -- \config.sys

========== ZeroAccess Check ==========

[2010/09/02 05:36:58 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\LocalLow\Microsoft\Silverlight\is\hlev42yc.2su\qlsx0g2o.bi4\1\l
[2011/09/28 16:44:15 | 000,000,082 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M4HWKZFN\t.cxt.ms\lso.swf\u.sol
[2010/12/18 05:08:58 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\LocalLow\Microsoft\Silverlight\is\44bqpdqj.2s1\gnlzldfr.uft\1\l
[2006/11/02 02:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== LOP Check ==========

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

I need to advise you I don't use firefox. It's always been there but I don't use it. Chrome, like I said before I downloaded it for maybe 2 minutes, :lol:

and uninstalled it.
That's what I got for ya. Sorry for the headache. Thank you for your help.

#15
godawgs

Posted 19 October 2012 - 09:03 PM

Teacher

Retired Staff
8,228 posts

Hi Cindy,

OK, the 04 entries from all users are gone in the last Quick Scan. I want to see if they are gone in a scan for all users and get a look at another Extras.txt log. I want to make sure all remnants of Norton are gone. And we can remove the Chrome folders.

Step-1.

Download and run the Norton Removal Tool

Download the Norton Removal Tool here and save the file to the Windows desktop.

On the Windows desktop, double-click the Norton Removal Tool icon.
Follow the on-screen instructions.
Restart the computer.

NOTE: Your computer may be restarted more than once

Let's back up the registry and remove the Chrome rubbish left on the system

Step-2.

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. If you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Posted Image

Backing Up Your Registry with ERUNT
Removing modern malware infections often requires making changes to the registry, and a corrupt registry can prevent a system from booting. ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed. Compatible with Windows NT, 2000, 2003, XP, Vista, Windows 7, 32 & 64-bit versions.

1. Download ERUNT
2. Double-click erunt_setup.exe to run.

Vista and Windows 7 users will need to right click the erunt_setup.exe file and click Run as Admimistrstor. If prompted by Windows UAC, allow it.

3. Follow the prompts and install using the default configuration:
a. Select your preferred Setup language.
Posted Image

b. At the Setup screen click Next.
Posted Image

c. Accept the default destination folder by clicking Next.
Posted Image

d. Accept the default Start Menu Folder by clicking Next.
Posted Image

e. On the Select Additional Tasks Window, click Create ERUNT desktop icon only. Do Not check the Create NTREGOPT desktop icon. Then click Next.
Posted Image

f. Ready to Install. The Create NTREGOPT desktop icon will not be on the list. Click the Install button.
Posted Image

g. Say No to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later.
Posted Image

h. Setup has completed. Tick the check boxes to Show documentation, or Launch ERUNT. Click Finish.
Posted Image

4. Click OK to start ERUNT
Posted Image

5. Choose a location for the backup

The default location C:\WINDOWS\ERDNT\[today's date] is preferred

6. The first two check boxes are ticked by default (System registry and Current user registry).
7. Press OK
Posted Image

8. When prompted, click YES to create a new folder.
Posted Image

9. Progress bars will show backup status.
Posted Image

10. A confirmation window will pop up when complete.
Posted Image

11. Click Ok to close.
There is a Readme.txt file in the C:/Program Files/ERUNT folder that explains the program.

Step-3

Completely Remove Chrome

Download the attached remove.reg file to the desktop.[attachment=61124:remove.reg]

Make sure extensions are displayed for your files. Here's how:
- Click the Start Orb and click Control Panel.
- Highlight Tools on the Menu Bar and click Folder Options.
- Click View.
- Make sure the "Hide extensions for known file types" checkbox is Unchecked.
Right-click the remove.reg file and click Merge
OK any conformation boxes you get. This will merge the contents of the .reg file into the registry.
Click the Start Orb and click Run. A Run window will open.
In the Open box type %LOCALAPPDATA%\Google and click OK
Delete the Chrome folder in the directory that opens. If you don't have any other Google products you can also delete the Google folder.

Step-4.

Posted Image

OTL Scan

Please re-open OTL

Double click the on your desktop. Vista /7 users right click and click Run as Administrator. Make sure all other windows are closed .
You will see a console like the one below:
At the top of the console click the box beside Scan All Users button<---Important
Do Not click the Include 64bit Scans box.
Make sure the Output box at the top is set to Standard Output.
In the Extra Registry section click the radio button beside Use Safelist.<---Important
Click the box beside LOP Check and Purity Check
Click the button. Do not change any settings unless otherwise told to do so.
Let the scan run uninterrupted.
When the scan completes, it will open two notepad windows, OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy the contents of these files, one at a time, and paste them into your reply. To do that:
On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
Right-click inside the forum post window then click Paste. This will paste the contents of the .txt file in the in the post window.

Step-5.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
Doubleclick the FSS.exe file to run it. (Vista and 7 users may need to right click the file and click Run as Administrator)

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Step-6.

Things For Your Next Post:
1. Let me know if you had any problems running the Norton Removal Tool and the remove.reg file.
2. The new OTL.txt log
3. The new Extras.txt log
4. The FSS.txt log